Microstation

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:bentley:microstation:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorBentley (61f5c3c2-43f8-5e2d-bb69-fe40840daf55)
ProductMicrostation (ff281a14-5826-568f-a098-b108b8ac0cdb)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-44430 vulnerable 2026-06-03 14:53:06.734342 Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
HIGH (7.8)
Bentley View SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19067.
Published: 2024-05-03T02:13:56.897Z
Updated: 2024-08-02T20:07:33.102Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-42901 vulnerable 2026-06-03 14:48:13.217567 Details available
HIGH (7.8)
Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.
Published: 2022-10-13T00:00:00.000Z
Updated: 2025-05-15T17:40:28.433Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-42900 vulnerable 2026-06-03 14:48:13.217175 Details available
HIGH (7.8)
Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.
Published: 2022-10-13T00:00:00.000Z
Updated: 2025-05-15T17:41:40.786Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-42899 vulnerable 2026-06-03 14:48:13.216128 Details available
HIGH (7.8)
Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.
Published: 2022-10-13T00:00:00.000Z
Updated: 2025-05-15T17:43:16.698Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-35906 vulnerable 2026-06-03 14:47:39.053095 Details available
LOW (3.3)
An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a DGN file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of DGN files could enable an attacker to read information in the context of the current process.
Published: 2022-07-15T22:45:28.000Z
Updated: 2024-08-03T09:44:22.192Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-35905 vulnerable 2026-06-03 14:47:39.052796 Details available
LOW (3.3)
An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an FBX file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of FBX files could enable an attacker to read information in the context of the current process.
Published: 2022-07-15T22:45:09.000Z
Updated: 2024-08-03T09:44:22.129Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-35904 vulnerable 2026-06-03 14:47:39.052501 Details available
LOW (3.3)
An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an IFC file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of IFC files could enable an attacker to read information in the context of the current process.
Published: 2022-07-15T22:44:56.000Z
Updated: 2024-08-03T09:44:22.178Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-35903 vulnerable 2026-06-03 14:47:39.052207 Details available
LOW (3.3)
An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a 3DS file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of 3DS files could enable an attacker to read information in the context of the current process.
Published: 2022-07-15T22:44:39.000Z
Updated: 2024-08-03T09:44:22.158Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-35902 vulnerable 2026-06-03 14:47:39.051888 Details available
LOW (3.3)
An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an OBJ file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of OBJ files could enable an attacker to read information in the context of the current process.
Published: 2022-07-15T22:42:30.000Z
Updated: 2024-08-03T09:44:22.154Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-35901 vulnerable 2026-06-03 14:47:39.051560 Details available
LOW (3.3)
An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a J2K file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of J2K files could enable an attacker to read information in the context of the current process.
Published: 2022-07-15T22:40:53.000Z
Updated: 2024-08-03T09:44:22.181Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-35900 vulnerable 2026-06-03 14:47:39.050556 Details available
LOW (3.3)
An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a JP2 file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of JP2 files could enable an attacker to read information in the context of the current process.
Published: 2022-07-15T22:40:38.000Z
Updated: 2024-08-03T09:44:22.148Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28647 vulnerable 2026-06-03 14:46:55.127942 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.2.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16573.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T16:33:47.939Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28646 vulnerable 2026-06-03 14:46:55.127617 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.2.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16570.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T20:07:00.821Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28645 vulnerable 2026-06-03 14:46:55.127286 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16470.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T20:07:19.348Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28644 vulnerable 2026-06-03 14:46:55.126955 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16469.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T20:07:41.488Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28643 vulnerable 2026-06-03 14:46:55.126621 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16468.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T20:08:09.910Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28642 vulnerable 2026-06-03 14:46:55.126232 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16424.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T20:08:54.886Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28641 vulnerable 2026-06-03 14:46:55.125870 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16390.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T20:09:08.714Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28320 vulnerable 2026-06-03 14:46:54.706880 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DM files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16282.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T16:58:09.837Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28319 vulnerable 2026-06-03 14:46:54.706560 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DM files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16340.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T17:35:05.854Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28318 vulnerable 2026-06-03 14:46:54.706235 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16379.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-04-04T20:37:23.764Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28317 vulnerable 2026-06-03 14:46:54.705896 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16369.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T16:32:58.090Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28316 vulnerable 2026-06-03 14:46:54.705579 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16368.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T16:31:37.755Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28315 vulnerable 2026-06-03 14:46:54.705258 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16367.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T17:34:28.679Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28314 vulnerable 2026-06-03 14:46:54.704932 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16332.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T17:33:37.482Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28313 vulnerable 2026-06-03 14:46:54.704603 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16343.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T17:32:01.350Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28312 vulnerable 2026-06-03 14:46:54.704264 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16342.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T17:31:29.991Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28311 vulnerable 2026-06-03 14:46:54.703933 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. Crafted data in a DXF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16341.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T17:31:15.673Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28310 vulnerable 2026-06-03 14:46:54.703616 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16339.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T17:29:54.315Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28309 vulnerable 2026-06-03 14:46:54.703311 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16308.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T17:28:26.120Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28308 vulnerable 2026-06-03 14:46:54.702994 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16307.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T17:35:42.600Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28307 vulnerable 2026-06-03 14:46:54.702693 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. Crafted data in a DXF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16306.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T17:25:55.487Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28306 vulnerable 2026-06-03 14:46:54.702371 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-16174.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T17:24:05.217Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28305 vulnerable 2026-06-03 14:46:54.702046 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16172.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T17:22:30.402Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28304 vulnerable 2026-06-03 14:46:54.701719 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16171.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T17:21:05.212Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28303 vulnerable 2026-06-03 14:46:54.701394 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16280.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T17:19:08.352Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28302 vulnerable 2026-06-03 14:46:54.701022 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a read past the end of an allocated buffer. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-16446.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T17:18:39.747Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28301 vulnerable 2026-06-03 14:46:54.700607 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16392.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T17:18:00.984Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-28300 vulnerable 2026-06-03 14:46:54.699016 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation 10.16.02.034 CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. Crafted data in a JP2 file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16202.
