81 matches found
CVE-2022-42371
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
Siemens Parasolid 缓冲区错误漏洞
An out-of-bounds write vulnerability exists in Siemens Parasolid, a geometric modeling kernel from Siemens, Germany, due to an out-of-bounds write beyond the end of the allocation structure contained in a specially crafted XB file parsed by the affected application. The vulnerability allows an...
OS Command Injection
apacheairflowprovidersapachepig is vulnerable to os command injection. The vulnerability in due to the application allowing an attacker to control commands executed in the task execution context, allowing an attacker to inject and execute arbitrary OS commands...
OS Command Injection in Apache Airflow
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airfl...
Command injection
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airfl...
Attacker can steal all the wrapped tokens, ether or native currency contained in the ReceiverImplementation contract
Lines of code Vulnerability details Impact since all the functions in the ReceiverImplemention are all designed to be called by DepositBase and AxelarDepositService, why not create a simple modifer to check if msg.sender equals either of the two when a delegatecall or call occurs, like so modifie...
Special top object can be used to access Struts' internals
ValueStack defines special top object which represents root of execution context. It can be used to manipulate Struts' internals or can be used to affect container's settings. Applying better regex which includes pattern to exclude request parameters trying to use top object. This issue was patch...
_execute can potentially reorder a batch of commands while executing, breaking any assumptions on command orders.
Lines of code Vulnerability details Impact Since this is important, we quote it again instead of referring to our other bug report on a different, yet related bug. The context within which a command is executed is extremely important. AxelarGatewayMultisig.execute takes a signed batch of commands...
Adobe Acrobat Reader缓冲区错误漏洞
Acrobat Reader DC is an excellent PDF file reader developed by Adobe. Adobe Acrobat Reader DC has a buffer overflow vulnerability, which can be exploited by attackers to execute arbitrary code in the context of the current user...
Stack overflow
A vulnerability has been identified in JT Utilities All versions V13.1.1.0, JTTK All versions V11.1.1.0. JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the...
Default credentials
A vulnerability has been identified in Simcenter STAR-CCM+ Viewer All versions 2021.3.1. The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write past the end of an allocated structure. An attacker could...
Open Design Alliance Drawings SDK Out-of-Bounds Writing Vulnerability (CNVD-2022-01426)
Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The package provides access to data in .dwg and .dgn through a convenient, object-oriented API, C API, support for repair files, support for . The vulnerability can be...
The vulnerability of Autodesk Navisworks software lies in the ability to write code beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code in the context of the current user.
The vulnerability of Autodesk Navisworks software lies in the writing of data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code in the context of the current user, using a specially created DWG file...
CVE-2021-27390
A vulnerability has been identified in JT2Go All versions V13.1.0.3, Teamcenter Visualization All versions V13.1.0.3. The TIFFloader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds write past the end...
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015 are related to the use of a null pointer pointer, which allows attackers to execute arbitrary code.
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015 are related to the use of a null pointer. Exploiting these vulnerabilities can allow an attacker...
CVE-2020-24890
libraw 20.0 has a null pointer dereference vulnerability in parsetiffifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way...
Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...
Adobe Premiere Pro MOV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Premiere Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2019-16935
A reflected cross-site scripting XSS vulnerability was found in Python XML-RPC server. The servertitle field is not sufficiently sanitized allowing malicious JavaScript to be injected. Successful exploitation would allow a remote attacker to execute JavaScript code within the context of the...
Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CNVD-2019-42802)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A scripting engine memory corruption vulnerability exists in Microsoft Edge based on EdgeHTML. The vulnerability stems from a problem in the way the scripting engine handles objects in...