Skip to main content

Vred

6 CVEs product

Monthly

CVE-2024-7995 HIGH This Week

A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the VRED Design application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Vred
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25002 HIGH This Week

A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption 3ds Max Navisworks +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29068 HIGH This Week

A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Alias Autocad +15
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25004 HIGH This Week

A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Alias Autocad Autocad Advance Steel +14
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25003 HIGH This Week

A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Alias Autocad +15
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2014-2967 CRITICAL Act Now

Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to the integrated web server. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Python Vred
NVD
CVSS 2.0
10.0
EPSS
4.4%
EPSS 0% CVSS 7.8
HIGH This Week

A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the VRED Design application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Vred
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +17
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Alias +16
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure +17
NVD
EPSS 4% CVSS 10.0
CRITICAL Act Now

Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to the integrated web server. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Python +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy