Export limit exceeded: 20457 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20457 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47941 | 1 Siemens | 1 Solid Edge Se2024 | 2024-11-13 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2024-47940 | 1 Siemens | 1 Solid Edge Se2024 | 2024-11-13 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2024-11061 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2024-11-13 | 8.8 High |
| A vulnerability classified as critical was found in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function FUN_0044db3c of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11047 | 2 D-link, Dlink | 3 Di-8003 Firmware, Di-8003, Di-8003 Firmware | 2024-11-13 | 8.8 High |
| A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been declared as critical. Affected by this vulnerability is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11048 | 2 D-link, Dlink | 3 Di-8003 Firmware, Di-8003, Di-8003 Firmware | 2024-11-13 | 8.8 High |
| A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been rated as critical. Affected by this issue is the function dbsrv_asp of the file /dbsrv.asp. The manipulation of the argument str leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-47438 | 1 Adobe | 1 Substance 3d Painter | 2024-11-13 | 5.5 Medium |
| Substance3D - Painter versions 10.1.0 and earlier are affected by a Write-what-where Condition vulnerability that could lead to a memory leak. This vulnerability allows an attacker to write a controlled value at a controlled memory location, which could result in the disclosure of sensitive memory content. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-47437 | 1 Adobe | 1 Substance 3d Painter | 2024-11-13 | 5.5 Medium |
| Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-47436 | 1 Adobe | 1 Substance 3d Painter | 2024-11-13 | 5.5 Medium |
| Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-47435 | 1 Adobe | 1 Substance 3d Painter | 2024-11-13 | 5.5 Medium |
| Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-47440 | 1 Adobe | 1 Substance 3d Painter | 2024-11-13 | 5.5 Medium |
| Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-49517 | 1 Adobe | 1 Substance 3d Painter | 2024-11-13 | 7.8 High |
| Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-6444 | 1 Zephyrproject | 1 Zephyr | 2024-11-13 | 6.3 Medium |
| No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. | ||||
| CVE-2024-6443 | 1 Zephyrproject | 1 Zephyr | 2024-11-12 | 6.3 Medium |
| In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty. | ||||
| CVE-2024-20508 | 1 Cisco | 2 Cisco Utd Snort Ips Engine Software, Unified Threat Defense Snort Intrusion Prevention System Engine | 2024-11-12 | 5.8 Medium |
| A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass configured security policies or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of HTTP requests when they are processed by Cisco UTD Snort IPS Engine. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process. If the action in case of Cisco UTD Snort IPS Engine failure is set to the default, fail-open, successful exploitation of this vulnerability could allow the attacker to bypass configured security policies. If the action in case of Cisco UTD Snort IPS Engine failure is set to fail-close, successful exploitation of this vulnerability could cause traffic that is configured to be inspected by Cisco UTD Snort IPS Engine to be dropped. | ||||
| CVE-2024-48290 | 1 Realtek | 1 Rtl8762ekf-evb Firmware | 2024-11-08 | 4.3 Medium |
| An issue in the Bluetooth Low Energy implementation of Realtek RTL8762E BLE SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ll_terminate_ind packet. | ||||
| CVE-2023-29126 | 1 Enelx | 2 Waybox Pro, Waybox Pro Firmware | 2024-11-08 | 4.2 Medium |
| The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication. | ||||
| CVE-2023-29125 | 2 Enel X, Enelx | 3 Juicebox Pro3.0 22kw Cellular, Waybox Pro, Waybox Pro Firmware | 2024-11-08 | 9 Critical |
| A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700. | ||||
| CVE-2024-33032 | 1 Qualcomm | 140 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6200 and 137 more | 2024-11-08 | 6.7 Medium |
| Memory corruption when the user application modifies the same shared memory asynchronously when kernel is accessing it. | ||||
| CVE-2024-33030 | 1 Qualcomm | 44 Ar8035, Ar8035 Firmware, Fastconnect 6900 and 41 more | 2024-11-08 | 6.7 Medium |
| Memory corruption while parsing IPC frequency table parameters for LPLH that has size greater than expected size. | ||||
| CVE-2024-47855 | 1 Redhat | 1 Ocp Tools | 2024-11-07 | 5.3 Medium |
| util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string. | ||||