Search Results (364989 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-30281 1 Adobe 1 Substance 3d Designer 2024-12-12 5.5 Medium
Substance3D - Designer versions 13.1.1 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-11669 1 Gitlab 1 Gitlab 2024-12-12 6.5 Medium
An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes.
CVE-2024-30314 3 Adobe, Apple, Microsoft 3 Dreamweaver, Macos, Windows 2024-12-12 7.8 High
Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does require user interaction.
CVE-2023-28810 1 Hikvision 74 Ds-k1t320efwx, Ds-k1t320efwx Firmware, Ds-k1t320efx and 71 more 2024-12-12 4.3 Medium
Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Attackers can modify device network configuration by sending specific data packets to the vulnerable interface within the same local network.
CVE-2024-41836 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2024-12-12 5.5 Medium
InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-45149 1 Adobe 3 Commerce, Commerce B2b, Magento 2024-12-12 2.7 Low
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction.
CVE-2024-11828 1 Gitlab 1 Gitlab 2024-12-12 4.3 Medium
A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlier patch.
CVE-2024-45119 1 Adobe 3 Commerce, Commerce B2b, Magento 2024-12-12 4.9 Medium
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.
CVE-2024-45120 1 Adobe 3 Commerce, Commerce B2b, Magento 2024-12-12 3.1 Low
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use of a resource, having a low impact on integrity. Exploitation of this issue requires user interaction.
CVE-2024-8114 1 Gitlab 1 Gitlab 2024-12-12 8.2 High
An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges.
CVE-2021-26367 1 Amd 102 Athlon Gold 3150c, Athlon Gold 3150c Firmware, Athlon Gold 3150g and 99 more 2024-12-12 5.7 Medium
A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a loss of integrity and availability.
CVE-2023-20584 2 Amd, Redhat 135 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 132 more 2024-12-12 5.3 Medium
IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity.
CVE-2023-20510 1 Amd 32 Radeon Pro W6300, Radeon Pro W6400, Radeon Pro W6600 and 29 more 2024-12-12 4.7 Medium
An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service.
CVE-2024-54117 1 Huawei 1 Harmonyos 2024-12-12 6.2 Medium
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-54116 1 Huawei 1 Harmonyos 2024-12-12 4.3 Medium
Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVE-2024-54115 1 Huawei 1 Harmonyos 2024-12-12 4.3 Medium
Out-of-bounds read vulnerability in the DASH module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-54114 1 Huawei 1 Harmonyos 2024-12-12 4.4 Medium
Out-of-bounds access vulnerability in playback in the DASH module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-54111 1 Huawei 1 Harmonyos 2024-12-12 5.7 Medium
Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-54106 1 Huawei 1 Harmonyos 2024-12-12 7.1 High
Null pointer dereference vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-2177 1 Gitlab 1 Gitlab 2024-12-12 6.8 Medium
A Cross Window Forgery vulnerability exists within GitLab CE/EE affecting all versions from 16.3 prior to 16.11.5, 17.0 prior to 17.0.3, and 17.1 prior to 17.1.1. This condition allows for an attacker to abuse the OAuth authentication flow via a crafted payload.