Total
9428 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-32203 | 1 Hornerautomation | 2 Cscape, Cscape Envisionrv | 2024-11-20 | N/A | 7.8 HIGH |
| Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | |||||
| CVE-2024-52565 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-11-20 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24231) | |||||
| CVE-2024-52566 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-11-20 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24233) | |||||
| CVE-2024-52569 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-11-20 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24260) | |||||
| CVE-2024-52570 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-11-20 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24365) | |||||
| CVE-2024-52571 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-11-20 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24485) | |||||
| CVE-2024-52572 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-11-20 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24486) | |||||
| CVE-2024-52573 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-11-20 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24521) | |||||
| CVE-2023-52348 | 2024-11-19 | N/A | 4.4 MEDIUM | ||
| In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | |||||
| CVE-2022-4900 | 2 Php, Redhat | 3 Php, Enterprise Linux, Software Collections | 2024-11-19 | N/A | 5.5 MEDIUM |
| A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow. | |||||
| CVE-2009-0733 | 4 Gimp, Littlecms, Mozilla and 1 more | 4 Gimp, Little Cms, Firefox and 1 more | 2024-11-19 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions. | |||||
| CVE-2016-7531 | 1 Imagemagick | 1 Imagemagick | 2024-11-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted PDB file. | |||||
| CVE-2024-11237 | 1 Tp-link | 2 Vn020-f3v\(t\), Vn020-f3v\(t\) Firmware | 2024-11-19 | 7.8 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10397 | 2024-11-19 | N/A | N/A | ||
| A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code. | |||||
| CVE-2017-13313 | 2024-11-19 | N/A | 7.5 HIGH | ||
| In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, there is a possible infinite loop leading to resource exhaustion due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-50203 | 1 Linux | 1 Linux Kernel | 2024-11-19 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix address emission with tag-based KASAN enabled When BPF_TRAMP_F_CALL_ORIG is enabled, the address of a bpf_tramp_image struct on the stack is passed during the size calculation pass and an address on the heap is passed during code generation. This may cause a heap buffer overflow if the heap address is tagged because emit_a64_mov_i64() will emit longer code than it did during the size calculation pass. The same problem could occur without tag-based KASAN if one of the 16-bit words of the stack address happened to be all-ones during the size calculation pass. Fix the problem by assuming the worst case (4 instructions) when calculating the size of the bpf_tramp_image address emission. | |||||
| CVE-2024-49528 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-11-18 | N/A | 7.8 HIGH |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-47909 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-18 | N/A | 4.9 MEDIUM |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service. | |||||
| CVE-2024-47907 | 1 Ivanti | 1 Connect Secure | 2024-11-18 | N/A | 7.5 HIGH |
| A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. | |||||
| CVE-2024-47905 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-18 | N/A | 4.9 MEDIUM |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service. | |||||