Total
85 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22649 | 2 Luxion, Siemens | 8 Keyshot, Keyshot Network Rendering, Keyshot Viewer and 5 more | 2022-10-25 | 6.8 MEDIUM | 7.8 HIGH |
| Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2020-26991 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2022-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11899) | |||||
| CVE-2022-2894 | 1 Measuresoft | 1 Scadapro Server | 2022-09-02 | N/A | 7.8 HIGH |
| Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file. | |||||
| CVE-2022-34890 | 1 Parallels | 1 Parallels Desktop | 2022-07-28 | N/A | 8.8 HIGH |
| This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-16653. | |||||
| CVE-2022-22514 | 1 Codesys | 20 Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc-a\/imx6 Sl and 17 more | 2022-05-10 | 4.9 MEDIUM | 7.1 HIGH |
| An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. | |||||
| CVE-2019-13334 | 1 Foxitsoftware | 1 Phantompdf | 2022-01-01 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8774. | |||||
| CVE-2021-38401 | 1 Fujielectric | 2 V-server, V-simulator | 2021-12-27 | 6.8 MEDIUM | 7.8 HIGH |
| Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash. | |||||
| CVE-2021-27496 | 3 Datakit, Luxion, Siemens | 6 Crosscadware, Keyshot, Solid Edge Se2020 and 3 more | 2021-06-09 | 6.8 MEDIUM | 7.8 HIGH |
| Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing PRT files. This could lead to pointer dereferences of a value obtained from an untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2020-26997 | 1 Siemens | 2 Solid Edge Se2020, Solid Edge Se2021 | 2021-06-08 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11919) | |||||
| CVE-2020-1899 | 1 Facebook | 1 Hhvm | 2021-03-18 | 5.0 MEDIUM | 7.5 HIGH |
| The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. | |||||
| CVE-2020-27289 | 1 Deltaww | 1 Cncsoft-b | 2021-03-09 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2020-27277 | 1 Deltaww | 1 Dopsoft | 2021-03-09 | 9.3 HIGH | 7.8 HIGH |
| Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2020-27003 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-03-05 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing TIFF files. This could lead to pointer dereferences of a value obtained from untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12158) | |||||
| CVE-2020-27259 | 1 Omron | 4 Cx-one, Cx-position, Cx-protocol and 1 more | 2021-02-11 | 6.8 MEDIUM | 8.8 HIGH |
| The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2020-27288 | 1 Deltaww | 1 Tpeditor | 2021-01-29 | 6.8 MEDIUM | 7.8 HIGH |
| An untrusted pointer dereference has been identified in the way TPEditor(v1.98 and prior) processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. | |||||
| CVE-2020-17392 | 1 Parallels | 1 Parallels Desktop | 2020-08-28 | 4.6 MEDIUM | 8.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handler for HOST_IOCTL_SET_KERNEL_SYMBOLS in the prl_hypervisor kext. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-10519. | |||||
| CVE-2018-7525 | 1 Omron | 1 Cx-supervisor | 2019-10-09 | 4.6 MEDIUM | 5.3 MEDIUM |
| In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability. | |||||
| CVE-2018-7497 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities have been identified, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2018-19029 | 1 Lcds | 1 Laquis Scada | 2019-10-09 | 8.3 HIGH | 7.8 HIGH |
| LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash. | |||||
| CVE-2018-17893 | 1 Lcds | 1 Laquis Scada | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution. | |||||