Latest CVE Feed
-
7.8
HIGHCVE-2021-40163
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.... Read more
Affected Products : autocad autocad_architecture autocad_civil_3d autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d design_review +9 more products- Published: Oct. 07, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-40162
A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.... Read more
Affected Products : autocad autocad_architecture autocad_civil_3d autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d design_review +9 more products- Published: Oct. 07, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-40161
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d design_review +3 more products- Published: Dec. 23, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-40160
PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d design_review +3 more products- Published: Dec. 23, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-40159
An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process.... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d civil_3d +1 more products- Published: Jan. 25, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-40158
A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code executio... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d civil_3d +1 more products- Published: Jan. 25, 2022
- Modified: Nov. 21, 2024
-
9.3
HIGHCVE-2021-40157
A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX’s Review version 1.5.0 and prior causing it to run arbitrary code on the system.... Read more
Affected Products : fbx_review- Published: Sep. 15, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-40156
A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.... Read more
Affected Products : navisworks- Published: Sep. 15, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-40155
A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.... Read more
Affected Products : navisworks- Published: Sep. 15, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-40154
NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.... Read more
- Published: Dec. 01, 2021
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2021-40153
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory... Read more
- Published: Aug. 27, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-40150
The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker can download the entire NGINX/FastCGI configurations by querying the /conf/ng... Read more
- Published: Jul. 17, 2022
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2021-40149
The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI.... Read more
- Published: Jul. 17, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-40148
In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY0071... Read more
- Published: Jan. 04, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-40147
EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerability than CVE-2021-32198.... Read more
Affected Products : zoc- Published: Aug. 26, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-40146
A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN,... Read more
Affected Products : any23- Published: Sep. 11, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-40145
gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used... Read more
Affected Products : libgd- Published: Aug. 26, 2021
- Modified: Nov. 21, 2024
-
8.2
HIGHCVE-2021-40143
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance.... Read more
Affected Products : nexus_repository_manager_3- Published: Sep. 07, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-40142
In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.... Read more
- Published: Aug. 27, 2021
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-40131
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is du... Read more
Affected Products : common_services_platform_collector- Published: Nov. 19, 2021
- Modified: Nov. 21, 2024