Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): solidworks
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-3299 |
Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted SLDDRW or SLDPRT file. NOTE: this vulnerability was SPLIT from CVE-2024-1847. Published: April 04, 2024; 11:15:40 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-3298 |
Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF. NOTE: this vulnerability was SPLIT from CVE-2024-1847. Published: April 04, 2024; 11:15:40 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1848 |
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file. Published: March 22, 2024; 7:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-1847 |
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID. Published: February 28, 2024; 1:15:45 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-2763 |
Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file. Published: July 12, 2023; 4:15:10 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-2762 |
A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file. Published: July 12, 2023; 4:15:09 AM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-39807 |
Due to lack of proper memory management, when a victim opens manipulated SolidWorks Drawing (.sldasm, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of the application. Published: October 11, 2022; 5:15:15 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-39806 |
Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Drawing (.slddrw, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. Published: October 11, 2022; 5:15:15 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-39804 |
Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Part (.sldprt, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. Published: October 11, 2022; 5:15:15 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2014-100015 |
Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload. Published: January 13, 2015; 10:59:03 AM -0500 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2014-100014 |
Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks Workgroup PDM 2014 SP2 allow remote attackers to execute arbitrary code via a long string in a (1) 2001, (2) 2002, or (3) 2003 opcode to port 3000. Published: January 13, 2015; 10:59:03 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-1684 |
The Run function in SolidWorks sldimdownload ActiveX control in sldimdownload.dll before 16.0.0.6 allows remote attackers to execute arbitrary commands via the (1) installerpath and (2) applicationarguments arguments. Published: April 05, 2007; 9:19:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |