CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53007
https://notcve.org/view.php?id=CVE-2024-53007
31 Jan 2025 — Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call. • https://www.bentley.com/advisories/be-2024-0002 • CWE-648: Incorrect Use of Privileged APIs •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27455
https://notcve.org/view.php?id=CVE-2024-27455
26 Feb 2024 — In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.00.04.04 and Assetwise Information Integrity Server 23.00.02.03. En la aplicación web Bentley ALIM, ciertos ajustes de configuración pueden provocar la exposición del token de sesión ALIM de un usuario cuando el usuario intenta descargar archivos. Esto se solucionó en Assetwise ALIM Web 23.00.02.03 y Assetwise I... • https://www.bentley.com/advisories/be-2024-0001 • CWE-488: Exposure of Data Element to Wrong Session CWE-613: Insufficient Session Expiration •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 0CVE-2023-44430 – Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44430
08 Jan 2024 — Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • https://www.bentley.com/advisories/be-2022-0019 • CWE-416: Use After Free •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-51708
https://notcve.org/view.php?id=CVE-2023-51708
22 Dec 2023 — Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For Transportation before 23.00.01.25. Las aplicaciones Bentley eB System Management Console dentro de Assetwise Integrity Information Server permiten a un usuario no autenticado ver opciones de configuración a través ... • https://www.bentley.com/advisories/be-2023-0002 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 93%CPEs: 16EXPL: 16CVE-2023-4863 – Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-4863
12 Sep 2023 — Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) El desbordamiento del búfer de memoria en libwebp en Google Chrome anterior a 116.0.5845.187 y libwebp 1.3.2 permitía a un atacante remoto realizar una escritura en memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chromium: crítica) A heap-bas... • https://github.com/alsaeroth/CVE-2023-4863-POC • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43652 – Bentley View SKP File Parsing Use-After-Free Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-43652
31 Mar 2023 — Bentley View SKP File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • https://www.zerodayinitiative.com/advisories/ZDI-23-347 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43651 – Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-43651
31 Mar 2023 — Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • https://www.zerodayinitiative.com/advisories/ZDI-23-346 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43656 – Bentley View FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-43656
31 Mar 2023 — Bentley View FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. Crafted data in an FBX file can trigger a read past the end of an allocated buffer. • https://www.zerodayinitiative.com/advisories/ZDI-23-345 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43655 – Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-43655
31 Mar 2023 — Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fi... • https://www.zerodayinitiative.com/advisories/ZDI-23-344 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43653 – Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-43653
31 Mar 2023 — Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. Crafted data in an SKP file can trigger a write past the end of an allocated buffer. • https://www.zerodayinitiative.com/advisories/ZDI-23-348 • CWE-787: Out-of-bounds Write •