38 matches found
Astra Linux - уязвимость в mariadb-10.3
MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected MariaDB installations. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...
wolfSSL 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. wolfSSL has security vulnerabilities; these vulnerabilities stem from the lack of checks for hash digest size and OID. This could lead...
CVE-2025-15062
CVE-2025-15062 : A use-after-free vulnerability in Trimble SketchUp SKP file parsing allows remote code execution. The flaw occurs during SKP file parsing when code operates on an object without verifying its existence, enabling an attacker to run code in the process with the user’s privileges. E...
FontForge 资源管理错误漏洞
FontForge is an open source font editing tool from fontforge that supports multiple languages. A resource management error vulnerability exists in FontForge that stems from not verifying the existence of an object when parsing an SFD file, which could lead to post-release reuse and remote code...
CVE-2025-39799
...
CVE-2021-34891
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...
PT-2024-39786 · Trimble · Trimble Sketchup Viewer
Name of the Vulnerable Software and Affected Versions: Trimble SketchUp Viewer affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this, where the...
Prototype Pollution
@blackprint/engine is vulnerable to Prototype Pollution. The vulnerability is due to missing object type checks in the DeepProperty function in engine.min.js, which allows an attacker to execute arbitrary code...
CVE-2024-4976
Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference...
CVE-2024-4976
Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference...
CVE-2024-4976 Out-of-bounds array write in Xpdf 4.05 due to missing object type check
Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference...
CVE-2023-50196
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target mus...
CVE-2023-40487
Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vulnerability in that the target must visit a...
CVE-2024-30362
Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a...
CVE-2022-37387
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2022-24061
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
CVE-2021-46587
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
Foxit PDF Reader 资源管理错误漏洞
Foxit PDF Reader is a PDF reader from Foxit, a Chinese company. Foxit PDF Reader is vulnerable due to a lack of verification of the existence of an object before performing operations on it, which can be exploited to execute code in the context of the current process...
Foxit PDF Reader 资源管理错误漏洞
Foxit PDF Reader is a PDF reader from Foxit China.A security vulnerability exists in Foxit PDF Reader, which stems from the lack of verification of the existence of an object before performing operations on it, and can be exploited by attackers to execute code in the context of the current proces...
Bentley Systems MicroStation 资源管理错误漏洞
Bentley MicroStation CONNECT is a Cad software platform for 2D and 3D design and drafting from Bentley Systems, Inc. A remote code execution vulnerability exists in Bentley MicroStation CONNECT 10.16.0.80 when parsing PDF files, which stems from failure to verify the existence of an object before...