EUVD-2026-1414

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to an invalid enum value. This issue has been patched in version 2.3.1.2...

EUVD-2021-14246

Malware in sbrugna...

CVE-2021-27494

Datakit Software libraries CatiaV53dRead, CatiaV63dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing STP files. This could result in a stack-based buffer overflow. An attacker could leverage this...

编号撤回

ROS2 Humble Hawksbill is an open source set of software libraries and tools for ROS2. It can help build robotics applications. This CVE number has been withdrawn...

GPU kernel implementations susceptible to memory leak

Overview General-purpose graphics processing unit GPGPU platforms from AMD, Apple, and Qualcomm fail to adequately isolate process memory, thereby enabling a local attacker to read memory from other processes. An attacker with access to GPU capabilities using a vulnerable GPU's programmable...

CVE-2021-27494

Datakit Software libraries CatiaV53dRead, CatiaV63dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing STP files. This could result in a stack-based buffer overflow. An attacker could leverage this...

CVE-2021-27492

When opening a specially crafted 3DXML file, the application containing Datakit Software libraries CatiaV53dRead, CatiaV63dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior could disclose arbitrary files to remote attackers. This is because of the passing of...

CVE-2021-27496

CVE-2021-27496 affects Datakit CrossCADWare libraries embedded in Luxion KeyShot (v10.1 and earlier). Modules CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, and Jt3dReadPsr fail to validate data when parsing PRT files, causing untrusted pointer dereference and potential code execution i...

CVE-2021-27494

CVE-2021-27494 affects Datakit CrossCADWare libraries (CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr) bundled in Luxion KeyShot (Versions 10.1 and earlier). The vulnerability is an out-of-bounds stack/write caused by inadequate validation when parsing STP files, which can a...

Defending the power grid against supply chain attacks—Part 1: The risk defined

Most people don’t think about electricity. If the internet works, their food is refrigerated, and their debit card is approved, why should they? Its ubiquity and reliability render it invisible—a bit of magic that powers much of modern life. That is, until a large storm passes through. Localized...

Moxa VPort ActiveX SDK Plus Stack Buffer Overflow Vulnerability

Moxa's VPort SDK PLUS, including CGI command, ActiveX control and API libraries, allows third-party developers to easily integrate customized monitoring applications. Moxa VPort ActiveX SDK Plus suffers from a stack buffer overflow vulnerability. A remote attacker can exploit the vulnerability by...

Developing and Sharing Tools for Professional Hackers

Professional hackers or security testers tend to write a lot of code. We write exploit code, fuzzers, code to handle esoteric protocols and data structures, unpackers, disassemblers, reversers, parsers, and so much more. We write this code because often what we’re doing is so specific that is...