Lucene search
K

139 matches found

CVE
CVE
added 2022/02/18 7:46 p.m.121 views

CVE-2021-46645

CVE-2021-46645 affects Bentley MicroStation CONNECT 10.16.0.80. The vulnerability resides in BMP image parsing, where crafted BMP data can trigger a write past the end of an allocated buffer, allowing remote code execution in the context of the current process. User interaction is required (targe...

7.8CVSS7.8AI score0.01955EPSS
CVE
CVE
added 2022/02/18 7:44 p.m.117 views

CVE-2021-46564

CVE-2021-46564 affects Bentley MicroStation CONNECT 10.16.0.80. The flaw is in JT file parsing, where crafted data can trigger a write past the end of an allocated buffer, enabling remote code execution in the context of the current process. Exploitation requires user interaction (visiting a mali...

7.8CVSS7.8AI score0.01888EPSS
CVE
CVE
added 2022/02/18 7:44 p.m.116 views

CVE-2021-46563

CVE-2021-46563 concerns Bentley MicroStation CONNECT (10.16.0.80) and stems from the JT file parser. Crafted JT data can trigger a read past the end of an allocated buffer, enabling remote code execution in the process context. Attack requires user interaction (visiting a malicious page or openin...

7.8CVSS7.8AI score0.01888EPSS
CVE
CVE
added 2022/02/18 7:46 p.m.116 views

CVE-2021-46641

Bentley View 10.15.0.75 is affected by a DGN file parsing vulnerability. Crafted DNG data can trigger a read past the end of an allocated buffer, enabling remote code execution in the current process. User interaction is required (visiting a malicious page or opening a malicious file). No specifi...

7.8CVSS7.8AI score0.01955EPSS
CVE
CVE
added 2022/02/18 7:46 p.m.115 views

CVE-2021-46648

Bentley MicroStation CONNECT 10.16.0.80 is affected by a heap-based buffer overflow in DGN file parsing due to improper validation of the length of user-supplied data. This allows remote code execution in the context of the current process, with exploitation requiring user interaction (target mus...

7.8CVSS7.8AI score0.01955EPSS
CVE
CVE
added 2022/02/18 7:44 p.m.113 views

CVE-2021-46575

CVE-2021-46575 affects Bentley MicroStation CONNECT 10.16.0.80. The issue is a parsing-use-after-free flaw in DGN file handling where the code does not validate object existence before operations, enabling remote code execution in the process context. Exploitation requires user interaction (visit...

7.8CVSS7.8AI score0.0222EPSS
CVE
CVE
added 2022/02/18 7:46 p.m.112 views

CVE-2021-46646

CVE-2021-46646 affects Bentley MicroStation CONNECT 10.16.0.80. The issue is an out-of-bounds write in the DGN file parser, allowing code execution in the context of the current process. Exploitation requires user interaction (visiting a malicious page or opening a malicious file) and crafted DGN...

7.8CVSS7.8AI score0.01955EPSS
CVE
CVE
added 2022/02/18 7:44 p.m.109 views

CVE-2021-46572

CVE-2021-46572 affects Bentley MicroStation CONNECT 10.16.0.80. The vulnerability is in the JT file parsing path, where crafted JT data can trigger an out-of-bounds write in the affected process, allowing remote code execution. Exploitation requires user interaction (target must visit a malicious...

7.8CVSS7.8AI score0.01911EPSS
CVE
CVE
added 2022/02/18 7:45 p.m.108 views

CVE-2021-46614

CVE-2021-46614 concerns Bentley MicroStation CONNECT 10.16.0.80, where the vulnerability arises in the parsing of J2K images. The underlying flaw is an out-of-bounds read that can be triggered by crafted J2K data, allowing an attacker to execute arbitrary code in the context of the affected proce...

7.8CVSS8AI score0.01878EPSS
CVE
CVE
added 2022/02/18 7:44 p.m.107 views

CVE-2021-46570

CVE-2021-46570 affects Bentley View 10.16.0.80. The issue lies in parsing JT files where memory is accessed without prior proper initialization, enabling an attacker to disclose sensitive information and, with other vulnerabilities, execute arbitrary code in the current process after user interac...

