cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-43656,https://securityvulnerability.io/vulnerability/CVE-2022-43656,FBX File Parsing Out-Of-Bounds Read Vulnerability Affects Bentley View,"An information disclosure vulnerability exists in Bentley View due to improper handling of FBX file parsing. When a suitably crafted FBX file is opened, it can cause the software to read past the end of an allocated buffer. This flaw may enable remote attackers to reveal sensitive information from affected installations, although it necessitates user interaction to exploit. An attacker could leverage this vulnerability alongside other security issues to execute arbitrary code within the context of the current process.",Bentley,View,3.3,LOW,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-05-07T22:55:01.082Z,0
CVE-2022-43655,https://securityvulnerability.io/vulnerability/CVE-2022-43655,Remote Code Execution Vulnerability in Bentley View,"A vulnerability exists in Bentley View related to the parsing of FBX files, which can lead to a heap-based buffer overflow. The flaw arises from insufficient validation of the length of user-supplied data before it is copied to a fixed-length heap-based buffer. This weakness allows remote attackers to execute arbitrary code on vulnerable installations. Successful exploitation of this vulnerability necessitates user interaction, as the target must either visit a malicious web page or open a compromised FBX file. Proper security measures and updates are essential to protect against potential exploitation.",Bentley,View,7.8,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-05-07T22:55:00.105Z,0
CVE-2022-43653,https://securityvulnerability.io/vulnerability/CVE-2022-43653,Remote Code Execution Vulnerability in Bentley View,"This vulnerability in Bentley View arises from a specific flaw in the way SKP files are parsed. An attacker who crafts malicious data within an SKP file can exploit this flaw to write beyond the allocated buffer's end, potentially leading to the execution of arbitrary code. User interaction is necessary for the exploit as it demands that the victim visit a compromised webpage or open a rigged SKP file. Organizations using Bentley View should remain vigilant by applying security updates and educating users about the risks associated with opening suspicious files.",Bentley,View,7.8,HIGH,0.000750000006519258,false,,false,false,false,,,false,false,,2024-05-07T22:54:58.166Z,0
CVE-2022-43652,https://securityvulnerability.io/vulnerability/CVE-2022-43652,Bentley View SKP File Parsing Use-After-Free Information Disclosure Vulnerability,"A severe vulnerability exists in Bentley View that relates to the parsing of SKP files. This flaw results from the inadequate validation of object existence before operations are performed, creating a potential for remote attackers to exploit this weakness. Successful exploitation requires user interaction, necessitating that the affected user either visits a malicious webpage or opens a compromised file. If exploited, this vulnerability allows attackers to disclose sensitive information and potentially chain it with other vulnerabilities to execute arbitrary code within the context of the application. Users are advised to update to the latest version to mitigate risks.",Bentley,View,3.3,LOW,0.0009899999713525176,false,,false,false,false,,,false,false,,2024-05-07T22:54:57.232Z,0
CVE-2022-43651,https://securityvulnerability.io/vulnerability/CVE-2022-43651,Remote Code Execution Vulnerability in Bentley View,"A vulnerability exists in Bentley View due to improper handling of SKP file parsing, allowing remote attackers to exploit the flaw by crafting malicious SKP files or web pages containing such files. The issue arises from the failure to verify the existence of an object before conducting operations on it, leading to a use-after-free condition. An attacker can trigger this vulnerability to execute arbitrary code in the context of the currently running process, necessitating user interaction to achieve exploitation.",Bentley,View,7.8,HIGH,0.0009899999713525176,false,,false,false,false,,,false,false,,2024-05-07T22:54:56.217Z,0
CVE-2023-44430,https://securityvulnerability.io/vulnerability/CVE-2023-44430,Remote Code Execution Vulnerability in Bentley View,"A vulnerability exists within the Bentley View application related to the parsing of SKP files, which may allow remote attackers to execute arbitrary code. This flaw stems from inadequate validation of object existence before operations are performed, leading to a use-after-free condition. To exploit this vulnerability, an attacker must trick a user into opening a specially crafted file or visiting a malicious webpage, thereby executing code within the current process context. Users of Bentley View are strongly advised to apply the recommended security updates to mitigate potential risks.",Bentley,View,7.8,HIGH,0.0006799999973736703,false,,false,false,false,,,false,false,,2024-05-03T02:13:56.897Z,0
