68 matches found
EUVD-2019-18121
Malware in sbrugna...
CVE-2025-1658
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...
Huawei EulerOS: Security Advisory for openjpeg2 (EulerOS-SA-2024-2910)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-44218
This issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1. Processing a maliciously crafted file may lead to heap corruption...
CVE-2024-44236
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. Processing a maliciously crafted file may lead to unexpected app termination...
CVE-2024-44237
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. Processing a maliciously crafted file may lead to unexpected app termination...
CVE-2024-27880
CVE-2024-27880 is an out-of-bounds read vulnerability affecting Apple platforms. Processing a maliciously crafted file may cause an application to terminate unexpectedly. It is fixed in: iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, a...
CVE-2024-45857
CVE-2024-45857 affects Cleanlab 2.4.0 and newer. The root cause is deserialization of untrusted data via a crafted datalab.pkl when loading the data directory, enabling arbitrary code execution on the end user’s system. Public descriptions consistently state the issue but do not provide a confirm...
CVE-2024-40799
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may...
CVE-2024-40777
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may lead to unexpected app termination...
CVE-2024-40799
CVE-2024-40799 is an out-of-bounds read vulnerability fixed by Apple in multiple OS updates. Affected platforms include iOS 16.7.9 / 17.6, iPadOS 16.7.9 / 17.6, macOS Ventura 13.6.8, Monterey 12.7.6, macOS Sonoma 14.6, and the watchOS 10.6, tvOS 17.6, visionOS 1.3 lineups. The issue occurs when p...
CVE-2024-40784
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing a maliciously crafted file may lead to unexpected app...
CVE-2024-37007 Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products
A maliciously crafted XB and XT file, when parsed in pskernel.DLL through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process...
CVE-2024-23156 Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products
A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMkern229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process...
CVE-2024-23153 Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products
A maliciously crafted MODEL file, when parsed in libodx.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...
CVE-2024-37006 Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process...
CVE-2024-37004
CVE-2024-37004 concerns Autodesk AutoCAD. What’s affected: AutoCAD desktop software; vulnerable code path occurs when parsing an SLDPRT file via the ASMKERN229A.dll module. Root cause: a use-after-free vulnerability in that parsing flow, as documented in the CVE description and corroborated by cr...
CVE-2024-23142 Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software
A maliciously crafted CATPART, STP, and MODEL file, when parsed in atfdwgconsumer.dll, rosex64vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process...
BIT-GITLAB-2024-1495 Uncontrolled Resource Consumption in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted file...
CVE-2024-1495 Uncontrolled Resource Consumption in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted file...