Total
7829 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47456 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-14 | 5.5 Medium |
| Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-45147 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2024-11-14 | 5.5 Medium |
| Bridge versions 13.0.9, 14.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-46955 | 3 Artifex, Debian, Suse | 5 Ghostscript, Debian Linux, Linux Enterprise High Performance Computing and 2 more | 2024-11-14 | 5.5 Medium |
| An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. | ||||
| CVE-2024-47941 | 1 Siemens | 1 Solid Edge Se2024 | 2024-11-13 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2024-47940 | 1 Siemens | 1 Solid Edge Se2024 | 2024-11-13 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2024-47437 | 1 Adobe | 1 Substance 3d Painter | 2024-11-13 | 5.5 Medium |
| Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-47436 | 1 Adobe | 1 Substance 3d Painter | 2024-11-13 | 5.5 Medium |
| Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-47435 | 1 Adobe | 1 Substance 3d Painter | 2024-11-13 | 5.5 Medium |
| Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-47440 | 1 Adobe | 1 Substance 3d Painter | 2024-11-13 | 5.5 Medium |
| Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-38654 | 2024-11-13 | N/A | ||
| Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service. | ||||
| CVE-2024-37400 | 1 Ivanti | 1 Connect Secure | 2024-11-13 | N/A |
| An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service. | ||||
| CVE-2024-6443 | 1 Zephyrproject | 1 Zephyr | 2024-11-12 | 6.3 Medium |
| In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty. | ||||
| CVE-2024-35423 | 1 Vmir | 1 Vmir | 2024-11-12 | 7.8 High |
| vmir e8117 was discovered to contain a heap buffer overflow via the wasm_parse_section_functions function at /src/vmir_wasm_parser.c. | ||||
| CVE-2024-46891 | 1 Seimens | 1 Sinec Ins | 2024-11-12 | 5.3 Medium |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system's resources and create a denial of service condition. | ||||
| CVE-2024-38403 | 1 Qualcomm | 156 Ar8035, Ar8035 Firmware, Fastconnect 6900 and 153 more | 2024-11-07 | 7.5 High |
| Transient DOS while parsing BTM ML IE when per STA profile is not included. | ||||
| CVE-2024-38405 | 1 Qualcomm | 200 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 197 more | 2024-11-07 | 7.5 High |
| Transient DOS while processing the CU information from RNR IE. | ||||
| CVE-2024-47402 | 1 Openatom | 1 Openharmony | 2024-11-06 | 3.3 Low |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through out-of-bounds read. | ||||
| CVE-2021-46772 | 2024-11-05 | 3.9 Low | ||
| Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service. | ||||
| CVE-2024-10387 | 1 Rockwellautomation | 1 Thinmanager | 2024-11-05 | 7.5 High |
| CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service. | ||||
| CVE-2024-43424 | 2 Sharp, Toshibatec | 643 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 640 more | 2024-11-05 | 7.5 High |
| Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed. | ||||