Total
13348 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8599 | 2 Autodesk, Microsoft | 9 Autocad, Autocad Advance Steel, Autocad Architecture and 6 more | 2025-04-11 | N/A | 7.8 HIGH |
| A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-8598 | 2 Autodesk, Microsoft | 9 Autocad, Autocad Advance Steel, Autocad Architecture and 6 more | 2025-04-11 | N/A | 7.8 HIGH |
| A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2024-8597 | 2 Autodesk, Microsoft | 9 Autocad, Autocad Advance Steel, Autocad Architecture and 6 more | 2025-04-11 | N/A | 7.8 HIGH |
| A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | |||||
| CVE-2022-2584 | 1 Protocol | 1 Go-codec-dagpb | 2025-04-11 | N/A | 7.5 HIGH |
| The dag-pb codec can panic when decoding invalid blocks. | |||||
| CVE-2025-2849 | 1 Upx | 1 Upx | 2025-04-11 | 1.7 LOW | 3.3 LOW |
| A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2024-23132 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-04-11 | N/A | 7.8 HIGH |
| A maliciously crafted STP file in atf_dwg_consumer.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | |||||
| CVE-2021-43312 | 1 Upx | 1 Upx | 2025-04-11 | N/A | 7.5 HIGH |
| A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239. | |||||
| CVE-2021-43313 | 1 Upx | 1 Upx | 2025-04-11 | N/A | 7.5 HIGH |
| A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688. | |||||
| CVE-2021-43311 | 1 Upx | 1 Upx | 2025-04-11 | N/A | 7.5 HIGH |
| A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382. | |||||
| CVE-2020-27799 | 1 Upx | 1 Upx | 2025-04-11 | N/A | 7.8 HIGH |
| A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file. | |||||
| CVE-2021-43316 | 1 Upx | 1 Upx | 2025-04-11 | N/A | 7.5 HIGH |
| A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64(). | |||||
| CVE-2021-20285 | 1 Upx | 1 Upx | 2025-04-11 | 8.3 HIGH | 6.6 MEDIUM |
| A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-27797 | 1 Upx | 1 Upx | 2025-04-11 | N/A | 5.5 MEDIUM |
| An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. | |||||
| CVE-2021-43315 | 1 Upx | 1 Upx | 2025-04-11 | N/A | 7.5 HIGH |
| A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349 | |||||
| CVE-2021-43317 | 1 Upx | 1 Upx | 2025-04-11 | N/A | 7.5 HIGH |
| A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404 | |||||
| CVE-2020-27801 | 1 Upx | 1 Upx | 2025-04-11 | N/A | 7.8 HIGH |
| A heap-based buffer over-read was discovered in the get_le64 function in bele.h in UPX 4.0.0 via a crafted Mach-O file. | |||||
| CVE-2019-20053 | 2 Opensuse, Upx | 3 Backports, Leap, Upx | 2025-04-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. | |||||
| CVE-2021-43314 | 1 Upx | 1 Upx | 2025-04-11 | N/A | 7.5 HIGH |
| A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368 | |||||
| CVE-2020-27802 | 1 Upx | 1 Upx | 2025-04-11 | N/A | 5.5 MEDIUM |
| An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. | |||||
| CVE-2020-27787 | 1 Upx | 1 Upx | 2025-04-11 | N/A | 5.5 MEDIUM |
| A Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service. | |||||