Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Keyshot
(Luxion)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 22 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-11-22 | CVE-2024-11577 | Luxion KeyShot SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a... | Keyshot | 7.8 | ||
| 2024-11-22 | CVE-2024-11579 | Luxion KeyShot OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of obj files. The issue results from the lack of proper validation of user-supplied data, which can result in a... | Keyshot | 7.8 | ||
| 2024-11-22 | CVE-2024-11580 | Luxion KeyShot ABC File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of abc files. The issue results from the lack of proper validation of the length of user-supplied data prior... | Keyshot | 7.8 | ||
| 2024-11-22 | CVE-2024-11581 | Luxion KeyShot JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of jt files. The issue results from the lack of proper validation of user-supplied data, which can result in a read... | Keyshot | 7.8 | ||
| 2021-02-23 | CVE-2021-22643 | Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code. | Keyshot, Keyshot_network_rendering, Keyshot_viewer, Keyvr, Solid_edge_se2020_firmware, Solid_edge_se2021_firmware | 7.8 | ||
| 2021-02-23 | CVE-2021-22647 | Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to multiple out-of-bounds write issues while processing project files, which may allow an attacker to execute arbitrary code. | Keyshot, Keyshot_network_rendering, Keyshot_viewer, Keyvr, Solid_edge_se2020_firmware, Solid_edge_se2021_firmware | 7.8 | ||
| 2021-02-23 | CVE-2021-22649 | Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while processing project files, which may allow an attacker to execute arbitrary code. | Keyshot, Keyshot_network_rendering, Keyshot_viewer, Keyvr, Solid_edge_se2020_firmware, Solid_edge_se2021_firmware | 7.8 | ||
| 2021-02-23 | CVE-2021-22645 | Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are vulnerable to an attack because the .bip documents display a “load” command, which can be pointed to a .dll from a remote network share. As a result, the .dll entry point can be executed without sufficient UI warning. | Keyshot, Keyshot_network_rendering, Keyshot_viewer, Keyvr, Solid_edge_se2020_firmware, Solid_edge_se2021_firmware | 7.8 | ||
| 2021-02-23 | CVE-2021-22651 | When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a directory traversal vulnerability, which allows an attacker to store arbitrary scripts into automatic startup folders. | Keyshot, Keyshot_network_rendering, Keyshot_viewer, Keyvr, Solid_edge_se2020_firmware, Solid_edge_se2021_firmware | 7.8 | ||
| 2021-05-27 | CVE-2021-27496 | Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing PRT files. This could lead to pointer dereferences of a value obtained from an untrusted source. An attacker could leverage this vulnerability to execute code in the context of the current process. | Crosscadware, Keyshot, Solid_edge_se2020_firmware, Solid_edge_se2021_firmware | 7.8 |