Total
7420 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-54502 | 1 Apple | 7 Ipados, Iphone Os, Macos and 4 more | 2024-12-18 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2024-43082 | 1 Google | 1 Android | 2024-12-17 | N/A | 5.5 MEDIUM |
| In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-40656 | 1 Google | 1 Android | 2024-12-17 | N/A | 5.5 MEDIUM |
| In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2023-27854 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | N/A | 7.8 HIGH |
| An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute. | |||||
| CVE-2023-29461 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | N/A | 7.8 HIGH |
| An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. potentially resulting in a complete loss of confidentiality, integrity, and availability. | |||||
| CVE-2024-12130 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | N/A | 7.8 HIGH |
| An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | |||||
| CVE-2023-29460 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | N/A | 7.8 HIGH |
| An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow potentially resulting in a complete loss of confidentiality, integrity, and availability. | |||||
| CVE-2024-0045 | 1 Google | 1 Android | 2024-12-17 | N/A | 6.5 MEDIUM |
| In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-0030 | 1 Google | 1 Android | 2024-12-16 | N/A | 5.5 MEDIUM |
| In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-56083 | 2024-12-16 | N/A | 8.1 HIGH | ||
| Cognition Devin before 2024-12-12 provides write access to code by an attacker who discovers the https://vscode-randomly_generated_string.devinapps.com URL (aka the VSCode live share URL) for a specific "Use Devin's Machine" session. For example, this URL may be discovered if a customer posts a screenshot of a Devin session to social media, or publicly streams their Devin session. | |||||
| CVE-2023-40085 | 1 Google | 1 Android | 2024-12-16 | N/A | 5.5 MEDIUM |
| In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-0016 | 1 Google | 1 Android | 2024-12-16 | N/A | 5.3 MEDIUM |
| In multiple locations, there is a possible out of bounds read due to a missing bounds check. This could lead to paired device information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40112 | 1 Google | 1 Android | 2024-12-13 | N/A | 5.5 MEDIUM |
| In ippSetValueTag of ipp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of past print jobs or other print-related information, with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40124 | 1 Google | 1 Android | 2024-12-13 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead to local information disclosure of photos or other images with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-47542 | 1 Gstreamer Project | 1 Gstreamer | 2024-12-13 | N/A | 7.5 HIGH |
| GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10. | |||||
| CVE-2024-9508 | 2024-12-13 | N/A | 7.8 HIGH | ||
| Horner Automation Cscape contains a memory corruption vulnerability, which could allow an attacker to disclose information and execute arbitrary code. | |||||
| CVE-2024-12212 | 2024-12-13 | N/A | 7.8 HIGH | ||
| The vulnerability occurs in the parsing of CSP files. The issues result from the lack of proper validation of user-supplied data, which could allow reading past the end of allocated data structures, resulting in execution of arbitrary code. | |||||
| CVE-2024-30281 | 1 Adobe | 1 Substance 3d Designer | 2024-12-12 | N/A | 5.5 MEDIUM |
| Substance3D - Designer versions 13.1.1 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-54116 | 1 Huawei | 1 Harmonyos | 2024-12-12 | N/A | 4.3 MEDIUM |
| Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
| CVE-2024-54115 | 1 Huawei | 1 Harmonyos | 2024-12-12 | N/A | 4.3 MEDIUM |
| Out-of-bounds read vulnerability in the DASH module Impact: Successful exploitation of this vulnerability will affect availability. | |||||