Total
10857 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25448 | 1 Enlightenment | 1 Imlib2 | 2024-11-21 | N/A | 8.8 HIGH |
| An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. | |||||
| CVE-2024-25447 | 1 Enlightenment | 1 Imlib2 | 2024-11-21 | N/A | 8.8 HIGH |
| An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. | |||||
| CVE-2024-25446 | 1 Hugin Project | 1 Hugin | 2024-11-21 | N/A | 7.8 HIGH |
| An issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. | |||||
| CVE-2024-25442 | 1 Hugin Project | 1 Hugin | 2024-11-21 | N/A | 7.8 HIGH |
| An issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. | |||||
| CVE-2024-25423 | 2024-11-21 | N/A | 7.0 HIGH | ||
| An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execute arbitrary code via a crafted c4d_base.xdl64 file. | |||||
| CVE-2024-25200 | 1 Espruino | 1 Espruino | 2024-11-21 | N/A | 7.5 HIGH |
| Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c. | |||||
| CVE-2024-25004 | 1 9bis | 1 Kitty | 2024-11-21 | N/A | 7.8 HIGH |
| KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution. | |||||
| CVE-2024-25003 | 1 9bis | 1 Kitty | 2024-11-21 | N/A | 7.8 HIGH |
| KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution. | |||||
| CVE-2024-24959 | 2024-11-21 | N/A | 8.2 HIGH | ||
| Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6c18`. | |||||
| CVE-2024-24958 | 2024-11-21 | N/A | 8.2 HIGH | ||
| Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6bdc`. | |||||
| CVE-2024-24957 | 2024-11-21 | N/A | 8.2 HIGH | ||
| Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6aa4`. | |||||
| CVE-2024-24956 | 2024-11-21 | N/A | 8.2 HIGH | ||
| Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb6a38`. | |||||
| CVE-2024-24955 | 2024-11-21 | N/A | 8.2 HIGH | ||
| Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb69fc`. | |||||
| CVE-2024-24954 | 2024-11-21 | N/A | 8.2 HIGH | ||
| Several out-of-bounds write vulnerabilities exist in the Programming Software Connection FileSystem API functionality of AutomationDirect P3-550E 1.2.10.9. Specially crafted network packets can lead to heap-based memory corruption. An attacker can send malicious packets to trigger these vulnerabilities.This CVE tracks the arbitrary null-byte write vulnerability located in firmware 1.2.10.9 of the P3-550E at offset `0xb69c8`. | |||||
| CVE-2024-24947 | 2024-11-21 | N/A | 8.2 HIGH | ||
| A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger these vulnerability.This CVE tracks the heap corruption that occurs at offset `0xb68c4` of version 1.2.10.9 of the P3-550E firmware, which occurs when a call to `memset` relies on an attacker-controlled length value and corrupts any trailing heap allocations. | |||||
| CVE-2024-24946 | 2024-11-21 | N/A | 8.2 HIGH | ||
| A heap-based buffer overflow vulnerability exists in the Programming Software Connection CurrDir functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to denial of service. An attacker can send an unauthenticated packet to trigger these vulnerability.This CVE tracks the heap corruption that occurs at offset `0xb686c` of version 1.2.10.9 of the P3-550E firmware, which occurs when a call to `memset` relies on an attacker-controlled length value and corrupts any trailing heap allocations. | |||||
| CVE-2024-24924 | 1 Siemens | 1 Simcenter Femap | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22059) | |||||
| CVE-2024-24922 | 1 Siemens | 1 Simcenter Femap | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21715) | |||||
| CVE-2024-24921 | 1 Siemens | 1 Simcenter Femap | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application is vulnerable to memory corruption while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21712) | |||||
| CVE-2024-24920 | 1 Siemens | 1 Simcenter Femap | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21710) | |||||