Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-7675

Description: A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

CVSS: HIGH (7.8)

EPSS Score: 0.07%

Source: CVE
December 4th, 2024 (6 months ago)

CVE-2024-7674

Description: A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

CVSS: HIGH (7.8)

EPSS Score: 0.07%

Source: CVE
December 4th, 2024 (6 months ago)

CVE-2024-7673

Description: A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

CVSS: HIGH (7.8)

EPSS Score: 0.07%

Source: CVE
December 4th, 2024 (6 months ago)

CVE-2024-7672

Description: A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVSS: HIGH (7.8)

EPSS Score: 0.07%

Source: CVE
December 4th, 2024 (6 months ago)

CVE-2024-7671

Description: A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVSS: HIGH (7.8)

EPSS Score: 0.07%

Source: CVE
December 4th, 2024 (6 months ago)

CVE-2024-7670

Description: A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS: HIGH (7.8)

EPSS Score: 0.06%

Source: CVE
December 4th, 2024 (6 months ago)

CVE-2024-7244

Description: Panda Security Dome VPN DLL Hijacking Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the VPN process. The process does not restrict DLL search to trusted paths, which can result in the loading of a malicious DLL. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23428.

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE
December 4th, 2024 (6 months ago)

CVE-2024-7243

Description: Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the PSANHost executable. By creating a junction, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23413.

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE
December 4th, 2024 (6 months ago)

CVE-2024-7242

Description: Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the PSANHost executable. By creating a junction, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23402.

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE
December 4th, 2024 (6 months ago)

CVE-2024-7241

Description: Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the PSANHost service. By creating a junction, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23375.

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE
December 4th, 2024 (6 months ago)