CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-46644 – Bentley MicroStation CONNECT DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-46644
31 Jan 2022 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0009 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-46630 – Bentley View FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-46630
31 Jan 2022 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with o... • https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0012 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-46583 – Bentley MicroStation CONNECT J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-46583
31 Jan 2022 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process... • https://www.bentley.com/en/common-vulnerability-exposure/BE-2021-0006 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 41EXPL: 1CVE-2013-1406 – VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys'
https://notcve.org/view.php?id=CVE-2013-1406
11 Feb 2013 — The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors. La implementación en vmci.sys en el Virtual Machine Communic... • https://www.exploit-db.com/exploits/40164 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2012-5978
https://notcve.org/view.php?id=CVE-2012-5978
19 Dec 2012 — Multiple directory traversal vulnerabilities in the (1) View Connection Server and (2) View Security Server in VMware View 4.x before 4.6.2 and 5.x before 5.1.2 allow remote attackers to read arbitrary files via unspecified vectors. Múltiples vulnerabilidades de salto de directorio en (1) View Connection Server y (2) View Security Server en VMware View v4.x antes de v4.6.2 y v5.x antes de v5.1.2 permiten a atacantes remotos leer archivos de su elección a través de vectores no especificados. • http://www.securitytracker.com/id?1027875 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 1CVE-2012-1666 – ThinPrint - 'tpfc.dll' Insecure Library Loading Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2012-1666
08 Sep 2012 — Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory. Vulnerabilidad de path de búsqueda no confiable en VMware Tools en VMware Workstation anteriores a v8.0.4, VMware Player anteriores a v4.0.4, VMware Fusion anteriores a v4.1.2, VMware View an... • https://www.exploit-db.com/exploits/37780 •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2012-1510
https://notcve.org/view.php?id=CVE-2012-1510
16 Mar 2012 — Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors. Desbordamiento de búfer en el driver WDDM en VMware ESXi v4.0, v4.1, y v5.0; VMware ESX v4.0 y v4.1; y VMware View anterior a v4.6.1, permite a usuarios invitados del OS obtener privilegios de invitado mediante vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0071.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-1509
https://notcve.org/view.php?id=CVE-2012-1509
16 Mar 2012 — Buffer overflow in the XPDM display driver in VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors. Desbordamiento de búfer en el driver XPDM en VMware View anterior a v4.6.1 permite a usuarios invitados del SO ganar privilegios de invitado mediante vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0071.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-1511
https://notcve.org/view.php?id=CVE-2012-1511
16 Mar 2012 — Cross-site scripting (XSS) vulnerability in View Manager Portal in VMware View before 4.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en View Manager Portal en VMware View anterior a v4.6.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URL manipulada. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0071.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2012-1508
https://notcve.org/view.php?id=CVE-2012-1508
16 Mar 2012 — The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. El driver XPDM en VMware ESXi v4.0, v4.1, y v5.0; VMware ESX v4.0 y v4.1; y VMware View anterior a v4.6.1 permite a usuarios invitado del SO ganas privilegios de invitado o causar una denagación de servicio (NULL pointer dereference) mediante vectores no especificados • http://archives.neohapsis.com/archives/bugtraq/2012-03/0071.html • CWE-264: Permissions, Privileges, and Access Controls •