Total
12091 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23157 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-05-06 | N/A | 7.8 HIGH |
| A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process. | |||||
| CVE-2024-23156 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-05-06 | N/A | 7.8 HIGH |
| A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMkern229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process. | |||||
| CVE-2024-37006 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-05-06 | N/A | 7.8 HIGH |
| A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process. | |||||
| CVE-2022-32940 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-06 | N/A | 7.8 HIGH |
| The issue was addressed with improved bounds checks. This issue is fixed in tvOS 16.1, iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-32939 | 1 Apple | 2 Ipados, Iphone Os | 2025-05-06 | N/A | 7.8 HIGH |
| The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-32934 | 1 Apple | 1 Macos | 2025-05-06 | N/A | 8.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. A remote user may be able to cause kernel code execution. | |||||
| CVE-2018-18601 | 1 Guardzilla | 2 Gz621w, Gz621w Firmware | 2025-05-06 | 6.8 MEDIUM | 8.1 HIGH |
| The TK_set_deviceModel_req_handle function in the cloud communication component in Guardzilla GZ621W devices with firmware 0.5.1.4 has a Buffer Overflow. | |||||
| CVE-2018-6337 | 1 Facebook | 2 Folly, Hhvm | 2025-05-06 | 5.0 MEDIUM | 7.5 HIGH |
| folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00. | |||||
| CVE-2017-9633 | 1 Infineon | 1 S-gold 2 Pmb 8876 | 2025-05-06 | 8.3 HIGH | 8.8 HIGH |
| An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. A vulnerability in the temporary mobile subscriber identity (TMSI) may allow an attacker to access and control memory. This may allow remote code execution on the baseband radio processor of the TCU. | |||||
| CVE-2017-16368 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2025-05-06 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability leads to a stack-based buffer overflow condition in the internal Unicode string manipulation module. It is triggered by an invalid PDF file, where a crafted Unicode string causes an out of bounds memory access of a stack allocated buffer, due to improper checks when manipulating an offset of a pointer to the buffer. Attackers can exploit the vulnerability and achieve arbitrary code execution if they can effectively control the accessible memory. | |||||
| CVE-2022-42798 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-05 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. Parsing a maliciously crafted audio file may lead to disclosure of user information. | |||||
| CVE-2022-21237 | 1 Intel | 118 Lapbc510, Lapbc510 Firmware, Lapbc710 and 115 more | 2025-05-05 | 6.1 MEDIUM | 6.7 MEDIUM |
| Improper buffer access in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-21160 | 1 Intel | 18 Proset Wi-fi 6e Ax210, Proset Wi-fi 6e Ax210 Firmware, Wi-fi 6 Ax200 and 15 more | 2025-05-05 | N/A | 7.5 HIGH |
| Improper buffer restrictions for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2021-33847 | 1 Intel | 36 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3165 Firmware, Dual Band Wireless-ac 3168 and 33 more | 2025-05-05 | N/A | 7.8 HIGH |
| Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-26257 | 1 Intel | 36 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3165 Firmware, Dual Band Wireless-ac 3168 and 33 more | 2025-05-05 | N/A | 5.5 MEDIUM |
| Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2021-0189 | 1 Intel | 336 Xeon Bronze 3204, Xeon Bronze 3204 Firmware, Xeon Bronze 3206r and 333 more | 2025-05-05 | 7.2 HIGH | 7.8 HIGH |
| Use of out-of-range pointer offset in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | |||||
| CVE-2021-0188 | 1 Intel | 74 Xeon E3-1220 V5, Xeon E3-1220 V5 Firmware, Xeon E3-1220 V6 and 71 more | 2025-05-05 | 7.2 HIGH | 7.8 HIGH |
| Return of pointer value outside of expected range in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | |||||
| CVE-2023-44184 | 1 Juniper | 2 Junos, Junos Os Evolved | 2025-05-02 | N/A | 6.5 MEDIUM |
| An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU Denial of Service to the device's control plane. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2-S1, 22.3R3; * 22.4 versions prior to 22.4R1-S2, 22.4R2. Juniper Networks Junos OS Evolved * All versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S2-EVO; * 22.2 versions prior to 22.2R3-EVO; * 22.3 versions prior to 22.3R3-EVO; * 22.4 versions prior to 22.4R2-EVO. An indicator of compromise can be seen by first determining if the NETCONF client is logged in and fails to log out after a reasonable period of time and secondly reviewing the WCPU percentage for the mgd process by running the following command: mgd process example: user@device-re#> show system processes extensive | match "mgd|PID" | except last PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 92476 root 100 0 500M 89024K CPU3 3 57.5H 89.60% mgd <<<<<<<<<<< review the high cpu percentage. Example to check for NETCONF activity: While there is no specific command that shows a specific session in use for NETCONF, you can review logs for UI_LOG_EVENT with "client-mode 'netconf'" For example: mgd[38121]: UI_LOGIN_EVENT: User 'root' login, class 'super-user' [38121], ssh-connection '10.1.1.1 201 55480 10.1.1.2 22', client-mode 'netconf' | |||||
| CVE-2025-4068 | 2025-05-02 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability classified as critical was found in code-projects Simple Movie Ticket Booking System 1.0. Affected by this vulnerability is the function changeprize. The manipulation of the argument prize leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4114 | 2025-05-02 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability classified as critical has been found in Netgear JWNR2000v2 1.0.0.11. Affected is the function check_language_file. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||