Published: 2023-03-29T00:00:00.000Z
Updated: 2025-02-18T16:59:21.075Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46656 vulnerable 2026-06-03 14:45:44.702657 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15631.
Published: 2022-02-18T19:46:39.000Z
Updated: 2024-08-04T05:10:35.405Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46655 vulnerable 2026-06-03 14:45:44.702335 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15630.
Published: 2022-02-18T19:46:38.000Z
Updated: 2024-08-04T05:10:35.446Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46654 vulnerable 2026-06-03 14:45:44.702015 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15540.
Published: 2022-02-18T19:46:36.000Z
Updated: 2024-08-04T05:10:35.484Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46653 vulnerable 2026-06-03 14:45:44.701700 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15539.
Published: 2022-02-18T19:46:35.000Z
Updated: 2024-08-04T05:10:35.485Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46652 vulnerable 2026-06-03 14:45:44.701381 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15538.
Published: 2022-02-18T19:46:33.000Z
Updated: 2024-08-04T05:10:35.425Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46651 vulnerable 2026-06-03 14:45:44.701031 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15537.
Published: 2022-02-18T19:46:32.000Z
Updated: 2024-08-04T05:10:35.428Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46650 vulnerable 2026-06-03 14:45:44.700676 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15536.
Published: 2022-02-18T19:46:31.000Z
Updated: 2024-08-04T05:10:35.351Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46649 vulnerable 2026-06-03 14:45:44.700327 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15535.
Published: 2022-02-18T19:46:29.000Z
Updated: 2024-08-04T05:10:35.399Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46648 vulnerable 2026-06-03 14:45:44.699969 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15534.
Published: 2022-02-18T19:46:28.000Z
Updated: 2024-08-04T05:10:35.451Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46647 vulnerable 2026-06-03 14:45:44.699601 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15533.
Published: 2022-02-18T19:46:26.000Z
Updated: 2024-08-04T05:10:35.445Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46646 vulnerable 2026-06-03 14:45:44.699232 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15532.
Published: 2022-02-18T19:46:25.000Z
Updated: 2024-08-04T05:10:35.485Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46645 vulnerable 2026-06-03 14:45:44.698874 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. Crafted data in a BMP image can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15531.
Published: 2022-02-18T19:46:23.000Z
Updated: 2024-08-04T05:10:35.354Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46644 vulnerable 2026-06-03 14:45:44.698518 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15530.
Published: 2022-02-18T19:46:22.000Z
Updated: 2024-08-04T05:10:35.429Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46643 vulnerable 2026-06-03 14:45:44.698187 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15515.
Published: 2022-02-18T19:46:20.000Z
Updated: 2024-08-04T05:10:35.448Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46642 vulnerable 2026-06-03 14:45:44.697854 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15514.
Published: 2022-02-18T19:46:19.000Z
Updated: 2024-08-04T05:10:35.446Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46641 vulnerable 2026-06-03 14:45:44.697515 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN file. Crafted data in a DNG file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15513.
Published: 2022-02-18T19:46:18.000Z
Updated: 2024-08-04T05:10:35.276Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46640 vulnerable 2026-06-03 14:45:44.697194 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15512.
Published: 2022-02-18T19:46:16.000Z
Updated: 2024-08-04T05:10:35.358Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46639 vulnerable 2026-06-03 14:45:44.696844 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15511.
