CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-23153 – Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products
https://notcve.org/view.php?id=CVE-2024-23153
18 Jun 2024 — A maliciously crafted MODEL file, when parsed in libodx.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. Un archivo MODEL creado con fines malintencionados, cuando se analiza en libodx.dll a través de aplicaciones de Autodesk, puede forzar una lectura fuera de los límites. Un actor malintencionado puede aprovechar esta vulnerabilidad par... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23154 – Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products
https://notcve.org/view.php?id=CVE-2024-23154
18 Jun 2024 — A maliciously crafted SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. Un archivo SLDPRT creado con fines malintencionados, cuando se analiza en ODXSW_DLL.dll a través de aplicaciones de Autodesk, se puede utilizar para provocar un desbordamiento basado en montón. Un actor malintencionado ... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-23156 – Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products
https://notcve.org/view.php?id=CVE-2024-23156
18 Jun 2024 — A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMkern229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process. Un archivo 3DM creado con fines malintencionados, cuando se analiza en opennurbs.dll y ASMkern229A.dll a través de aplicaciones de Autodesk, puede provocar una vulnerabilidad de corrupción de memoria por infracción de acce... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-23157 – Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products
https://notcve.org/view.php?id=CVE-2024-23157
18 Jun 2024 — A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process. Un archivo SLDASM o SLDPRT creado con fines malintencionados, cuando se analiza en ODXSW_DLL.dll a través de aplicaciones de Autodesk, puede provocar una vulnerabilidad de corrupción de memoria por infracción de acceso de escritu... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23158 – Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products
https://notcve.org/view.php?id=CVE-2024-23158
18 Jun 2024 — A maliciously crafted IGES file, when parsed in ASMImport229A.dll through Autodesk applications, can be used to cause a use-after-free vulnerability. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process. Un archivo IGES creado con fines malintencionados, cuando se analiza en ASMImport229A.dll a través de aplicaciones de Autodesk, puede usarse para provocar una vulnerabilidad de use-after-free. Un actor malintencionado puede aprove... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-23151 – Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products
https://notcve.org/view.php?id=CVE-2024-23151
18 Jun 2024 — A maliciously crafted 3DM file, when parsed in ASMkern229A.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. Un archivo 3DM creado con fines malintencionados, cuando se analiza en ASMkern229A.dll a través de aplicaciones de Autodesk, puede forzar una escritura fuera de los límites. Un actor malintencionado puede aprovechar esta vulnerabi... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-23159 – Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products
https://notcve.org/view.php?id=CVE-2024-23159
18 Jun 2024 — A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process. Un archivo STP creado con fines malintencionados, cuando se analiza en stp_aim_x64_vc15d.dll a través de aplicaciones de Autodesk, se puede utilizar para variables no inicializadas. Esta vulnerabilidad, junto con otras vulnerabilidades, puede provocar la ejecución de... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0010 • CWE-457: Use of Uninitialized Variable •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-37000 – Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
https://notcve.org/view.php?id=CVE-2024-37000
13 Jun 2024 — A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process. Un archivo X_B creado con fines malintencionados, cuando se analiza en pskernel.DLL a través de aplicaciones de Autodesk, puede provocar una vulnerabilidad de corrupción de memoria por infracción de acceso de escritura.... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-37001 – Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
https://notcve.org/view.php?id=CVE-2024-37001
13 Jun 2024 — [A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. [Un archivo 3DM creado con fines malintencionados, cuando se analiza en opennurbs.dll a través de aplicaciones de Autodesk, se puede utilizar para provocar un desbordamiento basado en montón. Un actor malintencionado pued... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-37002 – Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
https://notcve.org/view.php?id=CVE-2024-37002
13 Jun 2024 — A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. Un archivo MODEL creado con fines malintencionados, cuando se analiza en ASMkern229A.dll a través de aplicaciones de Autodesk, se puede utilizar para variables no inicializadas. Esta vulnerabilidad, junto con otras vulnerabilidades, podría provocar la ejecución de códig... • https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009 • CWE-457: Use of Uninitialized Variable CWE-863: Incorrect Authorization •