Export limit exceeded: 356995 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (356995 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-48974 | 1 Baxter | 1 Life2000 Ventilator Firmware | 2024-11-18 | 9.3 Critical |
| The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This could disrupt the function of the device and/or cause unauthorized information disclosure. | ||||
| CVE-2024-48970 | 1 Baxter | 1 Life2000 Ventilator Firmware | 2024-11-18 | 9.3 Critical |
| The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure. | ||||
| CVE-2024-47907 | 1 Ivanti | 1 Connect Secure | 2024-11-18 | 7.5 High |
| A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. | ||||
| CVE-2024-47905 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-18 | 4.9 Medium |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service. | ||||
| CVE-2024-50318 | 1 Ivanti | 1 Avalanche | 2024-11-18 | 7.5 High |
| A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | ||||
| CVE-2024-50317 | 1 Ivanti | 1 Avalanche | 2024-11-18 | 7.5 High |
| A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | ||||
| CVE-2024-50321 | 1 Ivanti | 1 Avalanche | 2024-11-18 | 7.5 High |
| An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | ||||
| CVE-2024-50320 | 1 Ivanti | 1 Avalanche | 2024-11-18 | 7.5 High |
| An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | ||||
| CVE-2024-50319 | 1 Ivanti | 1 Avalanche | 2024-11-18 | 7.5 High |
| An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | ||||
| CVE-2024-50809 | 1 Sdcms | 1 Sdcms | 2024-11-18 | 8.8 High |
| The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commands | ||||
| CVE-2024-44765 | 1 Mgt-commerce | 1 Cloudpanel | 2024-11-18 | 6.5 Medium |
| An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality. | ||||
| CVE-2024-21540 | 2024-11-17 | N/A | ||
| This issue is not a vulnerability because no real attack scenario can happen. | ||||
| CVE-2024-39388 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-11-16 | 7.8 High |
| Substance3D - Stager versions 3.0.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-47427 | 1 Adobe | 1 Substance 3d Painter | 2024-11-16 | 7.8 High |
| Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-47426 | 1 Adobe | 1 Substance 3d Painter | 2024-11-16 | 7.8 High |
| Substance3D - Painter versions 10.1.0 and earlier are affected by a Double Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-49519 | 1 Adobe | 1 Substance 3d Painter | 2024-11-16 | 7.8 High |
| Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-49525 | 1 Adobe | 1 Substance 3d Painter | 2024-11-16 | 7.8 High |
| Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-47443 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-11-16 | 7.8 High |
| After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-47442 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-11-16 | 7.8 High |
| After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-47441 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-11-16 | 7.8 High |
| After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||