Published: 2022-02-18T19:46:15.000Z
Updated: 2024-08-04T05:10:35.332Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46638 vulnerable 2026-06-03 14:45:44.696475 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15510.
Published: 2022-02-18T19:46:13.000Z
Updated: 2024-08-04T05:10:35.404Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46637 vulnerable 2026-06-03 14:45:44.696024 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15509.
Published: 2022-02-18T19:46:12.000Z
Updated: 2024-08-04T05:10:35.350Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46636 vulnerable 2026-06-03 14:45:44.695674 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15508.
Published: 2022-02-18T19:46:10.000Z
Updated: 2024-08-04T05:10:35.379Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46635 vulnerable 2026-06-03 14:45:44.695324 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15507.
Published: 2022-02-18T19:46:09.000Z
Updated: 2024-08-04T05:10:35.376Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46634 vulnerable 2026-06-03 14:45:44.694945 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15464.
Published: 2022-02-18T19:46:07.000Z
Updated: 2024-08-04T05:10:35.357Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46633 vulnerable 2026-06-03 14:45:44.694589 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15463.
Published: 2022-02-18T19:46:06.000Z
Updated: 2024-08-04T05:10:35.274Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46632 vulnerable 2026-06-03 14:45:44.694256 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15462.
Published: 2022-02-18T19:46:04.000Z
Updated: 2024-08-04T05:10:35.256Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46631 vulnerable 2026-06-03 14:45:44.693924 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15461.
Published: 2022-02-18T19:46:03.000Z
Updated: 2024-08-04T05:10:35.417Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46630 vulnerable 2026-06-03 14:45:44.693611 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15460.
Published: 2022-02-18T19:46:01.000Z
Updated: 2024-08-04T05:10:35.264Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46629 vulnerable 2026-06-03 14:45:44.693291 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15459.
Published: 2022-02-18T19:46:00.000Z
Updated: 2024-08-04T05:10:35.371Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46628 vulnerable 2026-06-03 14:45:44.692964 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15458.
Published: 2022-02-18T19:45:58.000Z
Updated: 2024-08-04T05:10:35.273Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46627 vulnerable 2026-06-03 14:45:44.692635 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15457.
Published: 2022-02-18T19:45:57.000Z
Updated: 2024-08-04T05:10:35.269Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46626 vulnerable 2026-06-03 14:45:44.692318 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15456.
Published: 2022-02-18T19:45:56.000Z
Updated: 2024-08-04T05:10:35.411Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46625 vulnerable 2026-06-03 14:45:44.691998 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15455.
Published: 2022-02-18T19:45:54.000Z
Updated: 2024-08-04T05:10:35.366Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46624 vulnerable 2026-06-03 14:45:44.691676 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15454.
Published: 2022-02-18T19:45:53.000Z
Updated: 2024-08-04T05:10:35.331Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46623 vulnerable 2026-06-03 14:45:44.691349 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15453.
Published: 2022-02-18T19:45:51.000Z
Updated: 2024-08-04T05:10:35.429Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46622 vulnerable 2026-06-03 14:45:44.691003 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15416.
Published: 2022-02-18T19:45:50.000Z
Updated: 2024-08-04T05:10:35.263Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46621 vulnerable 2026-06-03 14:45:44.690643 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15415.
Published: 2022-02-18T19:45:48.000Z
Updated: 2024-08-04T05:10:35.362Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46620 vulnerable 2026-06-03 14:45:44.690279 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15414.
Published: 2022-02-18T19:45:47.000Z
Updated: 2024-08-04T05:10:35.280Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46619 vulnerable 2026-06-03 14:45:44.689918 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15413.
Published: 2022-02-18T19:45:45.000Z
Updated: 2024-08-04T05:10:35.400Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46618 vulnerable 2026-06-03 14:45:44.689557 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15412.
Published: 2022-02-18T19:45:44.000Z
Updated: 2024-08-04T05:10:35.374Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46617 vulnerable 2026-06-03 14:45:44.689196 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15411.
Published: 2022-02-18T19:45:42.000Z
Updated: 2024-08-04T05:10:35.333Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46616 vulnerable 2026-06-03 14:45:44.688842 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15410.
Published: 2022-02-18T19:45:41.000Z
Updated: 2024-08-04T05:10:35.327Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46615 vulnerable 2026-06-03 14:45:44.688402 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15409.
Published: 2022-02-18T19:45:40.000Z
Updated: 2024-08-04T05:10:35.349Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46614 vulnerable 2026-06-03 14:45:44.688032 Details available
HIGH (7.8)
Bentley MicroStation CONNECT 10.16.0.80 J2K File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15408.
Published: 2022-02-18T19:45:38.000Z
Updated: 2024-08-04T05:10:35.370Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46613 vulnerable 2026-06-03 14:45:44.687686 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15407.
Published: 2022-02-18T19:45:37.000Z
Updated: 2024-08-04T05:10:35.282Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46612 vulnerable 2026-06-03 14:45:44.687338 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15406.
Published: 2022-02-18T19:45:35.000Z
Updated: 2024-08-04T05:10:35.332Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46611 vulnerable 2026-06-03 14:45:44.686974 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15405.
Published: 2022-02-18T19:45:34.000Z
Updated: 2024-08-04T05:10:35.337Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46610 vulnerable 2026-06-03 14:45:44.686624 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15404.
Published: 2022-02-18T19:45:32.000Z
Updated: 2024-08-04T05:10:35.329Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46609 vulnerable 2026-06-03 14:45:44.686269 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15403.
Published: 2022-02-18T19:45:31.000Z
Updated: 2024-08-04T05:10:35.279Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46608 vulnerable 2026-06-03 14:45:44.685908 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15402.
Published: 2022-02-18T19:45:30.000Z
Updated: 2024-08-04T05:10:35.366Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46607 vulnerable 2026-06-03 14:45:44.685559 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15401.
Published: 2022-02-18T19:45:28.000Z
Updated: 2024-08-04T05:10:35.338Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46606 vulnerable 2026-06-03 14:45:44.685218 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15400.
Published: 2022-02-18T19:45:27.000Z
Updated: 2024-08-04T05:10:35.322Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46605 vulnerable 2026-06-03 14:45:44.684873 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15399.
Published: 2022-02-18T19:45:25.000Z
Updated: 2024-08-04T05:10:35.361Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46604 vulnerable 2026-06-03 14:45:44.684515 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG images. Crafted data in a PNG image can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15398.
Published: 2022-02-18T19:45:24.000Z
Updated: 2024-08-04T05:10:35.265Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46603 vulnerable 2026-06-03 14:45:44.684147 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15397.
Published: 2022-02-18T19:45:22.000Z
Updated: 2024-08-04T05:10:35.271Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46602 vulnerable 2026-06-03 14:45:44.683788 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15396.
Published: 2022-02-18T19:45:21.000Z
Updated: 2024-08-04T05:10:35.355Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46601 vulnerable 2026-06-03 14:45:44.683436 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15395.
Published: 2022-02-18T19:45:19.000Z
Updated: 2024-08-04T05:10:35.328Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46600 vulnerable 2026-06-03 14:45:44.683072 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15394.
Published: 2022-02-18T19:45:18.000Z
Updated: 2024-08-04T05:10:35.334Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46599 vulnerable 2026-06-03 14:45:44.682716 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15393.
Published: 2022-02-18T19:45:17.000Z
Updated: 2024-08-04T05:10:35.339Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46598 vulnerable 2026-06-03 14:45:44.682357 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15392.
Published: 2022-02-18T19:45:15.000Z
Updated: 2024-08-04T05:10:35.248Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46597 vulnerable 2026-06-03 14:45:44.681956 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15391.
Published: 2022-02-18T19:45:14.000Z
Updated: 2024-08-04T05:10:35.324Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46596 vulnerable 2026-06-03 14:45:44.681500 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15390.
Published: 2022-02-18T19:45:12.000Z
Updated: 2024-08-04T05:10:35.257Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46595 vulnerable 2026-06-03 14:45:44.681128 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15389.
Published: 2022-02-18T19:45:11.000Z
Updated: 2024-08-04T05:10:35.313Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46594 vulnerable 2026-06-03 14:45:44.680769 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15388.
Published: 2022-02-18T19:45:09.000Z
Updated: 2024-08-04T05:10:35.353Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46593 vulnerable 2026-06-03 14:45:44.680408 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15387.
Published: 2022-02-18T19:45:08.000Z
Updated: 2024-08-04T05:10:35.250Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46592 vulnerable 2026-06-03 14:45:44.680042 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15386.
Published: 2022-02-18T19:45:06.000Z
Updated: 2024-08-04T05:10:35.323Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46591 vulnerable 2026-06-03 14:45:44.679673 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15385.
Published: 2022-02-18T19:45:04.000Z
Updated: 2024-08-04T05:10:35.321Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46590 vulnerable 2026-06-03 14:45:44.679304 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15384.
Published: 2022-02-18T19:45:03.000Z
Updated: 2024-08-04T05:10:35.331Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46589 vulnerable 2026-06-03 14:45:44.678944 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15383.
Published: 2022-02-18T19:45:00.000Z
Updated: 2024-08-04T05:10:35.243Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46588 vulnerable 2026-06-03 14:45:44.678575 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15382.
Published: 2022-02-18T19:44:59.000Z
Updated: 2024-08-04T05:10:35.247Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46587 vulnerable 2026-06-03 14:45:44.678199 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15381.
Published: 2022-02-18T19:44:57.000Z
Updated: 2024-08-04T05:10:35.259Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46586 vulnerable 2026-06-03 14:45:44.677805 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15380.
Published: 2022-02-18T19:44:56.000Z
Updated: 2024-08-04T05:10:35.258Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46585 vulnerable 2026-06-03 14:45:44.677432 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15379.
Published: 2022-02-18T19:44:54.000Z
Updated: 2024-08-04T05:10:35.320Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46584 vulnerable 2026-06-03 14:45:44.677041 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15378.
Published: 2022-02-18T19:44:52.000Z
Updated: 2024-08-04T05:10:35.322Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46583 vulnerable 2026-06-03 14:45:44.676671 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K images. Crafted data in a J2K image can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15377.
Published: 2022-02-18T19:44:51.000Z
Updated: 2024-08-04T05:10:35.276Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46582 vulnerable 2026-06-03 14:45:44.676326 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15376.
Published: 2022-02-18T19:44:49.000Z
Updated: 2024-08-04T05:10:35.244Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46581 vulnerable 2026-06-03 14:45:44.675961 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15375.
Published: 2022-02-18T19:44:48.000Z
Updated: 2024-08-04T05:10:35.246Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46580 vulnerable 2026-06-03 14:45:44.675586 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15374.
Published: 2022-02-18T19:44:46.000Z
Updated: 2024-08-04T05:10:35.327Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46579 vulnerable 2026-06-03 14:45:44.675112 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15373.
Published: 2022-02-18T19:44:45.000Z
Updated: 2024-08-04T05:10:35.362Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46578 vulnerable 2026-06-03 14:45:44.674759 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15372.
Published: 2022-02-18T19:44:43.000Z
Updated: 2024-08-04T05:10:35.257Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46577 vulnerable 2026-06-03 14:45:44.674385 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15371.
Published: 2022-02-18T19:44:42.000Z
Updated: 2024-08-04T05:10:35.279Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46576 vulnerable 2026-06-03 14:45:44.673999 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15370.
Published: 2022-02-18T19:44:40.000Z
Updated: 2024-08-04T05:10:35.310Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46575 vulnerable 2026-06-03 14:45:44.673626 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15369.
Published: 2022-02-18T19:44:39.000Z
Updated: 2024-08-04T05:10:35.314Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46574 vulnerable 2026-06-03 14:45:44.673259 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15368.
Published: 2022-02-18T19:44:37.000Z
Updated: 2024-08-04T05:10:35.329Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46573 vulnerable 2026-06-03 14:45:44.672887 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15367.
Published: 2022-02-18T19:44:36.000Z
Updated: 2024-08-04T05:10:35.217Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46572 vulnerable 2026-06-03 14:45:44.672511 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15366.
Published: 2022-02-18T19:44:34.000Z
Updated: 2024-08-04T05:10:35.274Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46571 vulnerable 2026-06-03 14:45:44.672154 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15365.
Published: 2022-02-18T19:44:33.000Z
Updated: 2024-08-04T05:10:35.295Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46570 vulnerable 2026-06-03 14:45:44.671765 Details available
HIGH (7.8)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15364.
Published: 2022-02-18T19:44:31.000Z
Updated: 2024-08-04T05:10:35.352Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46569 vulnerable 2026-06-03 14:45:44.671378 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15031.
Published: 2022-02-18T19:44:30.000Z
Updated: 2024-08-04T05:10:35.232Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46568 vulnerable 2026-06-03 14:45:44.670994 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15030.
Published: 2022-02-18T19:44:29.000Z
Updated: 2024-08-04T05:10:35.343Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46567 vulnerable 2026-06-03 14:45:44.670613 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15028.
Published: 2022-02-18T19:44:27.000Z
Updated: 2024-08-04T05:10:35.284Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46566 vulnerable 2026-06-03 14:45:44.670198 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15027.
Published: 2022-02-18T19:44:26.000Z
Updated: 2024-08-04T05:10:35.283Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46565 vulnerable 2026-06-03 14:45:44.668287 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15024.
Published: 2022-02-18T19:44:24.000Z
Updated: 2024-08-04T05:10:35.143Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46564 vulnerable 2026-06-03 14:45:44.667910 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15023.
Published: 2022-02-18T19:44:23.000Z
Updated: 2024-08-04T05:10:35.197Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46563 vulnerable 2026-06-03 14:45:44.667511 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14990.
Published: 2022-02-18T19:44:21.000Z
Updated: 2024-08-04T05:10:34.972Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-46562 vulnerable 2026-06-03 14:45:44.666472 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14987.