CVE-2022-28308,https://securityvulnerability.io/vulnerability/CVE-2022-28308,Remote Information Disclosure Vulnerability in Bentley View by Bentley Systems,"A vulnerability exists in Bentley View 10.16.02.022 that enables remote attackers to disclose sensitive user information. The issue arises from a flaw in the parsing of 3DS files, allowing crafted data to trigger a read beyond the end of an allocated buffer. Utilize of this vulnerability requires user interaction, as the target must visit a malicious website or open a harmful file. Successful exploitation could allow attackers to execute arbitrary code within the current process, potentially leveraging it in conjunction with other vulnerabilities to enhance their impact.",Bentley,View,3.3,LOW,0.001449999981559813,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28307,https://securityvulnerability.io/vulnerability/CVE-2022-28307,Arbitrary Code Execution Vulnerability in Bentley View Software,"This vulnerability in Bentley View versions 10.16.02.022 allows remote attackers to execute arbitrary code when users are tricked into opening a malicious DXF file or visiting a compromised webpage. The flaw arises from improper handling of crafted DXF data, leading to a read past the end of an allocated buffer. This means that attackers can potentially execute unauthorized code within the context of the application, posing a significant security risk.",Bentley,View,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28303,https://securityvulnerability.io/vulnerability/CVE-2022-28303,Code Execution Vulnerability in Bentley View by Bentley Systems,"This vulnerability enables remote attackers to execute arbitrary code on vulnerable installations of Bentley View 10.16.02.022. The flaw arises from improper validation of objects during the parsing of SKP files. Exploitation requires user interaction, as victims must either visit a malicious webpage or open a corrupted SKP file. An attacker can run code within the context of the current process, posing significant risks to the integrity and confidentiality of affected systems.",Bentley,View,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28320,https://securityvulnerability.io/vulnerability/CVE-2022-28320,Remote Code Execution Vulnerability in Bentley View by Bentley Systems,"This vulnerability in Bentley View enables remote attackers to execute arbitrary code on affected installations by exploiting a flaw in the parsing of 3DM files. The vulnerability arises due to improper memory initialization before access, requiring the target user to unknowingly visit a malicious webpage or open a compromised file. By leveraging this security hole, attackers can run arbitrary code in the context of the current process, posing significant risks to user systems.",Bentley,View,7.8,HIGH,0.0016899999463930726,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-28309,https://securityvulnerability.io/vulnerability/CVE-2022-28309,Buffer Overflow Vulnerability in Bentley View by Bentley Systems,"This vulnerability allows remote attackers to disclose sensitive information from installations of Bentley View 10.16.02.022. It occurs when the software improperly parses 3DS files, where specially crafted data can result in a read past the end of an allocated buffer. Successful exploitation necessitates user interaction, requiring the target to visit a malicious webpage or open a harmful file. An attacker may leverage this flaw in combination with other vulnerabilities to execute arbitrary code within the context of the current process.",Bentley,View,3.3,LOW,0.001449999981559813,false,,false,false,false,,,false,false,,2023-03-29T00:00:00.000Z,0
CVE-2022-42901,https://securityvulnerability.io/vulnerability/CVE-2022-42901,Out-of-Bounds and Stack Overflow Vulnerabilities in Bentley MicroStation and Applications,"Bentley MicroStation and associated applications are susceptible to out-of-bounds and stack overflow vulnerabilities when handling specially crafted XMT files. These security flaws could facilitate information disclosure and unauthorized code execution, posing significant threats to user data and system integrity. Users are advised to upgrade to version 10.17.01.58 or later for MicroStation and 10.17.01.19 or later for Bentley View to mitigate these risks.",Bentley,"Microstation,View",7.8,HIGH,0.0007300000288523734,false,,false,false,false,,,false,false,,2022-10-13T00:00:00.000Z,0