7.8CVSS7.3AI score0.01979EPSS
CVE
CVE
added 2022/02/18 7:44 p.m.107 views

CVE-2021-46583

CVE-2021-46583 affects Bentley MicroStation CONNECT 10.16.0.80. The root cause is an out-of-bounds write in the J2K image parser, triggered by crafted J2K data. This can allow a remote attacker to execute arbitrary code in the context of the affected process, with user interaction required (visit...

7.8CVSS7.8AI score0.01979EPSS
CVE
CVE
added 2022/02/18 7:44 p.m.105 views

CVE-2021-46562

CVE-2021-46562 affects Bentley MicroStation CONNECT 10.16.0.80. The issue lies in JT file parsing, where crafted data can trigger a read past the end of an allocated buffer, enabling remote code execution in the attacker’s context. User interaction is required (target must open a malicious page/f...

7.8CVSS7.8AI score0.01911EPSS
CVE
CVE
added 2022/02/18 7:45 p.m.105 views

CVE-2021-46626

Bentley View 10.15.0.75 is affected. The vulnerability stems from J2K image parsing, causing a read past the end of an allocated buffer and enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). No explicit remediation/versi...

7.8CVSS7.8AI score0.01878EPSS
CVE
CVE
added 2022/02/18 7:46 p.m.105 views

CVE-2021-46638

CVE-2021-46638 is substantiated by multiple connected advisories (notably ZDI-22-225) describing a stack-based buffer overflow in Bentley MicroStation CONNECT 10.16.0.80 during DGN file parsing. The flaw arises from insufficient validation of the length of user-supplied data prior to copying it i...

7.8CVSS7.8AI score0.01937EPSS
CVE
CVE
added 2022/02/18 7:46 p.m.105 views

CVE-2021-46639

CVE-2021-46639 affects Bentley MicroStation CONNECT 10.16.0.80. Connected sources (ZDI-22-226 and related notices) describe an out-of-bounds write in DGN file parsing that can allow remote code execution; exploitation requires user interaction (visiting malicious page or opening a malicious file)...

7.8CVSS7.8AI score0.01955EPSS
CVE
CVE
added 2022/02/18 7:46 p.m.105 views

CVE-2021-46647

The CVE-2021-46647 entry concerns Bentley MicroStation CONNECT (10.16.0.80). The vulnerability is a heap-based buffer overflow during BMP image parsing caused by insufficient validation of the length of user-supplied data prior to copying it into a heap buffer. This flaw can allow an attacker to ...

7.8CVSS7.8AI score0.01955EPSS
CVE
CVE
added 2022/02/18 7:45 p.m.104 views

CVE-2021-46605

Bentley MicroStation CONNECT 10.16.0.80 is affected by CVE-2021-46605. The issue is a BMP image parsing heap-based overflow caused by insufficient validation of the length of user-supplied data before copying it to a heap buffer, enabling remote code execution. Exploitation requires user interact...

7.8CVSS7.8AI score0.01979EPSS
CVE
CVE
added 2022/02/18 7:46 p.m.104 views

CVE-2021-46652

The CVE-2021-46652 entry concerns Bentley View 10.15.0.75 with a vulnerability in DGN file parsing. The underlying flaw is an out-of-bounds write (-write past the end of an allocated buffer-) triggered by crafted DGN data, enabling arbitrary code execution in the context of the current process. E...

7.8CVSS7.8AI score0.01955EPSS
CVE
CVE
added 2022/02/18 7:46 p.m.104 views

CVE-2021-46653

Bentley View 10.15.0.75 is affected by a heap-based buffer overflow in BMP image parsing due to insufficient validation of the length of user-supplied data. This allows remote attackers to execute arbitrary code in the context of the current process, with user interaction required (target must vi...

7.8CVSS7.8AI score0.01955EPSS
CVE
CVE
added 2022/02/18 7:44 p.m.103 views

CVE-2021-46569

CVE-2021-46569 affects Bentley MicroStation CONNECT 10.16.0.80. The issue is a JT file parsing out-of-bounds write that can be triggered by crafted data, enabling remote code execution in the current process. User interaction is required (visit a malicious page or open a malicious file). The prim...

