Total
8248 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-12130 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | N/A | 7.8 HIGH |
| An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | |||||
| CVE-2023-29460 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | N/A | 7.8 HIGH |
| An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow potentially resulting in a complete loss of confidentiality, integrity, and availability. | |||||
| CVE-2024-0045 | 1 Google | 1 Android | 2024-12-17 | N/A | 6.5 MEDIUM |
| In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-0030 | 1 Google | 1 Android | 2024-12-16 | N/A | 5.5 MEDIUM |
| In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40085 | 1 Google | 1 Android | 2024-12-16 | N/A | 5.5 MEDIUM |
| In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-0016 | 1 Google | 1 Android | 2024-12-16 | N/A | 5.3 MEDIUM |
| In multiple locations, there is a possible out of bounds read due to a missing bounds check. This could lead to paired device information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40112 | 1 Google | 1 Android | 2024-12-13 | N/A | 5.5 MEDIUM |
| In ippSetValueTag of ipp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of past print jobs or other print-related information, with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40124 | 1 Google | 1 Android | 2024-12-13 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead to local information disclosure of photos or other images with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-30281 | 1 Adobe | 1 Substance 3d Designer | 2024-12-12 | N/A | 5.5 MEDIUM |
| Substance3D - Designer versions 13.1.1 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-54116 | 1 Huawei | 1 Harmonyos | 2024-12-12 | N/A | 4.3 MEDIUM |
| Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | |||||
| CVE-2024-54115 | 1 Huawei | 1 Harmonyos | 2024-12-12 | N/A | 4.3 MEDIUM |
| Out-of-bounds read vulnerability in the DASH module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-54114 | 1 Huawei | 1 Harmonyos | 2024-12-12 | N/A | 4.4 MEDIUM |
| Out-of-bounds access vulnerability in playback in the DASH module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2023-32542 | 1 Fujielectric | 2 Tellus, Tellus Lite | 2024-12-12 | N/A | 7.8 HIGH |
| Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution. | |||||
| CVE-2024-53004 | 1 Adobe | 1 Substance 3d Modeler | 2024-12-12 | N/A | 5.5 MEDIUM |
| Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-53005 | 1 Adobe | 1 Substance 3d Modeler | 2024-12-12 | N/A | 5.5 MEDIUM |
| Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-33056 | 1 Qualcomm | 658 205 Mobile Platform, 205 Mobile Platform Firmware, 315 5g Iot Modem and 655 more | 2024-12-12 | N/A | 8.4 HIGH |
| Memory corruption when allocating and accessing an entry in an SMEM partition continuously. | |||||
| CVE-2024-9978 | 1 Openatom | 1 Openharmony | 2024-12-11 | N/A | 5.5 MEDIUM |
| in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | |||||
| CVE-2024-12082 | 1 Openatom | 1 Openharmony | 2024-12-11 | N/A | 5.5 MEDIUM |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | |||||
| CVE-2023-52565 | 1 Linux | 1 Linux Kernel | 2024-12-11 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix OOB read If the index provided by the user is bigger than the mask size, we might do an out of bound read. | |||||
| CVE-2023-52504 | 1 Linux | 1 Linux Kernel | 2024-12-11 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: x86/alternatives: Disable KASAN in apply_alternatives() Fei has reported that KASAN triggers during apply_alternatives() on a 5-level paging machine: BUG: KASAN: out-of-bounds in rcu_is_watching() Read of size 4 at addr ff110003ee6419a0 by task swapper/0/0 ... __asan_load4() rcu_is_watching() trace_hardirqs_on() text_poke_early() apply_alternatives() ... On machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57) gets patched. It includes KASAN code, where KASAN_SHADOW_START depends on __VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled(). KASAN gets confused when apply_alternatives() patches the KASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START static, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue. Fix it for real by disabling KASAN while the kernel is patching alternatives. [ mingo: updated the changelog ] | |||||