Export limit exceeded: 45226 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45226 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49514 | 3 Adobe, Apple, Microsoft | 5 Photoshop, Photoshop 2023, Photoshop 2024 and 2 more | 2024-11-18 | 7.8 High |
| Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-52876 | 1 Holy Stone Remote Id Module | 1 Holy Stone Remote Id Module | 2024-11-18 | 7.5 High |
| Holy Stone Remote ID Module HSRID01, firmware distributed with the Drone Go2 mobile application before 1.1.8, allows unauthenticated "remote power off" actions (in broadcast mode) via multiple read operations on the ASTM Remote ID (0xFFFA) GATT. | ||||
| CVE-2015-20111 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-18 | 9.8 Critical |
| miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different vulnerability than CVE-2019-12107. In Bitcoin Core before 0.12, remote code execution was possible in conjunction with CVE-2015-6031 exploitation. | ||||
| CVE-2024-24447 | 2024-11-18 | 5.3 Medium | ||
| A buffer overflow in the ngap_amf_handle_pdu_session_resource_setup_response function of oai-cn5g-amf up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a PDU Session Resource Setup Response with an empty Response Item list. | ||||
| CVE-2022-20766 | 1 Cisco | 1 Ata 190 Firmware | 2024-11-18 | 5.3 Medium |
| A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to an out-of-bounds read when processing Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a service restart.Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2024-48970 | 1 Baxter | 1 Life2000 Ventilator Firmware | 2024-11-18 | 9.3 Critical |
| The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure. | ||||
| CVE-2024-47907 | 1 Ivanti | 1 Connect Secure | 2024-11-18 | 7.5 High |
| A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. | ||||
| CVE-2024-47905 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-11-18 | 4.9 Medium |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service. | ||||
| CVE-2024-49525 | 1 Adobe | 1 Substance 3d Painter | 2024-11-16 | 7.8 High |
| Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-38410 | 1 Qualcomm | 51 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 48 more | 2024-11-16 | 7.8 High |
| Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice. | ||||
| CVE-2024-38409 | 1 Qualcomm | 51 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 48 more | 2024-11-16 | 7.8 High |
| Memory corruption while station LL statistic handling. | ||||
| CVE-2024-49509 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-16 | 7.8 High |
| InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-49510 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-16 | 5.5 Medium |
| InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-49511 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-16 | 5.5 Medium |
| InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-49512 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-16 | 5.5 Medium |
| InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-49508 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-16 | 7.8 High |
| InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-49507 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-11-16 | 7.8 High |
| InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-47531 | 1 Clinical-genomics | 1 Scout | 2024-11-15 | 4.6 Medium |
| Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly downloading it and opening may lead to the compromise of users' devices or data. This vulnerability is fixed in 4.89. | ||||
| CVE-2024-39766 | 1 Intel | 1 Neural Compressor Software | 2024-11-15 | 7 High |
| Improper neutralization of special elements used in SQL command in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-21783 | 2024-11-15 | 4.8 Medium | ||
| Integer overflow for some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||