Total
8217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29460 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | N/A | 7.8 HIGH |
|
An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow potentially resulting in a complete loss of confidentiality, integrity, and availability.
|
|||||
| CVE-2024-0045 | 1 Google | 1 Android | 2024-12-17 | N/A | 6.5 MEDIUM |
|
In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-49602 | 1 Openatom | 1 Openharmony | 2024-12-16 | N/A | 2.9 LOW |
|
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.
|
|||||
| CVE-2023-25176 | 1 Openatom | 1 Openharmony | 2024-12-16 | N/A | 2.9 LOW |
|
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
|
|||||
| CVE-2024-0030 | 1 Google | 1 Android | 2024-12-16 | N/A | 5.5 MEDIUM |
|
In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-56083 | 2024-12-16 | N/A | 8.1 HIGH | ||
|
Cognition Devin before 2024-12-12 provides write access to code by an attacker who discovers the https://vscode-randomly_generated_string.devinapps.com URL (aka the VSCode live share URL) for a specific "Use Devin's Machine" session. For example, this URL may be discovered if a customer posts a screenshot of a Devin session to social media, or publicly streams their Devin session.
|
|||||
| CVE-2023-40085 | 1 Google | 1 Android | 2024-12-16 | N/A | 5.5 MEDIUM |
|
In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-0016 | 1 Google | 1 Android | 2024-12-16 | N/A | 5.3 MEDIUM |
|
In multiple locations, there is a possible out of bounds read due to a missing bounds check. This could lead to paired device information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-40112 | 1 Google | 1 Android | 2024-12-13 | N/A | 5.5 MEDIUM |
|
In ippSetValueTag of ipp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of past print jobs or other print-related information, with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-40124 | 1 Google | 1 Android | 2024-12-13 | N/A | 5.5 MEDIUM |
|
In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead to local information disclosure of photos or other images with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-9508 | 2024-12-13 | N/A | 7.8 HIGH | ||
|
Horner Automation Cscape contains a memory corruption vulnerability, which
could allow an attacker to disclose information and execute arbitrary
code.
|
|||||
| CVE-2024-12212 | 2024-12-13 | N/A | 7.8 HIGH | ||
|
The vulnerability occurs in the parsing of CSP files. The issues result
from the lack of proper validation of user-supplied data, which could
allow reading past the end of allocated data structures, resulting in
execution of arbitrary code.
|
|||||
| CVE-2024-30281 | 1 Adobe | 1 Substance 3d Designer | 2024-12-12 | N/A | 5.5 MEDIUM |
|
Substance3D - Designer versions 13.1.1 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-54116 | 1 Huawei | 1 Harmonyos | 2024-12-12 | N/A | 4.3 MEDIUM |
|
Out-of-bounds read vulnerability in the M3U8 module
Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
|
|||||
| CVE-2024-54115 | 1 Huawei | 1 Harmonyos | 2024-12-12 | N/A | 4.3 MEDIUM |
|
Out-of-bounds read vulnerability in the DASH module
Impact: Successful exploitation of this vulnerability will affect availability.
|
|||||
| CVE-2024-54114 | 1 Huawei | 1 Harmonyos | 2024-12-12 | N/A | 4.4 MEDIUM |
|
Out-of-bounds access vulnerability in playback in the DASH module
Impact: Successful exploitation of this vulnerability will affect availability.
|
|||||
| CVE-2023-32542 | 1 Fujielectric | 2 Tellus, Tellus Lite | 2024-12-12 | N/A | 7.8 HIGH |
|
Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
|
|||||
| CVE-2024-53004 | 1 Adobe | 1 Substance 3d Modeler | 2024-12-12 | N/A | 5.5 MEDIUM |
|
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-53005 | 1 Adobe | 1 Substance 3d Modeler | 2024-12-12 | N/A | 5.5 MEDIUM |
|
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-33056 | 1 Qualcomm | 658 205 Mobile Platform, 205 Mobile Platform Firmware, 315 5g Iot Modem and 655 more | 2024-12-12 | N/A | 8.4 HIGH |
|
Memory corruption when allocating and accessing an entry in an SMEM partition continuously.