7.8CVSS7.8AI score0.01911EPSS
CVE
CVE
added 2022/02/18 7:45 p.m.103 views

CVE-2021-46590

CVE-2021-46590 (Bentley MicroStation CONNECT 10.16.0.80) : A vulnerability exists in the parsing of JT files where crafted data can trigger a read past the end of an allocated buffer, enabling remote code execution. Exploitation requires user interaction (target must open a malicious page or file...

7.8CVSS7.8AI score0.01911EPSS
CVE
CVE
added 2022/02/18 7:44 p.m.101 views

CVE-2021-46576

Bentley MicroStation CONNECT 10.16.0.80 is affected. The vulnerability lies in JT file parsing, where crafted JT data can trigger a write past the end of an allocated buffer, allowing remote code execution in the context of the current process. User interaction is required (the target must visit ...

7.8CVSS7.8AI score0.01911EPSS
CVE
CVE
added 2022/02/18 7:44 p.m.101 views

CVE-2021-46577

Summary (supported): CVE-2021-46577 affects Bentley MicroStation CONNECT 10.16.0.80. The issue lies in the JT file parsing where the length of user-supplied data is not properly validated before being copied into a heap-based buffer, enabling a heap-based overflow. Impact: remote code execution i...

7.8CVSS7.8AI score0.01911EPSS
CVE
CVE
added 2022/02/18 7:45 p.m.101 views

CVE-2021-46593

CVE-2021-46593 affects Bentley MicroStation CONNECT 10.16.0.80. The issue is in parsing of DWG files due to insufficient validation, causing a read past the end of an allocated buffer and potential arbitrary code execution in the current process when combined with other vulnerabilities. Attacker ...

5.5CVSS5.2AI score0.01591EPSS
CVE
CVE
added 2022/02/18 7:45 p.m.101 views

CVE-2021-46604

CVE-2021-46604 affects Bentley MicroStation CONNECT 10.16.0.80. The vulnerability lies in PNG image parsing, where crafted PNG data can cause a write past the end of an allocated buffer, enabling remote code execution in the context of the current process. Exploitation requires user interaction (...

7.8CVSS7.8AI score0.01979EPSS
CVE
CVE
added 2022/02/18 7:45 p.m.101 views

CVE-2021-46619

Bentley MicroStation CONNECT 10.16.0.80 is affected by CVE-2021-46619 due to an out-of-bounds read during PDF parsing, enabling remote code execution when a user opens a malicious PDF or visits a crafted page/file. The vulnerability requires user interaction. Reports and advisories (e.g., ZDI-22-...

7.8CVSS7.8AI score0.01861EPSS
CVE
CVE
added 2022/02/18 7:46 p.m.101 views

CVE-2021-46636

Bentley MicroStation CONNECT 10.16.0.80 contains a DGN file parsing buffer-overread flaw that can allow remote code execution. Attacker must entice a user to open a malicious page/file; code runs in the target process. References: ZDI-22-223, BE-2021-0009. No patch/version details provided.

7.8CVSS7.8AI score0.01855EPSS
CVE
CVE
added 2022/02/18 7:45 p.m.99 views

CVE-2021-46620

CVE-2021-46620 affects Bentley MicroStation CONNECT 10.16.0.80. The connected ZDI advisory (ZDI-22-207) describes a vulnerability in FBX file parsing where improper validation can cause a read past the end of an allocated buffer. This results in an information disclosure vulnerability; exploitati...

5.5CVSS5.2AI score0.0151EPSS
CVE
CVE
added 2022/02/18 7:46 p.m.99 views

CVE-2021-46634

Bentley MicroStation CONNECT 10.16.0.80 is affected by CVE-2021-46634 due to an out-of-bounds write in JT file parsing. The flaw can allow remote code execution in the context of the affected process; exploitation requires user interaction (visiting a malicious page or opening a malicious file). ...

7.8CVSS7.8AI score0.01792EPSS
CVE
CVE
added 2022/02/18 7:46 p.m.99 views

CVE-2021-46640

Bentley View is affected by CVE-2021-46640. The vulnerability resides in the DGN file parsing code, where crafted DGN data can trigger a write past the end of an allocated buffer, enabling arbitrary code execution in the process context. The issue requires user interaction (visiting a malicious p...

7.8CVSS7.8AI score0.01955EPSS
CVE
CVE
added 2022/02/18 7:44 p.m.98 views

CVE-2021-46568

This CVE affects Bentley MicroStation CONNECT 10.16.0.80. The vulnerability lies in the JT file parser, where crafted JT data can trigger a write past the end of an allocated buffer, allowing remote code execution in the context of the current process. Exploitation requires user interaction (the ...

7.8CVSS7.8AI score0.01911EPSS
CVE
CVE
added 2022/02/18 7:45 p.m.98 views

CVE-2021-46612

CVE-2021-46612 affects Bentley MicroStation CONNECT 10.16.0.80. The vulnerability lies in PDF file parsing, where crafted data can trigger a read past the end of an allocated buffer, enabling remote code execution in the process context. Exploitation requires user interaction (visiting a maliciou...

7.8CVSS7.8AI score0.01861EPSS
CVE
CVE
added 2022/02/18 7:44 p.m.97 views

CVE-2021-46574

Bentley MicroStation CONNECT 10.16.0.80 is affected by a JT file parsing flaw that can trigger a write past the end of an allocated buffer, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious JT file). The issue is disclosed in ...

7.8CVSS7.8AI score0.01911EPSS
CVE
CVE
added 2022/02/18 7:44 p.m.97 views

CVE-2021-46584

CVE-2021-46584 affects Bentley MicroStation CONNECT 10.16.0.80. The flaw is in the parsing of J2K images, where crafted data can trigger a write past the end of an allocated buffer, allowing an attacker to execute code in the context of the current process. User interaction is required (visiting ...

7.8CVSS7.8AI score0.01961EPSS
CVE
CVE
added 2022/02/18 7:45 p.m.97 views

CVE-2021-46608

This entry covers CVE-2021-46608 affecting Bentley MicroStation CONNECT 10.16.0.80. Affected component: DWG file parsing code. Root cause: improper validation leading to a read past the end of an allocated buffer, enabling information disclosure. Exploitation requires user interaction (target mus...

4.3CVSS3.4AI score0.01424EPSS
CVE
CVE
added 2022/02/18 7:44 p.m.95 views

CVE-2021-46585

CVE-2021-46585 affects Bentley MicroStation CONNECT 10.16.0.80. The vulnerability is a stack-based buffer overflow caused by insufficient validation of user-supplied data while parsing JT files, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or o...

7.8CVSS7.8AI score0.01911EPSS
CVE
CVE
added 2022/02/18 7:44 p.m.95 views

CVE-2021-46586

Bentley MicroStation CONNECT (affected version 10.16.0.80) is vulnerable due to a flaw in 3DS file parsing that can trigger a write past the end of an allocated buffer, enabling remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file); ...

7.8CVSS7.8AI score0.01961EPSS
CVE
CVE
added 2022/02/18 7:45 p.m.95 views

CVE-2021-46591

The CVE-2021-46591 entry covers Bentley MicroStation CONNECT 10.16.0.80. The vulnerability resides in the parsing of JT files, where crafted JT data can trigger a read past the end of an allocated buffer, enabling remote code execution in the context of the current process. Exploitation requires ...

7.8CVSS7.8AI score0.01911EPSS
CVE
CVE
added 2022/02/18 7:44 p.m.94 views

CVE-2021-46579

Bentley MicroStation CONNECT 10.16.0.80 is affected by a JT file parsing use-after-free vulnerability that allows remote code execution. The root cause is failure to validate the existence of an object before operating on it during JT file processing, enabling an attacker to run code in the curre...

7.8CVSS7.8AI score0.01911EPSS
CVE
CVE
added 2022/02/18 7:46 p.m.93 views

CVE-2021-46629

CVE-2021-46629 affects Bentley View 10.15.0.75 and is due to improper validation in BMP image parsing, causing a read past the end of an allocated buffer. This can lead to information disclosure and, when combined with other vulnerabilities, potential arbitrary code execution in the context of th...

5.5CVSS5.2AI score0.0151EPSS
CVE
CVE
added 2022/02/18 7:45 p.m.92 views

CVE-2021-46607

Bentley MicroStation CONNECT 10.16.0.80 is affected by a 3DS file parsing vulnerability that can disclose sensitive information. The flaw arises from insufficient validation during 3DS data processing, causing an out-of-bounds read and potential information disclosure. Exploitation requires user ...

4.3CVSS3.4AI score0.01603EPSS
CVE
CVE
added 2022/02/18 7:46 p.m.92 views

CVE-2021-46637

CVE-2021-46637 affects Bentley MicroStation CONNECT (10.16.0.80). The vulnerability is an out-of-bounds read while parsing DGN files caused by insufficient validation of user-supplied data, allowing a remote attacker to disclose sensitive information by convincing a user to open a malicious file/...

5.5CVSS5.2AI score0.01491EPSS
CVE
CVE
added 2022/02/18 7:44 p.m.91 views

CVE-2021-46565

Bentley MicroStation CONNECT 10.16.0.80 is affected by CVE-2021-46565, a vulnerability in parsing JT files where improper validation of user-supplied data length leads to a stack-based buffer overflow. This allows remote code execution in the context of the current process and requires user inter...

7.8CVSS7.8AI score0.01888EPSS
CVE
CVE
added 2022/02/18 7:44 p.m.91 views

CVE-2021-46581

CVE-2021-46581 affects Bentley MicroStation CONNECT 10.16.0.80. The vulnerability arises from parsing JT files, where crafted data can trigger a write past the end of an allocated buffer, enabling remote code execution in the current process. Exploitation requires user interaction (visiting a mal...

7.8CVSS7.8AI score0.01911EPSS
CVE
CVE
added 2022/02/18 7:45 p.m.91 views

CVE-2021-46603

Bentley MicroStation CONNECT 10.16.0.80 is affected by CVE-2021-46603 due to a heap-based buffer overflow in the J2K image parser. The vulnerability arises from inadequate validation of the length of user-supplied data before copying it into a heap buffer, allowing remote attackers to execute arb...

7.8CVSS7.8AI score0.01979EPSS
CVE
CVE
added 2022/02/18 7:46 p.m.91 views

CVE-2021-46656

CVE-2021-46656 affects Bentley View 10.15.0.75. The flaw is a JT file parsing buffer overflow that can lead to remote code execution. Exploitation requires user interaction (visiting a malicious page or opening a malicious file). The issue is documented across multiple sources (e.g., ZDI-22-243, ...

7.8CVSS7.8AI score0.02148EPSS
CVE
CVE
added 2022/02/18 7:44 p.m.90 views

CVE-2021-46573

Bentley MicroStation CONNECT JT file parsing contains a use-after-free vulnerability that allows remote code execution. Affected versions include MicroStation CONNECT 10.16.0.80. Exploitation requires user interaction (visiting a malicious page or opening a malicious JT file). The issue arises fr...

7.8CVSS7.8AI score0.01911EPSS
CVE
CVE
added 2022/02/18 7:46 p.m.90 views

CVE-2021-46649

Bentley MicroStation CONNECT 10.16.0.80 is affected by CVE-2021-46649 due to an out-of-bounds read while parsing DGN files. The flaw stems from insufficient validation of user-supplied data, allowing reading beyond the end of an allocated buffer. This can disclose sensitive information and, in co...

5.5CVSS5.2AI score0.01572EPSS
CVE
CVE
added 2022/02/18 7:45 p.m.89 views

CVE-2021-46598

Bentley MicroStation CONNECT 10.16.0.80 is affected by a memory corruption remote code execution vulnerability in the JT file parser. The flaw stems from insufficient validation of user-supplied data during JT file parsing, allowing an attacker to execute code with the current process context aft...

7.8CVSS7.9AI score0.01872EPSS
CVE
CVE
added 2022/02/18 7:46 p.m.89 views

CVE-2021-46630

Bentley View 10.15.0.75 is affected by a vulnerability in FBX file parsing where improper validation can cause a read past the end of an allocated buffer. This enables information disclosure and, in conjunction with other vulnerabilities, could allow code execution in the current process. Exploit...

5.5CVSS5.2AI score0.0151EPSS
Total number of security vulnerabilities139