| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| Controller DoS due to stack overflow when decoding a message from the server.
See Honeywell Security Notification for recommendations on upgrading and versioning.
|
| An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This flaw allows a privileged local user to disclose sensitive information on affected installations of the Linux kernel. |
| A vulnerability has been found in Tenda TX3 16.03.13.11_multi and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
| In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. |
| In wcn service, there is a possible missing params check. This could lead to local denial of service in wcn service. |
| In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. |
| In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. |
| Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM |
| Memory corruption in modem due to use of out of range pointer offset while processing qmi msg |
| This affects the package json-pointer before 0.6.1. Multiple reference of object using slash is supported. |
| A vulnerability classified as critical has been found in Tenda TX3 16.03.13.11_multi. This affects an unknown part of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
| The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an
UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.
|
| A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
| in OpenHarmony v5.0.2 and prior versions allow a local attacker cause information leak through out-of-bounds read. |
| in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. This vulnerability can be exploited only in restricted scenarios. |
| in OpenHarmony v5.0.2 and prior versions allow a local attacker cause DOS through out-of-bounds read. |
| An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions. |
| An out of bounds read due to improper input validation in HeapObjMapImpl.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions. |