CVE-2022-42899,https://securityvulnerability.io/vulnerability/CVE-2022-42899,Out-of-Bounds Read and Stack Overflow in Bentley MicroStation Applications,"Hamilton MicroStation and related applications experience vulnerabilities when processing specially crafted SKP files, potentially leading to out-of-bounds read and stack overflow. Successful exploitation could allow attackers to disclose sensitive information and execute arbitrary code, posing significant security risks for users. It is essential to update to the patched versions for improved security.",Bentley,"Microstation,View",7.8,HIGH,0.0007300000288523734,false,,false,false,true,2022-10-19T02:13:25.000Z,true,false,false,,2022-10-13T00:00:00.000Z,0
CVE-2022-42900,https://securityvulnerability.io/vulnerability/CVE-2022-42900,Out-of-Bounds Read Vulnerabilities in Bentley MicroStation Products,"Bentley MicroStation and associated applications are susceptible to out-of-bounds read vulnerabilities when opening specially crafted FBX files. These vulnerabilities could potentially allow attackers to disclose sensitive information or execute arbitrary code, posing significant risks to users' systems. Recommended action includes updating to the fixed versions: MicroStation 10.17.01.58* and Bentley View 10.17.01.19* to mitigate these issues.",Bentley,"Microstation,View",7.8,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2022-10-13T00:00:00.000Z,0
CVE-2022-35906,https://securityvulnerability.io/vulnerability/CVE-2022-35906,Out-of-Bounds Read Vulnerability in Bentley MicroStation and Bentley View,"A vulnerability exists in Bentley MicroStation and Bentley View that could lead to an out-of-bounds read when opening a specially crafted DGN file. This failure occurs due to the improper handling of crafted data in the parsing process, allowing an attacker to potentially read sensitive information within the context of the affected process. Users of these products are advised to update to versions 10.17.0.x or later to mitigate this issue.",Bentley,"Microstation,View",3.3,LOW,0.0005300000193528831,false,,false,false,false,,,false,false,,2022-07-15T23:15:00.000Z,0
CVE-2022-35900,https://securityvulnerability.io/vulnerability/CVE-2022-35900,Out-of-bounds Read Vulnerability in Bentley MicroStation and Bentley View,"An issue has been identified in Bentley MicroStation and Bentley View prior to version 10.17.0.x. When an affected version of MicroStation or any application based on MicroStation processes a JP2 file with deliberately crafted data, it can lead to an out-of-bounds read. This vulnerability allows unauthorized access to information that could be read in the context of the executing process, making it critical for users to keep their software updated to mitigate potential risks.",Bentley,"Microstation,View",3.3,LOW,0.0005300000193528831,false,,false,false,false,,,false,false,,2022-07-15T23:15:00.000Z,0
CVE-2022-35901,https://securityvulnerability.io/vulnerability/CVE-2022-35901,Out-of-Bounds Read Vulnerability in Bentley MicroStation and Bentley View,"A vulnerability exists in Bentley MicroStation and Bentley View that affects the handling of J2K files. Versions prior to 10.17.0.x are susceptible to an out-of-bounds read caused by processing a crafted J2K file. This flaw allows a malicious actor to potentially read sensitive information by exploiting the parsing mechanism, which operates in the context of the application’s process. Users are advised to upgrade to the latest versions to mitigate this risk.",Bentley,"Microstation,View",3.3,LOW,0.0005300000193528831,false,,false,false,false,,,false,false,,2022-07-15T23:15:00.000Z,0
CVE-2022-35903,https://securityvulnerability.io/vulnerability/CVE-2022-35903,Out-of-Bounds Read Vulnerability in Bentley MicroStation and Bentley View,"A vulnerability exists in Bentley MicroStation and Bentley View that allows an attacker to exploit out-of-bounds read issues when opening specially crafted 3DS files. This could result in the unauthorized reading of information in the context of the current process, potentially exposing sensitive data. Users are strongly advised to update to the latest versions to mitigate any risks associated with these vulnerabilities.",Bentley,"Microstation,View",3.3,LOW,0.0005300000193528831,false,,false,false,false,,,false,false,,2022-07-15T23:15:00.000Z,0
