CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44437 – Ashlar-Vellum Cobalt Uncontrolled Search Path Element Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44437
14 Nov 2023 — Ashlar-Vellum Cobalt Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. • https://www.zerodayinitiative.com/advisories/ZDI-23-1595 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44438 – Ashlar-Vellum Argon Uncontrolled Search Path Element Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44438
14 Nov 2023 — Ashlar-Vellum Argon Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Argon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. • https://www.zerodayinitiative.com/advisories/ZDI-23-1596 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44439 – Ashlar-Vellum Xenon Uncontrolled Search Path Element Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44439
14 Nov 2023 — Ashlar-Vellum Xenon Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Xenon. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. • https://www.zerodayinitiative.com/advisories/ZDI-23-1597 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44440 – Ashlar-Vellum Lithium Uncontrolled Search Path Element Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44440
14 Nov 2023 — Ashlar-Vellum Lithium Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Lithium. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of various file types. The process loads a library from an unsecured location. • https://www.zerodayinitiative.com/advisories/ZDI-23-1598 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-39427 – Ashlar-Vellum Cobalt, Xenon, Argon, Lithium Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2023-39427
26 Oct 2023 — In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. En Ashlar-Vellum Cobalt, Xenon, Argon, Lithium y Cobalt Share v12 SP0 Build (1204.77), las aplicaciones afectadas carecen de una validación adecuada de los datos proporcionad... • https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-03 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39936 – Ashlar-Vellum Graphite Out-of-bounds Read
https://notcve.org/view.php?id=CVE-2023-39936
26 Oct 2023 — In Ashlar-Vellum Graphite v13.0.48, the affected application lacks proper validation of user-supplied data when parsing VC6 files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. En Ashlar-Vellum Graphite v13.0.48, la aplicación afectada carece de una validación adecuada de los datos proporcionados por el usuario al analizar archivos VC6. Esto podría dar lugar a una lectura fuera de los límites. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-03 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42101 – Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-42101
21 Sep 2023 — Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past th... • https://www.zerodayinitiative.com/advisories/ZDI-23-1450 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42102 – Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-42102
21 Sep 2023 — Ashlar-Vellum Cobalt AR File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion c... • https://www.zerodayinitiative.com/advisories/ZDI-23-1451 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42103 – Ashlar-Vellum Cobalt AR File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-42103
21 Sep 2023 — Ashlar-Vellum Cobalt AR File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of validating the existence of an object prior to performing operations on the obj... • https://www.zerodayinitiative.com/advisories/ZDI-23-1452 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42104 – Ashlar-Vellum Cobalt AR File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-42104
21 Sep 2023 — Ashlar-Vellum Cobalt AR File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of validating the existence of an object prior to performing operations on the obj... • https://www.zerodayinitiative.com/advisories/ZDI-23-1453 • CWE-416: Use After Free •