Total
6260 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-33071 | 1 Qualcomm | 10 Mdm9628, Mdm9628 Firmware, Qca6564a and 7 more | 2024-10-16 | N/A | 7.5 HIGH |
Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0. | |||||
CVE-2024-24826 | 1 Exiv2 | 1 Exiv2 | 2024-10-16 | N/A | 5.0 MEDIUM |
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2024-41311 | 2024-10-16 | N/A | 8.1 HIGH | ||
In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write. | |||||
CVE-2024-33073 | 1 Qualcomm | 318 Ar8035, Ar8035 Firmware, Csr8811 and 315 more | 2024-10-16 | N/A | 8.2 HIGH |
Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. | |||||
CVE-2024-38397 | 1 Qualcomm | 232 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 229 more | 2024-10-16 | N/A | 7.5 HIGH |
Transient DOS while parsing probe response and assoc response frame. | |||||
CVE-2024-39806 | 1 Openatom | 1 Openharmony | 2024-10-16 | N/A | 5.5 MEDIUM |
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | |||||
CVE-2024-39379 | 1 Adobe | 1 Acrobat | 2024-10-16 | N/A | 5.5 MEDIUM |
Acrobat for Edge versions 126.0.2592.81 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-41867 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-10-16 | N/A | 5.5 MEDIUM |
After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2023-38428 | 2 Linux, Netapp | 7 Linux Kernel, H300s, H410s and 4 more | 2024-10-15 | N/A | 9.1 CRITICAL |
An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read. | |||||
CVE-2024-47136 | 1 Jtekt | 1 Kostac Plc | 2024-10-15 | N/A | 7.8 HIGH |
Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files. | |||||
CVE-2024-45463 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-10-15 | N/A | 7.8 HIGH |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | |||||
CVE-2024-45464 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-10-15 | N/A | 7.8 HIGH |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | |||||
CVE-2024-45465 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-10-15 | N/A | 7.8 HIGH |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | |||||
CVE-2024-45466 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-10-15 | N/A | 7.8 HIGH |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. | |||||
CVE-2022-23096 | 2 Debian, Intel | 2 Debian Linux, Connman | 2024-10-15 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read. | |||||
CVE-2024-48958 | 1 Libarchive | 1 Libarchive | 2024-10-11 | N/A | 7.8 HIGH |
execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. | |||||
CVE-2024-48957 | 1 Libarchive | 1 Libarchive | 2024-10-11 | N/A | 7.8 HIGH |
execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. | |||||
CVE-2024-34122 | 2 Adobe, Microsoft | 2 Acrobat, Edge Chromium | 2024-10-11 | N/A | 7.8 HIGH |
Acrobat for Edge versions 126.0.2592.68 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-47420 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | N/A | 5.5 MEDIUM |
Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-47419 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | N/A | 5.5 MEDIUM |
Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |