Lucene search
K

984 matches found

Cvelist
Cvelist
added 2024/11/22 8:49 p.m.17 views

CVE-2024-11525 IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability

IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...

7.8CVSS0.00423EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/21 12:0 a.m.4 views

PT-2024-17055 · Irfanview · Irfanview

Name of the Vulnerable Software and Affected Versions: IrfanView affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this issue, where the target must visit a...

7.8CVSS7.2AI score0.00423EPSS
Exploits0References5
Zero Day Initiative
Zero Day Initiative
added 2024/11/21 12:0 a.m.14 views

IrfanView DJVU File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DJVU file...

7.8CVSS6.8AI score0.0044EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2024/11/19 12:0 a.m.6 views

Siemens Tecnomatix Plant Simulation WRL File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

7.8CVSS6.8AI score0.00192EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.5 views

PT-2024-39790 · Trimble · Trimble Sketchup Viewer

Name of the Vulnerable Software and Affected Versions: Trimble SketchUp Viewer affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this issue, where...

7.8CVSS7.2AI score0.00324EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.7 views

PT-2024-39789 · Trimble · Trimble Sketchup Viewer

Name of the Vulnerable Software and Affected Versions: Trimble SketchUp Viewer affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this issue, where...

7.8CVSS7.2AI score0.00324EPSS
Exploits0References5
Snyk
Snyk
added 2024/11/06 9:41 p.m.3 views

Protection Mechanism Failure

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Protection Mechanism Failure in a sandbox due to improper object validation in the ensureToStringAllowed function. An attacker can invoke the toString method on an...

2.2CVSS7AI score0.0044EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2024/10/11 12:0 a.m.7 views

Tungsten Automation Power PDF PDF File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.9AI score0.00316EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/10/11 12:0 a.m.11 views

Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

7.8CVSS6.9AI score0.00302EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/11 12:0 a.m.4 views

PT-2024-39780 · Trimble · Trimble Sketchup Viewer

Name of the Vulnerable Software and Affected Versions: Trimble SketchUp Viewer affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. It requires user interaction, such as visiting a malicious page or opening a maliciou...

7.8CVSS7.5AI score0.00302EPSS
Exploits0References3
NVD
NVD
added 2024/09/28 7:15 a.m.17 views

CVE-2024-23923

Alpine Halo9 prhl2sardataind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists...

8.8CVSS0.0075EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/09/17 12:0 a.m.10 views

PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS6.9AI score0.00316EPSS
Exploits0References1
Veracode
Veracode
added 2024/08/30 8:37 a.m.13 views

Prototype Pollution

chartist is vulnerable to Prototype Pollution. The vulnerability is due to lack of validation in the extend function to prevent arguments from modifying the object prototype in Chartist, allows an attacker to inject malicious object properties using the proto property, which recursively affects a...

9.8CVSS6.7AI score0.00627EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2024/08/21 4:15 p.m.16 views

CVE-2024-7724

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...

8.8CVSS0.00734EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/05 12:0 a.m.3 views

PT-2024-38398 · Trimble · Trimble Sketchup

Name of the Vulnerable Software and Affected Versions: Trimble SketchUp affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this issue, where the target mus...

7.8CVSS7.2AI score0.00472EPSS
Exploits0References5
Zero Day Initiative
Zero Day Initiative
added 2024/06/21 12:0 a.m.13 views

(Pwn2Own) Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prhl2sardataind function. The issue results from the lack of validati...

8.8CVSS7.5AI score0.0075EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2024/06/20 12:0 a.m.35 views

Linux Kernel TIPC Message Reassembly Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with TIPC bearer enabled are vulnerable. The specific flaw exists within the processing of fragmented TIPC...

9CVSS7.3AI score0.01305EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2024/06/13 12:0 a.m.14 views

Autodesk AutoCAD MODEL File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS7.7AI score0.00436EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/06/12 12:0 a.m.19 views

Microsoft Windows Menu DC Pen Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull...

8.8CVSS7.7AI score0.01269EPSS
Exploits0References1
CVE
CVE
added 2024/06/06 5:47 p.m.60 views

CVE-2024-30375

Summary (CVE-2024-30375): Luxion KeyShot Viewer is affected by a use-after-free in KSP file parsing that can lead to remote code execution. The vulnerability stems from not validating the existence of an object before performing operations, allowing an attacker to execute code in the context of t...

7.8CVSS8AI score0.00467EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder