Lucene search
+L

451 matches found

osv
osv
added 2024/12/10 10:15 p.m.5 views

CVE-2024-53006

Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this...

5.5CVSS5.8AI score0.00362EPSS
Exploits0References1
osv
osv
added 2024/12/10 9:15 p.m.2 views

CVE-2024-49546

InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in...

5.5CVSS5.6AI score
Exploits0References1
ptsecurity
ptsecurity
added 2024/12/10 12:0 a.m.6 views

PT-2024-9872 · Adobe · Media Encoder

Name of the Vulnerable Software and Affected Versions: Media Encoder versions 25.0, 24.6.3 and earlier Description: The issue is related to a NULL Pointer Dereference error. Exploitation of this issue could allow an attacker to cause a denial-of-service by crashing the application, which requires...

5.5CVSS6.9AI score0.00313EPSS
Exploits0References7
osv
osv
added 2024/11/19 6:15 p.m.2 views

DEBIAN-CVE-2024-10224

Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...

7.8CVSS7.6AI score0.08598EPSS
Exploits3References1
osv
osv
added 2024/11/12 9:15 p.m.4 views

CVE-2024-49511

InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in...

5.5CVSS5.6AI score0.00283EPSS
Exploits0References1
githubexploit
githubexploit
added 2024/10/14 2:11 p.m.134 views

Exploit for Cross-site Scripting in Sygnoos Popup_Builder

General Details - CVE-ID : CVE-2023-6000 - CVSS Score...

6.1CVSS8AI score0.01999EPSS
Exploits4
osv
osv
added 2024/10/09 2:15 p.m.4 views

CVE-2024-45140

Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.4AI score0.00269EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/09/30 12:0 a.m.6 views

PT-2024-32645 · Scout · Scout

Name of the Vulnerable Software and Affected Versions: Scout versions prior to 4.89 Description: The issue arises from the lack of sanitization in filenames, allowing bypass of intended file extensions. This enables the download of malicious files with any extension. If users unknowingly download...

4.6CVSS7.1AI score0.00311EPSS
Exploits1References7
osv
osv
added 2024/09/13 9:15 a.m.6 views

CVE-2024-43759

Illustrator versions 28.6, 27.9.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service DoS. An attacker could exploit this vulnerability to crash the application, resulting in a DoS condition. Exploitation of this issue requires...

5.5CVSS5.8AI score0.0025EPSS
Exploits0References1
osv
osv
added 2024/09/13 9:15 a.m.4 views

CVE-2024-34121

Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00368EPSS
Exploits0References1
cve
cve
added 2024/09/13 8:37 a.m.78 views

CVE-2024-34121

Adobe Illustrator is affected by CVE-2024-34121 (Integer Overflow/Wraparound) in versions 28.6, 27.9.5 and earlier. The vulnerability could allow arbitrary code execution in the current user context and requires the user to open a malicious file. Updates per APSB24-66 mitigate this issue by movin...

7.8CVSS7.8AI score0.00368EPSS
Exploits0References1Affected Software1
nessus
nessus
added 2024/09/12 12:0 a.m.188 views

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2024-2394)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : kernel:ACPI: CPPC: Use accesswidth over bitwidth for system memory accessesCVE-2024-35995 ACPI: LPIT: Avoid u32 multiplication...

9.1CVSS7.5AI score0.02701EPSS
Exploits3References207
redhat
redhat
added 2024/09/03 4:11 p.m.7 views

emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code

A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments...

9.8CVSS5.8AI score0.01312EPSS
Exploits0References5
osv
osv
added 2024/08/14 3:15 p.m.4 views

CVE-2024-39422

Acrobat Reader versions 20.005.30636, 24.002.20965, 24.002.20964, 24.001.30123 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must op...

7.8CVSS6.3AI score0.02961EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2024/07/08 12:0 a.m.18 views

The vulnerability of the Mozilla Firefox browser for Android, related to deficiencies in access control, allows attackers to bypass security restrictions and compromise the integrity of protected information.

The vulnerability of the Mozilla Firefox browser for Android is related to deficiencies in access control, resulting from incorrect processing of the Principal object when opening new tabs. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and compromise the...

5CVSS7.7AI score0.00411EPSS
Exploits1References5Affected Software1
redhat
redhat
added 2024/06/24 10:53 a.m.5 views

Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window

The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...

4.7CVSS7.3AI score0.00654EPSS
Exploits0References6
redhat
redhat
added 2024/06/17 1:39 p.m.5 views

Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window

The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...

4.7CVSS7.3AI score0.00654EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2024/06/12 3:2 p.m.13 views

CVE-2024-28964

Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issu...

7.8CVSS7.4AI score0.00357EPSS
Exploits0References1
cve
cve
added 2024/06/12 3:2 p.m.48 views

CVE-2024-28964

CVE-2024-28964 - Dell Common Event Enabler : Affects version 8.9.10.0 and earlier of the Dell Common Event Enabler, due to an insecure deserialization vulnerability in CAVATools . This enables a local attacker to achieve arbitrary code execution in the context of the logged-in user, with exploita...

7.8CVSS7.5AI score0.00357EPSS
Exploits0References1Affected Software1
nessus
nessus
added 2024/05/11 12:0 a.m.18 views

RHEL 7 : libxfont (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libXfont: Insufficient input validation in pcfread.c CVE-2017-13722 - In the PatternMatch function in...

6.8AI score0.00442EPSS
Exploits0References3
Rows per page
Query Builder