CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44430 – Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44430
Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.bentley.com/advisories/be-2022-0019 https://www.zerodayinitiative.com/advisories/ZDI-24-019 • CWE-416: Use After Free •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-51708
https://notcve.org/view.php?id=CVE-2023-51708
Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For Transportation before 23.00.01.25. Las aplicaciones Bentley eB System Management Console dentro de Assetwise Integrity Information Server permiten a un usuario no autenticado ver opciones de configuración a través de una solicitud manipulada, lo que lleva a la divulgación de información. Esto afecta a eB System Management Console antes del 23.00.02.03 y a Assetwise ALIM For Transportation antes del 23.00.01.25. • https://www.bentley.com/advisories/be-2023-0002 • CWE-287: Improper Authentication •
CVSS: 9.6EPSS: 62%CPEs: 16EXPL: 12CVE-2023-4863 – Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-4863
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) El desbordamiento del búfer de memoria en libwebp en Google Chrome anterior a 116.0.5845.187 y libwebp 1.3.2 permitía a un atacante remoto realizar una escritura en memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chromium: crítica) A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library. Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. • https://github.com/alsaeroth/CVE-2023-4863-POC https://github.com/mistymntncop/CVE-2023-4863 https://github.com/LiveOverflow/webp-CVE-2023-4863 https://github.com/bbaranoff/CVE-2023-4863 https://github.com/talbeerysec/BAD-WEBP-CVE-2023-4863 https://github.com/huiwen-yayaya/CVE-2023-4863 https://github.com/CrackerCat/CVE-2023-4863- https://github.com/sarsaeroth/CVE-2023-4863-POC http://www.openwall.com/lists/oss-security/2023/09/21/4 http://www.openwall.com/list • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43656 – Bentley View FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-43656
Bentley View FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. Crafted data in an FBX file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. • https://www.zerodayinitiative.com/advisories/ZDI-23-345 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43655 – Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-43655
Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.zerodayinitiative.com/advisories/ZDI-23-344 • CWE-122: Heap-based Buffer Overflow •