Total
11604 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-20204 | 3 Debian, Fedoraproject, Getdata Project | 3 Debian Linux, Fedora, Getdata | 2024-10-17 | 7.5 HIGH | 9.8 CRITICAL |
A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker. | |||||
CVE-2024-21455 | 1 Qualcomm | 40 Qam8295p, Qam8295p Firmware, Qca6584au and 37 more | 2024-10-16 | N/A | 7.8 HIGH |
Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver. | |||||
CVE-2024-23369 | 1 Qualcomm | 236 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 233 more | 2024-10-16 | N/A | 7.8 HIGH |
Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. | |||||
CVE-2010-0037 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-10-15 | 9.3 HIGH | 8.8 HIGH |
Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted DNG image. | |||||
CVE-2010-0036 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-10-15 | 9.3 HIGH | 7.8 HIGH |
Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file. | |||||
CVE-2016-9428 | 1 Tats | 1 W3m | 2024-10-15 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page. | |||||
CVE-2016-6817 | 1 Apache | 1 Tomcat | 2024-10-15 | 5.0 MEDIUM | 7.5 HIGH |
The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible. | |||||
CVE-2024-45467 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-10-15 | N/A | 7.8 HIGH |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | |||||
CVE-2024-45468 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-10-15 | N/A | 7.8 HIGH |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | |||||
CVE-2024-45473 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-10-15 | N/A | 7.8 HIGH |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. | |||||
CVE-2024-45474 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-10-15 | N/A | 7.8 HIGH |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. | |||||
CVE-2024-45475 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-10-15 | N/A | 7.8 HIGH |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. | |||||
CVE-2024-45472 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-10-15 | N/A | 7.8 HIGH |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected application is vulnerable to memory corruption while parsing specially crafted WRL files. An attacker could leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. | |||||
CVE-2008-1083 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more | 2024-10-15 | 9.3 HIGH | 8.1 HIGH |
Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability." | |||||
CVE-2024-47046 | 2024-10-10 | N/A | 7.8 HIGH | ||
A vulnerability has been identified in Simcenter Nastran 2306 (All versions), Simcenter Nastran 2312 (All versions), Simcenter Nastran 2406 (All versions < V2406.5000). The affected application is vulnerable to memory corruption while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process. | |||||
CVE-2021-1713 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2024-10-08 | 6.8 MEDIUM | 7.8 HIGH |
Microsoft Excel Remote Code Execution Vulnerability | |||||
CVE-2021-31883 | 1 Siemens | 16 Apogee Modular Building Controller, Apogee Modular Building Controller Firmware, Apogee Modular Equiment Controller and 13 more | 2024-10-08 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). When processing a DHCP ACK message, the DHCP client application does not validate the length of the Vendor option(s), leading to Denial-of-Service conditions. (FSMD-2021-0013) | |||||
CVE-2021-31882 | 1 Siemens | 16 Apogee Modular Building Controller, Apogee Modular Building Controller Firmware, Apogee Modular Equiment Controller and 13 more | 2024-10-08 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011) | |||||
CVE-2023-6361 | 2024-10-07 | N/A | 7.3 HIGH | ||
A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a long filename argument. | |||||
CVE-2023-6362 | 2024-10-07 | N/A | 7.3 HIGH | ||
A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a long filename argument. |