cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-43656,https://securityvulnerability.io/vulnerability/CVE-2022-43656,FBX File Parsing Out-Of-Bounds Read Vulnerability Affects Bentley View,"An information disclosure vulnerability exists in Bentley View due to improper handling of FBX file parsing. When a suitably crafted FBX file is opened, it can cause the software to read past the end of an allocated buffer. This flaw may enable remote attackers to reveal sensitive information from affected installations, although it necessitates user interaction to exploit. An attacker could leverage this vulnerability alongside other security issues to execute arbitrary code within the context of the current process.",Bentley,View,3.3,LOW,0.0006500000017695129,false,false,false,false,,false,false,2024-05-07T22:55:01.082Z,0
CVE-2022-43655,https://securityvulnerability.io/vulnerability/CVE-2022-43655,Remote Code Execution Vulnerability in Bentley View,"A vulnerability exists in Bentley View related to the parsing of FBX files, which can lead to a heap-based buffer overflow. The flaw arises from insufficient validation of the length of user-supplied data before it is copied to a fixed-length heap-based buffer. This weakness allows remote attackers to execute arbitrary code on vulnerable installations. Successful exploitation of this vulnerability necessitates user interaction, as the target must either visit a malicious web page or open a compromised FBX file. Proper security measures and updates are essential to protect against potential exploitation.",Bentley,View,7.8,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2024-05-07T22:55:00.105Z,0
CVE-2022-43653,https://securityvulnerability.io/vulnerability/CVE-2022-43653,Remote Code Execution Vulnerability in Bentley View,"This vulnerability in Bentley View arises from a specific flaw in the way SKP files are parsed. An attacker who crafts malicious data within an SKP file can exploit this flaw to write beyond the allocated buffer's end, potentially leading to the execution of arbitrary code. User interaction is necessary for the exploit as it demands that the victim visit a compromised webpage or open a rigged SKP file. Organizations using Bentley View should remain vigilant by applying security updates and educating users about the risks associated with opening suspicious files.",Bentley,View,7.8,HIGH,0.000750000006519258,false,false,false,false,,false,false,2024-05-07T22:54:58.166Z,0
CVE-2022-43652,https://securityvulnerability.io/vulnerability/CVE-2022-43652,Bentley View SKP File Parsing Use-After-Free Information Disclosure Vulnerability,"A severe vulnerability exists in Bentley View that relates to the parsing of SKP files. This flaw results from the inadequate validation of object existence before operations are performed, creating a potential for remote attackers to exploit this weakness. Successful exploitation requires user interaction, necessitating that the affected user either visits a malicious webpage or opens a compromised file. If exploited, this vulnerability allows attackers to disclose sensitive information and potentially chain it with other vulnerabilities to execute arbitrary code within the context of the application. Users are advised to update to the latest version to mitigate risks.",Bentley,View,3.3,LOW,0.001879999996162951,false,false,false,false,,false,false,2024-05-07T22:54:57.232Z,0
CVE-2022-43651,https://securityvulnerability.io/vulnerability/CVE-2022-43651,Remote Code Execution Vulnerability in Bentley View,"A vulnerability exists in Bentley View due to improper handling of SKP file parsing, allowing remote attackers to exploit the flaw by crafting malicious SKP files or web pages containing such files. The issue arises from the failure to verify the existence of an object before conducting operations on it, leading to a use-after-free condition. An attacker can trigger this vulnerability to execute arbitrary code in the context of the currently running process, necessitating user interaction to achieve exploitation.",Bentley,View,7.8,HIGH,0.001879999996162951,false,false,false,false,,false,false,2024-05-07T22:54:56.217Z,0
CVE-2023-44430,https://securityvulnerability.io/vulnerability/CVE-2023-44430,Remote Code Execution Vulnerability in Bentley View,"A vulnerability exists within the Bentley View application related to the parsing of SKP files, which may allow remote attackers to execute arbitrary code. This flaw stems from inadequate validation of object existence before operations are performed, leading to a use-after-free condition. To exploit this vulnerability, an attacker must trick a user into opening a specially crafted file or visiting a malicious webpage, thereby executing code within the current process context. Users of Bentley View are strongly advised to apply the recommended security updates to mitigate potential risks.",Bentley,View,7.8,HIGH,0.0013200000394135714,false,false,false,false,,false,false,2024-05-03T02:13:56.897Z,0
CVE-2022-28303,https://securityvulnerability.io/vulnerability/CVE-2022-28303,Code Execution Vulnerability in Bentley View by Bentley Systems,"This vulnerability enables remote attackers to execute arbitrary code on vulnerable installations of Bentley View 10.16.02.022. The flaw arises from improper validation of objects during the parsing of SKP files. Exploitation requires user interaction, as victims must either visit a malicious webpage or open a corrupted SKP file. An attacker can run code within the context of the current process, posing significant risks to the integrity and confidentiality of affected systems.",Bentley,View,7.8,HIGH,0.0020600000862032175,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28320,https://securityvulnerability.io/vulnerability/CVE-2022-28320,Remote Code Execution Vulnerability in Bentley View by Bentley Systems,"This vulnerability in Bentley View enables remote attackers to execute arbitrary code on affected installations by exploiting a flaw in the parsing of 3DM files. The vulnerability arises due to improper memory initialization before access, requiring the target user to unknowingly visit a malicious webpage or open a compromised file. By leveraging this security hole, attackers can run arbitrary code in the context of the current