Published: 2022-02-18T19:44:20.000Z
Updated: 2024-08-04T05:10:35.145Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34946 vulnerable 2026-06-03 14:44:48.417436 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15055.
Published: 2022-01-13T21:44:30.000Z
Updated: 2024-08-04T00:26:55.665Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34945 vulnerable 2026-06-03 14:44:48.416995 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15054.
Published: 2022-01-13T21:44:29.000Z
Updated: 2024-08-04T00:26:55.759Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34944 vulnerable 2026-06-03 14:44:48.416650 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15052.
Published: 2022-01-13T21:44:27.000Z
Updated: 2024-08-04T00:26:55.717Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34943 vulnerable 2026-06-03 14:44:48.416294 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15051.
Published: 2022-01-13T21:44:26.000Z
Updated: 2024-08-04T00:26:55.736Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34942 vulnerable 2026-06-03 14:44:48.415820 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15041.
Published: 2022-01-13T21:44:25.000Z
Updated: 2024-08-04T00:26:55.762Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34941 vulnerable 2026-06-03 14:44:48.415498 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15040.
Published: 2022-01-13T21:44:24.000Z
Updated: 2024-08-04T00:26:55.646Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34940 vulnerable 2026-06-03 14:44:48.415163 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15039.
Published: 2022-01-13T21:44:23.000Z
Updated: 2024-08-04T00:26:55.656Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34939 vulnerable 2026-06-03 14:44:48.414829 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14996.
Published: 2022-01-13T21:44:22.000Z
Updated: 2024-08-04T00:26:55.682Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34938 vulnerable 2026-06-03 14:44:48.414494 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14995.
Published: 2022-01-13T21:44:20.000Z
Updated: 2024-08-04T00:26:55.708Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34937 vulnerable 2026-06-03 14:44:48.414162 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14915.
Published: 2022-01-13T21:44:19.000Z
Updated: 2024-08-04T00:26:55.684Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34936 vulnerable 2026-06-03 14:44:48.413832 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14914.
Published: 2022-01-13T21:44:18.000Z
Updated: 2024-08-04T00:26:55.656Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34935 vulnerable 2026-06-03 14:44:48.413503 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14913.
Published: 2022-01-13T21:44:17.000Z
Updated: 2024-08-04T00:26:55.635Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34934 vulnerable 2026-06-03 14:44:48.413166 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14912.
Published: 2022-01-13T21:44:15.000Z
Updated: 2024-08-04T00:26:55.689Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34933 vulnerable 2026-06-03 14:44:48.412828 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14911.
Published: 2022-01-13T21:44:14.000Z
Updated: 2024-08-04T00:26:55.598Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34932 vulnerable 2026-06-03 14:44:48.412494 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14910.
Published: 2022-01-13T21:44:13.000Z
Updated: 2024-08-04T00:26:55.666Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34931 vulnerable 2026-06-03 14:44:48.412150 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14909.
Published: 2022-01-13T21:44:12.000Z
Updated: 2024-08-04T00:26:55.847Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34930 vulnerable 2026-06-03 14:44:48.411818 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14908.
Published: 2022-01-13T21:44:11.000Z
Updated: 2024-08-04T00:26:55.595Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34929 vulnerable 2026-06-03 14:44:48.411487 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14907.
Published: 2022-01-13T21:44:09.000Z
Updated: 2024-08-04T00:26:55.507Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34928 vulnerable 2026-06-03 14:44:48.411147 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14906.
Published: 2022-01-13T21:44:08.000Z
Updated: 2024-08-04T00:26:55.609Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34927 vulnerable 2026-06-03 14:44:48.410788 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14905.
Published: 2022-01-13T21:44:07.000Z
Updated: 2024-08-04T00:26:55.609Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34926 vulnerable 2026-06-03 14:44:48.410449 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14904.
Published: 2022-01-13T21:44:05.000Z
Updated: 2024-08-04T00:26:55.479Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34925 vulnerable 2026-06-03 14:44:48.410026 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14903.
Published: 2022-01-13T21:44:04.000Z
Updated: 2024-08-04T00:26:55.504Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34924 vulnerable 2026-06-03 14:44:48.409681 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14902.
Published: 2022-01-13T21:44:03.000Z
Updated: 2024-08-04T00:26:55.219Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34923 vulnerable 2026-06-03 14:44:48.409346 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14901.
Published: 2022-01-13T21:44:00.000Z
Updated: 2024-08-04T00:26:55.684Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34922 vulnerable 2026-06-03 14:44:48.409013 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14900.
Published: 2022-01-13T21:43:59.000Z
Updated: 2024-08-04T00:26:55.390Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34921 vulnerable 2026-06-03 14:44:48.408670 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14899.
Published: 2022-01-13T21:43:58.000Z
Updated: 2024-08-04T00:26:55.661Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34920 vulnerable 2026-06-03 14:44:48.408325 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14898.
Published: 2022-01-13T21:43:57.000Z
Updated: 2024-08-04T00:26:55.788Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34919 vulnerable 2026-06-03 14:44:48.407982 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14897.
Published: 2022-01-13T21:43:56.000Z
Updated: 2024-08-04T00:26:55.599Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34918 vulnerable 2026-06-03 14:44:48.407640 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. Crafted data in a JP2 file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14896.
Published: 2022-01-13T21:43:54.000Z
Updated: 2024-08-04T00:26:55.715Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34917 vulnerable 2026-06-03 14:44:48.407281 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14895.
Published: 2022-01-13T21:43:53.000Z
Updated: 2024-08-04T00:26:55.558Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34916 vulnerable 2026-06-03 14:44:48.406837 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14894.
Published: 2022-01-13T21:43:52.000Z
Updated: 2024-08-04T00:26:55.471Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34915 vulnerable 2026-06-03 14:44:48.406478 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14893.
Published: 2022-01-13T21:43:51.000Z
Updated: 2024-08-04T00:26:55.476Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34914 vulnerable 2026-06-03 14:44:48.406127 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14892.
Published: 2022-01-13T21:43:50.000Z
Updated: 2024-08-04T00:26:55.634Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34913 vulnerable 2026-06-03 14:44:48.405659 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14831.
Published: 2022-01-13T21:43:48.000Z
Updated: 2024-08-04T00:26:55.739Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34912 vulnerable 2026-06-03 14:44:48.405318 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14885.
Published: 2022-01-13T21:43:47.000Z
Updated: 2024-08-04T00:26:55.367Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34911 vulnerable 2026-06-03 14:44:48.404973 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14884.
Published: 2022-01-13T21:43:46.000Z
Updated: 2024-08-04T00:26:55.242Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34910 vulnerable 2026-06-03 14:44:48.404640 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14883.
Published: 2022-01-13T21:43:45.000Z
Updated: 2024-08-04T00:26:55.466Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34909 vulnerable 2026-06-03 14:44:48.404291 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14882.
Published: 2022-01-13T21:43:43.000Z
Updated: 2024-08-04T00:26:55.249Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34908 vulnerable 2026-06-03 14:44:48.403946 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14881.
Published: 2022-01-13T21:43:42.000Z
Updated: 2024-08-04T00:26:55.205Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34907 vulnerable 2026-06-03 14:44:48.403611 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14880.
Published: 2022-01-13T21:43:41.000Z
Updated: 2024-08-04T00:26:55.127Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34906 vulnerable 2026-06-03 14:44:48.403261 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14879.
Published: 2022-01-13T21:43:40.000Z
Updated: 2024-08-04T00:26:55.251Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34905 vulnerable 2026-06-03 14:44:48.402701 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14878.
Published: 2022-01-13T21:43:38.000Z
Updated: 2024-08-04T00:26:55.204Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34904 vulnerable 2026-06-03 14:44:48.402369 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14877.
Published: 2022-01-13T21:43:37.000Z
Updated: 2024-08-04T00:26:55.503Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34903 vulnerable 2026-06-03 14:44:48.402036 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. Crafted data in a BMP file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14876.
Published: 2022-01-13T21:43:36.000Z
Updated: 2024-08-04T00:26:54.994Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34902 vulnerable 2026-06-03 14:44:48.401704 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14875.
Published: 2022-01-13T21:43:34.000Z
Updated: 2024-08-04T00:26:55.208Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34901 vulnerable 2026-06-03 14:44:48.401357 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14874.
Published: 2022-01-13T21:43:33.000Z
Updated: 2024-08-04T00:26:54.993Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34900 vulnerable 2026-06-03 14:44:48.401008 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14867.
Published: 2022-01-13T21:43:32.000Z
Updated: 2024-08-04T00:26:55.051Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34899 vulnerable 2026-06-03 14:44:48.400675 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14866.
Published: 2022-01-13T21:43:31.000Z
Updated: 2024-08-04T00:26:55.028Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34898 vulnerable 2026-06-03 14:44:48.400347 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14865.
Published: 2022-01-13T21:43:30.000Z
Updated: 2024-08-04T00:26:55.268Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34897 vulnerable 2026-06-03 14:44:48.400002 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14864.
Published: 2022-01-13T21:43:29.000Z
Updated: 2024-08-04T00:26:54.958Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34896 vulnerable 2026-06-03 14:44:48.399663 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14863.
