Total
7643 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32410 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-12-05 | 5.5 Medium |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to leak sensitive kernel state. | ||||
| CVE-2023-32382 | 1 Apple | 1 Macos | 2024-12-05 | 5.5 Medium |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. Processing a 3D model may result in disclosure of process memory. | ||||
| CVE-2024-51210 | 1 Firepad | 1 Firepad | 2024-12-05 | 5.3 Medium |
| Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. NOTE: in several similar products, this is the intentional behavior for anyone who knows the full document ID and corresponding URL. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-2989 | 1 Globalscape | 1 Eft Server | 2024-12-05 | 9.1 Critical |
| Fortra Globalscape EFT versions before 8.1.0.16 suffer from an out of bounds memory read in their administration server, which can allow an attacker to crash the service or bypass authentication if successfully exploited | ||||
| CVE-2024-20793 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-12-05 | 5.5 Medium |
| Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-9760 | 1 Tungstenautomation | 1 Power Pdf | 2024-12-05 | 3.3 Low |
| Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24476. | ||||
| CVE-2024-9761 | 1 Tungstenautomation | 1 Power Pdf | 2024-12-05 | 3.3 Low |
| Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24477. | ||||
| CVE-2024-9762 | 1 Tungstenautomation | 1 Power Pdf | 2024-12-05 | 3.3 Low |
| Tungsten Automation Power PDF OXPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OXPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24478. | ||||
| CVE-2024-9763 | 1 Tungstenautomation | 1 Power Pdf | 2024-12-05 | 3.3 Low |
| Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24479. | ||||
| CVE-2023-32389 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-05 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to disclose kernel memory. | ||||
| CVE-2023-32386 | 1 Apple | 1 Macos | 2024-12-05 | 3.3 Low |
| A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to observe unprotected user data. | ||||
| CVE-2023-32363 | 1 Apple | 1 Macos | 2024-12-05 | 5.5 Medium |
| A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences. | ||||
| CVE-2023-32357 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-05 | 7.1 High |
| An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to retain access to system configuration files even after its permission is revoked. | ||||
| CVE-2023-25003 | 1 Autodesk | 17 Alias, Autocad, Autocad Advance Steel and 14 more | 2024-12-05 | 7.8 High |
| A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution. | ||||
| CVE-2023-30362 | 1 Libcoap | 1 Libcoap | 2024-12-05 | 7.5 High |
| Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu. | ||||
| CVE-2023-32403 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-05 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information. | ||||
| CVE-2023-32402 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-12-05 | 6.5 Medium |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. | ||||
| CVE-2023-32354 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2024-12-05 | 5.5 Medium |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. An app may be able to disclose kernel memory. | ||||
| CVE-2024-20770 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-12-05 | 5.5 Medium |
| Photoshop Desktop versions 24.7.2, 25.3.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-20766 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-12-05 | 5.5 Medium |
| InDesign Desktop versions 18.5.1, 19.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||