Latest CVE Feed
-
7.8
HIGHCVE-2021-40167
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in th... Read more
Affected Products : design_review- Published: Jan. 25, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-40166
A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.... Read more
Affected Products : autocad autocad_architecture autocad_civil_3d autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d design_review +9 more products- Published: Oct. 07, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-40165
A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.... Read more
Affected Products : autocad autocad_architecture autocad_civil_3d autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d design_review +9 more products- Published: Oct. 07, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-40164
A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.... Read more
Affected Products : autocad autocad_architecture autocad_civil_3d autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d design_review +9 more products- Published: Oct. 07, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-40163
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.... Read more
Affected Products : autocad autocad_architecture autocad_civil_3d autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d design_review +9 more products- Published: Oct. 07, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-40162
A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.... Read more
Affected Products : autocad autocad_architecture autocad_civil_3d autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d design_review +9 more products- Published: Oct. 07, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-40161
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d design_review +3 more products- Published: Dec. 23, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-40160
PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d design_review +3 more products- Published: Dec. 23, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-40159
An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process.... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d civil_3d +1 more products- Published: Jan. 25, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-40158
A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code executio... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d civil_3d +1 more products- Published: Jan. 25, 2022
- Modified: Nov. 21, 2024
-
9.3
HIGHCVE-2021-40157
A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX’s Review version 1.5.0 and prior causing it to run arbitrary code on the system.... Read more
Affected Products : fbx_review- Published: Sep. 15, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-40156
A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.... Read more
Affected Products : navisworks- Published: Sep. 15, 2021
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-40155
A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.... Read more
Affected Products : navisworks- Published: Sep. 15, 2021
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-40154
NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.... Read more
- Published: Dec. 01, 2021
- Modified: Nov. 21, 2024
-
8.1
HIGHCVE-2021-40153
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory... Read more
- Published: Aug. 27, 2021
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-40150
The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker can download the entire NGINX/FastCGI configurations by querying the /conf/ng... Read more
- Published: Jul. 17, 2022
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2021-40149
The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI.... Read more
- Published: Jul. 17, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-40148
In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY0071... Read more
- Published: Jan. 04, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-40147
EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerability than CVE-2021-32198.... Read more
Affected Products : zoc- Published: Aug. 26, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-40146
A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any code of their choice on a remote machine over LAN, WAN,... Read more
Affected Products : any23- Published: Sep. 11, 2021
- Modified: Nov. 21, 2024