Total
12209 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-9471 | 1 Google | 1 Android | 2024-12-18 | 9.8 Critical |
| In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-49537 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-12-18 | 7.8 High |
| After Effects versions 24.6.2, 25.0.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-49538 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-12-18 | 7.8 High |
| Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-52355 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-12-18 | 7.5 High |
| An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB. | ||||
| CVE-2023-6228 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2024-12-18 | 3.3 Low |
| An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. | ||||
| CVE-2018-9475 | 1 Google | 1 Android | 2024-12-18 | 7.5 High |
| In HeadsetInterface::ClccResponse of btif_hf.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote escalation of privilege via Bluetooth, if the recipient has enabled SIP calls with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-49551 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2024-12-18 | 7.8 High |
| Media Encoder versions 25.0, 24.6.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-49552 | 1 Adobe | 1 Media Encoder | 2024-12-18 | 7.8 High |
| Media Encoder versions 25.0, 24.6.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-49553 | 3 Adobe, Apple, Microsoft | 3 Media Encoder, Macos, Windows | 2024-12-18 | 7.8 High |
| Media Encoder versions 25.0, 24.6.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2017-13313 | 1 Google | 1 Android | 2024-12-18 | 7.5 High |
| In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, there is a possible infinite loop leading to resource exhaustion due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-52994 | 1 Adobe | 1 Substance 3d Sampler | 2024-12-18 | 7.8 High |
| Substance3D - Sampler versions 4.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-52995 | 1 Adobe | 1 Substance 3d Sampler | 2024-12-18 | 7.8 High |
| Substance3D - Sampler versions 4.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-52996 | 1 Adobe | 1 Substance 3d Sampler | 2024-12-18 | 7.8 High |
| Substance3D - Sampler versions 4.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2020-10828 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2024-12-18 | 9.8 Critical |
| A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. | ||||
| CVE-2020-10827 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2024-12-18 | 9.8 Critical |
| A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. | ||||
| CVE-2020-10825 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2024-12-18 | 9.8 Critical |
| A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3). | ||||
| CVE-2020-10824 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2024-12-18 | 9.8 Critical |
| A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3). | ||||
| CVE-2020-10823 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2024-12-18 | 9.8 Critical |
| A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3). | ||||
| CVE-2023-3291 | 1 Gpac | 1 Gpac | 2024-12-17 | 3.3 Low |
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2. | ||||
| CVE-2024-43091 | 1 Google | 1 Android | 2024-12-17 | 9.8 Critical |
| In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||