984 matches found
CVE-2024-11525 IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability
IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...
PT-2024-17055 · Irfanview · Irfanview
Name of the Vulnerable Software and Affected Versions: IrfanView affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this issue, where the target must visit a...
IrfanView DJVU File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DJVU file...
Siemens Tecnomatix Plant Simulation WRL File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...
PT-2024-39790 · Trimble · Trimble Sketchup Viewer
Name of the Vulnerable Software and Affected Versions: Trimble SketchUp Viewer affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this issue, where...
PT-2024-39789 · Trimble · Trimble Sketchup Viewer
Name of the Vulnerable Software and Affected Versions: Trimble SketchUp Viewer affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this issue, where...
Protection Mechanism Failure
Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Protection Mechanism Failure in a sandbox due to improper object validation in the ensureToStringAllowed function. An attacker can invoke the toString method on an...
Tungsten Automation Power PDF PDF File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...
PT-2024-39780 · Trimble · Trimble Sketchup Viewer
Name of the Vulnerable Software and Affected Versions: Trimble SketchUp Viewer affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. It requires user interaction, such as visiting a malicious page or opening a maliciou...
CVE-2024-23923
Alpine Halo9 prhl2sardataind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists...
PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
Prototype Pollution
chartist is vulnerable to Prototype Pollution. The vulnerability is due to lack of validation in the extend function to prevent arguments from modifying the object prototype in Chartist, allows an attacker to inject malicious object properties using the proto property, which recursively affects a...
CVE-2024-7724
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...
PT-2024-38398 · Trimble · Trimble Sketchup
Name of the Vulnerable Software and Affected Versions: Trimble SketchUp affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this issue, where the target mus...
(Pwn2Own) Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prhl2sardataind function. The issue results from the lack of validati...
Linux Kernel TIPC Message Reassembly Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with TIPC bearer enabled are vulnerable. The specific flaw exists within the processing of fragmented TIPC...
Autodesk AutoCAD MODEL File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
Microsoft Windows Menu DC Pen Use-After-Free Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull...
CVE-2024-30375
Summary (CVE-2024-30375): Luxion KeyShot Viewer is affected by a use-after-free in KSP file parsing that can lead to remote code execution. The vulnerability stems from not validating the existence of an object before performing operations, allowing an attacker to execute code in the context of t...