|
|||||
| CVE-2024-9978 | 1 Openatom | 1 Openharmony | 2024-12-11 | N/A | 5.5 MEDIUM |
|
in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
|
|||||
| CVE-2024-12082 | 1 Openatom | 1 Openharmony | 2024-12-11 | N/A | 5.5 MEDIUM |
|
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
|
|||||
| CVE-2023-52565 | 1 Linux | 1 Linux Kernel | 2024-12-11 | N/A | 7.1 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
media: uvcvideo: Fix OOB read
If the index provided by the user is bigger than the mask size, we might do
an out of bound read.
|
|||||
| CVE-2023-52504 | 1 Linux | 1 Linux Kernel | 2024-12-11 | N/A | 7.1 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
x86/alternatives: Disable KASAN in apply_alternatives()
Fei has reported that KASAN triggers during apply_alternatives() on
a 5-level paging machine:
BUG: KASAN: out-of-bounds in rcu_is_watching()
Read of size 4 at addr ff110003ee6419a0 by task swapper/0/0
...
__asan_load4()
rcu_is_watching()
trace_hardirqs_on()
text_poke_early()
apply_alternatives()
...
On machines with 5-level paging, cpu_feature_enabled(X86_FEATU ...
Show More |
|||||
| CVE-2024-52574 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-12-10 | N/A | 7.8 HIGH |
|
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure ...
Show More |
|||||
| CVE-2024-52567 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-12-10 | N/A | 7.8 HIGH |
|
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure ...
Show More |
|||||
| CVE-2024-45466 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-12-10 | N/A | 7.8 HIGH |
|
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow ...
Show More |
|||||
| CVE-2024-45465 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-12-10 | N/A | 7.8 HIGH |
|
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow ...
Show More |
|||||
| CVE-2024-45464 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-12-10 | N/A | 7.8 HIGH |
|
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow ...
Show More |
|||||
| CVE-2024-45463 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-12-10 | N/A | 7.8 HIGH |
|
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow ...
Show More |
|||||
| CVE-2023-46280 | 2024-12-10 | N/A | 6.5 MEDIUM | ||
|
A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 ...
Show More |
|||||
| CVE-2021-46955 | 1 Linux | 1 Linux Kernel | 2024-12-06 | N/A | 7.1 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: fix stack OOB read while fragmenting IPv4 packets
running openvswitch on kernels built with KASAN, it's possible to see the
following splat while testing fragmentation of IPv4 packets:
BUG: KASAN: stack-out-of-bounds in ip_do_fragment+0x1b03/0x1f60
Read of size 1 at addr ffff888112fc713c by task handler2/1367
CPU: 0 PID: 1367 Comm: handler2 Not tainted 5.12.0-rc6+ #418
Hardware name: Red Hat KVM, BIOS 1.11.1 ...
Show More |
|||||
| CVE-2024-20750 | 1 Adobe | 1 Substance 3d Designer | 2024-12-06 | N/A | 7.8 HIGH |
|
Substance3D - Designer versions 13.1.0 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-29857 | 2024-12-06 | N/A | 7.5 HIGH | ||
|
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
|
|||||
| CVE-2023-32375 | 1 Apple | 1 Macos | 2024-12-05 | N/A | 5.5 MEDIUM |
|
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.6, macOS Ventura 13.4. Processing a 3D model may result in disclosure of process memory.
|
|||||
| CVE-2023-32372 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-05 | N/A | 5.5 MEDIUM |
|
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. Processing an image may result in disclosure of process memory.
|
|||||
| CVE-2024-51210 | 2024-12-05 | N/A | 5.3 MEDIUM | ||
|
Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. NOTE: in several similar products, this is the intentional behavior for anyone who knows the full document ID and corresponding URL. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
|
|||||
| CVE-2024-20793 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-12-05 | N/A | 5.5 MEDIUM |
|
Illustrator versions 28.4, 27.9.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-9760 | 1 Tungstenautomation | 1 Power Pdf | 2024-12-05 | N/A | 3.3 LOW |
|
Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PNG files. The issue results from the lack of proper validation of user-supplie ...
Show More |
|||||
| CVE-2024-9761 | 1 Tungstenautomation | 1 Power Pdf | 2024-12-05 | N/A | 3.3 LOW |
|
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplie ...
Show More |
|||||