Published: 2022-01-13T21:43:27.000Z
Updated: 2024-08-04T00:26:55.421Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34895 vulnerable 2026-06-03 14:44:48.399319 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14862.
Published: 2022-01-13T21:43:26.000Z
Updated: 2024-08-04T00:26:54.960Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34894 vulnerable 2026-06-03 14:44:48.398981 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14847.
Published: 2022-01-13T21:43:25.000Z
Updated: 2024-08-04T00:26:54.968Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34893 vulnerable 2026-06-03 14:44:48.398638 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14846.
Published: 2022-01-13T21:43:24.000Z
Updated: 2024-08-04T00:26:54.933Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34892 vulnerable 2026-06-03 14:44:48.398292 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14845.
Published: 2022-01-13T21:43:23.000Z
Updated: 2024-08-04T00:26:55.048Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34891 vulnerable 2026-06-03 14:44:48.397952 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14844.
Published: 2022-01-13T21:43:22.000Z
Updated: 2024-08-04T00:26:54.695Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34890 vulnerable 2026-06-03 14:44:48.397614 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14843.
Published: 2022-01-13T21:43:20.000Z
Updated: 2024-08-04T00:26:54.690Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34889 vulnerable 2026-06-03 14:44:48.397264 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14842.
Published: 2022-01-13T21:43:19.000Z
Updated: 2024-08-04T00:26:55.210Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34888 vulnerable 2026-06-03 14:44:48.396896 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14841.
Published: 2022-01-13T21:43:18.000Z
Updated: 2024-08-04T00:26:54.664Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34887 vulnerable 2026-06-03 14:44:48.396539 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14840.
Published: 2022-01-13T21:43:17.000Z
Updated: 2024-08-04T00:26:54.958Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34886 vulnerable 2026-06-03 14:44:48.396173 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14839.
Published: 2022-01-13T21:43:16.000Z
Updated: 2024-08-04T00:26:54.705Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34885 vulnerable 2026-06-03 14:44:48.395696 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14838.
Published: 2022-01-13T21:43:14.000Z
Updated: 2024-08-04T00:26:54.695Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34884 vulnerable 2026-06-03 14:44:48.395364 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14837.
Published: 2022-01-13T21:43:13.000Z
Updated: 2024-08-04T00:26:54.671Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34883 vulnerable 2026-06-03 14:44:48.395016 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14836.
Published: 2022-01-13T21:43:12.000Z
Updated: 2024-08-04T00:26:54.684Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34882 vulnerable 2026-06-03 14:44:48.394661 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14835.
Published: 2022-01-13T21:43:10.000Z
Updated: 2024-08-04T00:26:54.678Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34881 vulnerable 2026-06-03 14:44:48.394322 Details available
LOW (3.3)
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14834.
Published: 2022-01-13T21:43:09.000Z
Updated: 2024-08-04T00:26:54.672Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34880 vulnerable 2026-06-03 14:44:48.393964 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14833.
Published: 2022-01-13T21:43:08.000Z
Updated: 2024-08-04T00:26:54.697Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34879 vulnerable 2026-06-03 14:44:48.393523 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14832.
Published: 2022-01-13T21:43:07.000Z
Updated: 2024-08-04T00:26:54.667Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34878 vulnerable 2026-06-03 14:44:48.392945 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14830.
Published: 2022-01-13T21:43:05.000Z
Updated: 2024-08-04T00:26:54.697Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34877 vulnerable 2026-06-03 14:44:48.392611 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14829.
Published: 2022-01-13T21:43:04.000Z
Updated: 2024-08-04T00:26:54.660Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34876 vulnerable 2026-06-03 14:44:48.392267 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14828.
Published: 2022-01-13T21:43:03.000Z
Updated: 2024-08-04T00:26:54.587Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34875 vulnerable 2026-06-03 14:44:48.391907 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14827.
Published: 2022-01-13T21:43:01.000Z
Updated: 2024-08-04T00:26:54.653Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34874 vulnerable 2026-06-03 14:44:48.391556 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of 3DS files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14736.
Published: 2022-01-13T21:43:00.000Z
Updated: 2024-08-04T00:26:54.701Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34873 vulnerable 2026-06-03 14:44:48.391194 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14696.
Published: 2022-01-13T21:42:59.000Z
Updated: 2024-08-04T00:26:54.669Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34872 vulnerable 2026-06-03 14:44:48.390814 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14737.
Published: 2022-01-13T21:42:57.000Z
Updated: 2024-08-04T00:26:54.591Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-34871 vulnerable 2026-06-03 14:44:48.390333 Details available
HIGH (7.8)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14695.
Published: 2022-01-13T21:42:56.000Z
Updated: 2024-08-04T00:26:54.583Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.