process, posing significant risks to user systems.",Bentley,View,7.8,HIGH,0.0020600000862032175,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28309,https://securityvulnerability.io/vulnerability/CVE-2022-28309,,This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16308.,Bentley,View,3.3,LOW,0.001769999973475933,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28308,https://securityvulnerability.io/vulnerability/CVE-2022-28308,,This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16307.,Bentley,View,3.3,LOW,0.001769999973475933,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-28307,https://securityvulnerability.io/vulnerability/CVE-2022-28307,Arbitrary Code Execution Vulnerability in Bentley View Software,"This vulnerability in Bentley View versions 10.16.02.022 allows remote attackers to execute arbitrary code when users are tricked into opening a malicious DXF file or visiting a compromised webpage. The flaw arises from improper handling of crafted DXF data, leading to a read past the end of an allocated buffer. This means that attackers can potentially execute unauthorized code within the context of the application, posing a significant security risk.",Bentley,View,7.8,HIGH,0.0020600000862032175,false,false,false,false,,false,false,2023-03-29T00:00:00.000Z,0
CVE-2022-42900,https://securityvulnerability.io/vulnerability/CVE-2022-42900,,Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read issues when opening crafted FBX files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.,Bentley,"Microstation,View",7.8,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2022-10-13T00:00:00.000Z,0
CVE-2022-42899,https://securityvulnerability.io/vulnerability/CVE-2022-42899,,Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.,Bentley,"Microstation,View",7.8,HIGH,0.0007300000288523734,false,false,false,true,true,false,false,2022-10-13T00:00:00.000Z,0
CVE-2022-42901,https://securityvulnerability.io/vulnerability/CVE-2022-42901,,Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.,Bentley,"Microstation,View",7.8,HIGH,0.0007300000288523734,false,false,false,false,,false,false,2022-10-13T00:00:00.000Z,0
CVE-2022-35900,https://securityvulnerability.io/vulnerability/CVE-2022-35900,,An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a JP2 file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of JP2 files could enable an attacker to read information in the context of the current process.,Bentley,"Microstation,View",3.3,LOW,0.0005200000014156103,false,false,false,false,,false,false,2022-07-15T23:15:00.000Z,0
CVE-2022-35904,https://securityvulnerability.io/vulnerability/CVE-2022-35904,,An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an IFC file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of IFC files could enable an attacker to read information in the context of the current process.,Bentley,"Microstation,View",3.3,LOW,0.0005200000014156103,false,false,false,false,,false,false,2022-07-15T23:15:00.000Z,0
CVE-2022-35901,https://securityvulnerability.io/vulnerability/CVE-2022-35901,,An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a J2K file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of J2K files could enable an attacker to read information in the context of the current process.,Bentley,"Microstation,View",3.3,LOW,0.0005200000014156103,false,false,false,false,,false,false,2022-07-15T23:15:00.000Z,0
CVE-2022-35902,https://securityvulnerability.io/vulnerability/CVE-2022-35902,,An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an OBJ file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of OBJ files could enable an attacker to read information in the context of the current process.,Bentley,"Microstation,View",3.3,LOW,0.0005200000014156103,false,false,false,false,,false,false,2022-07-15T23:15:00.000Z,0
CVE-2022-35905,https://securityvulnerability.io/vulnerability/CVE-2022-35905,,An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open an FBX file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of FBX files could enable an attacker to read information in the context of the current process.,Bentley,"Microstation,View",3.3,LOW,0.0005200000014156103,false,false,false,false,,false,false,2022-07-15T23:15:00.000Z,0
CVE-2022-35906,https://securityvulnerability.io/vulnerability/CVE-2022-35906,,An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a DGN file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of DGN files could enable an attacker to read information in the context of the current process.,Bentley,"Microstation,View",3.3,LOW,0.0005200000014156103,false,false,false,false,,false,false,2022-07-15T23:15:00.000Z,0
CVE-2022-35903,https://securityvulnerability.io/vulnerability/CVE-2022-35903,,An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. Using an affected version of MicroStation or MicroStation-based application to open a 3DS file containing crafted data can force an out-of-bounds read. Exploitation of these vulnerabilities within the parsing of 3DS files could enable an attacker to read information in the context of the current process.,Bentley,"Microstation,View",3.3,LOW,0.0005200000014156103,false,false,false,false,,false,false,2022-07-15T23:15:00.000Z,0
CVE-2021-46656,https://securityvulnerability.io/vulnerability/CVE-2021-46656,,This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. Crafted data in a JT file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15631.,Bentley,View,7.8,HIGH,0.002409999957308173,false,false,false,false,,false,false,2022-02-18T19:46:39.000Z,0
CVE-2021-46655,https://securityvulnerability.io/vulnerability/CVE-2021-46655,,This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15630.,Bentley,View,7.8,HIGH,0.0028200000524520874,false,false,false,false,,false,false,2022-02-18T19:46:38.000Z,0
CVE-2021-46654,https://securityvulnerability.io/vulnerability/CVE-2021-46654,,"This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-15540.",Bentley,View,3.3,LOW,0.002139999996870756,false,false,false,false,,false,false,2022-02-18T19:46:36.000Z,0
CVE-2021-46653,https://securityvulnerability.io/vulnerability/CVE-2021-46653,,This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15539.,Bentley,View,7.8,HIGH,0.002409999957308173,false,false,false,false,,false,false,2022-02-18T19:46:35.000Z,0