CVE-2022-35902,https://securityvulnerability.io/vulnerability/CVE-2022-35902,Out-of-Bounds Read Vulnerability in Bentley MicroStation and View,"A vulnerability exists in Bentley MicroStation and Bentley View prior to version 10.17.0.x that allows an attacker to exploit crafted OBJ files. This can lead to an out-of-bounds read, potentially disclosing sensitive information in the context of the current process. Users of affected versions should be cautious while handling OBJ files from untrusted sources to mitigate possible risks.",Bentley,"Microstation,View",3.3,LOW,0.0005300000193528831,false,,false,false,false,,,false,false,,2022-07-15T23:15:00.000Z,0
CVE-2022-35904,https://securityvulnerability.io/vulnerability/CVE-2022-35904,Out-of-Bounds Read Vulnerability in Bentley MicroStation and Bentley View,"A vulnerability exists in Bentley MicroStation and Bentley View where opening an IFC file with crafted data can lead to an out-of-bounds read. This issue affects versions prior to 10.17.0.x, allowing attackers to potentially access sensitive information within the context of the current process. It is crucial for users to ensure they are using a patched version to protect against this vulnerability.",Bentley,"Microstation,View",3.3,LOW,0.0005300000193528831,false,,false,false,false,,,false,false,,2022-07-15T23:15:00.000Z,0
CVE-2022-35905,https://securityvulnerability.io/vulnerability/CVE-2022-35905,Out-of-Bounds Read Vulnerability in Bentley MicroStation and Bentley View,An issue exists in Bentley MicroStation and Bentley View that allows an out-of-bounds read when processing manipulated FBX files. Attackers exploiting this issue could gain unauthorized access to sensitive information within the context of the current process by opening specially crafted FBX files in affected versions of these applications. Users of MicroStation and Bentley View should ensure their software is updated to prevent potential exploitation.,Bentley,"Microstation,View",3.3,LOW,0.0005300000193528831,false,,false,false,false,,,false,false,,2022-07-15T23:15:00.000Z,0
CVE-2021-46656,https://securityvulnerability.io/vulnerability/CVE-2021-46656,Remote Code Execution Vulnerability in Bentley View by Bentley Systems,"This vulnerability in Bentley View allows remote attackers to execute arbitrary code by exploiting the parsing of JT files. To be successful, the target user must interact with a malicious link or file, which leads to crafted data triggering a write past the allocated buffer's boundary. This flaw can enable an attacker to run code within the context of the affected process, potentially compromising system integrity. For more information, see the relevant advisories from Bentley Systems and Zero Day Initiative.",Bentley,View,7.8,HIGH,0.002409999957308173,false,,false,false,false,,,false,false,,2022-02-18T19:46:39.000Z,0
CVE-2021-46655,https://securityvulnerability.io/vulnerability/CVE-2021-46655,Remote Code Execution Flaw in Bentley View 10.15.0.75,"A vulnerability in Bentley View 10.15.0.75 enables remote attackers to execute arbitrary code. This flaw occurs during the parsing of JT files, as the software fails to validate the existence of objects before performing operations on them. An attacker can exploit this vulnerability by tricking a user into opening a malicious file or visiting an attacker-controlled page, allowing the execution of unauthorized code in the context of the current process. For further information, please refer to Zebra Initiative advisories.",Bentley,View,7.8,HIGH,0.0028200000524520874,false,,false,false,false,,,false,false,,2022-02-18T19:46:38.000Z,0
CVE-2021-46654,https://securityvulnerability.io/vulnerability/CVE-2021-46654,Information Disclosure Vulnerability in Bentley View by Bentley Systems,"A vulnerability exists in Bentley View 10.15.0.75 that enables remote attackers to exploit sensitive information disclosure. The flaw resides in the parsing mechanism of DGN files, where improper validation of user-supplied data can lead to a read past the allocated buffer. Exploitation requires user interaction, as the target must visit a malicious webpage or open a compromised file. Furthermore, this vulnerability may potentially be leveraged alongside other weaknesses to execute arbitrary code within the context of the affected process.",Bentley,View,3.3,LOW,0.0021899999119341373,false,,false,false,false,,,false,false,,2022-02-18T19:46:36.000Z,0
CVE-2021-46653,https://securityvulnerability.io/vulnerability/CVE-2021-46653,Remote Code Execution Flaw in Bentley View by Bentley Systems,"This vulnerability in Bentley View allows remote attackers to execute arbitrary code due to inadequate validation of BMP image data. The flaw appears when user-supplied data is not properly verified before being copied to a heap-based buffer, leading to potential exploitation when users interact with malicious files or visit harmful webpages.",Bentley,View,7.8,HIGH,0.002409999957308173,false,,false,false,false,,,false,false,,2022-02-18T19:46:35.000Z,0