Total
7057 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49527 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-11-18 | N/A | 5.5 MEDIUM |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-52876 | 2024-11-18 | N/A | 7.5 HIGH | ||
| Holy Stone Remote ID Module HSRID01, firmware distributed with the Drone Go2 mobile application before 1.1.8, allows unauthenticated "remote power off" actions (in broadcast mode) via multiple read operations on the ASTM Remote ID (0xFFFA) GATT. | |||||
| CVE-2024-52523 | 2024-11-18 | N/A | 4.6 MEDIUM | ||
| Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fixed credentials, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2 and Nextcloud Enterprise Server is upgraded to 25.0.13.14, 26.0.13.10, 27.1.11.10, 28.0.12, 29.0.9 or 30.0.2. | |||||
| CVE-2022-20766 | 2024-11-18 | N/A | 5.3 MEDIUM | ||
| A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to an out-of-bounds read when processing Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a service restart.Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2023-20094 | 2024-11-18 | N/A | 4.3 MEDIUM | ||
| A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device. This vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read that discloses sensitive information. Note: This vulnerability only affects Cisco Webex Desk Hub. There are no workarounds that address this vulnerability. | |||||
| CVE-2023-39180 | 2024-11-18 | N/A | 4.0 MEDIUM | ||
| A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. | |||||
| CVE-2023-39176 | 2024-11-18 | N/A | 5.8 MEDIUM | ||
| A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE. | |||||
| CVE-2023-39179 | 2024-11-18 | N/A | 7.5 HIGH | ||
| A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE. | |||||
| CVE-2024-27529 | 2024-11-18 | N/A | 8.4 HIGH | ||
| wasm3 139076a contains memory leaks in Read_utf8. | |||||
| CVE-2024-27528 | 2024-11-18 | N/A | 8.4 HIGH | ||
| wasm3 139076a suffers from Invalid Memory Read, leading to DoS and potential Code Execution. | |||||
| CVE-2024-49510 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-16 | N/A | 5.5 MEDIUM |
| InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-49511 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-16 | N/A | 5.5 MEDIUM |
| InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-49512 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-16 | N/A | 5.5 MEDIUM |
| InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-28051 | 2024-11-15 | N/A | 2.2 LOW | ||
| Out-of-bounds read in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2024-32667 | 2024-11-15 | N/A | 3.9 LOW | ||
| Out-of-bounds read for some OpenCL(TM) software may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2023-4458 | 2024-11-15 | N/A | 4.0 MEDIUM | ||
| A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE. | |||||
| CVE-2024-25431 | 1 Bytecodealliance | 1 Webassembly Micro Runtime | 2024-11-14 | N/A | 7.8 HIGH |
| An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function. | |||||
| CVE-2024-46956 | 3 Artifex, Debian, Suse | 5 Ghostscript, Debian Linux, Linux Enterprise High Performance Computing and 2 more | 2024-11-14 | N/A | 7.8 HIGH |
| An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution. | |||||
| CVE-2024-47445 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-11-14 | N/A | 5.5 MEDIUM |
| After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-47444 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-11-14 | N/A | 5.5 MEDIUM |
| After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||