ReportizFlow
Filtered by vendor Microsoft
Subscriptions
Filtered by product Windows
Subscriptions
Total
9501 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8596 | 2 Autodesk, Microsoft | 12 Advance Steel, Autocad, Autocad Advance Steel and 9 more | 2025-08-26 | 7.8 High |
| A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2024-8595 | 2 Autodesk, Microsoft | 12 Advance Steel, Autocad, Autocad Advance Steel and 9 more | 2025-08-26 | 7.8 High |
| A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2024-8594 | 2 Autodesk, Microsoft | 12 Advance Steel, Autocad, Autocad Advance Steel and 9 more | 2025-08-26 | 7.8 High |
| A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2024-8593 | 2 Autodesk, Microsoft | 12 Advance Steel, Autocad, Autocad Advance Steel and 9 more | 2025-08-26 | 7.8 High |
| A maliciously crafted CATPART file, when parsed in ASMKERN230A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||||
| CVE-2024-8592 | 2 Autodesk, Microsoft | 13 Advance Steel, Autocad, Autocad Advance Steel and 10 more | 2025-08-26 | 7.8 High |
| A maliciously crafted CATPART file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2024-8591 | 2 Autodesk, Microsoft | 12 Advance Steel, Autocad, Autocad Advance Steel and 9 more | 2025-08-26 | 7.8 High |
| A maliciously crafted 3DM file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Heap-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2024-8590 | 2 Autodesk, Microsoft | 12 Advance Steel, Autocad, Autocad Advance Steel and 9 more | 2025-08-26 | 7.8 High |
| A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2024-8589 | 2 Autodesk, Microsoft | 12 Advance Steel, Autocad, Autocad Advance Steel and 9 more | 2025-08-26 | 7.8 High |
| A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2024-8588 | 2 Autodesk, Microsoft | 12 Advance Steel, Autocad, Autocad Advance Steel and 9 more | 2025-08-26 | 7.8 High |
| A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | ||||
| CVE-2022-40733 | 1 Microsoft | 4 Windows, Windows 11 21h2, Windows Server and 1 more | 2025-08-26 | 5 Medium |
| An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service. | ||||
| CVE-2024-38864 | 2 Checkmk, Microsoft | 2 Checkmk, Windows | 2025-08-25 | 3.3 Low |
| Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data. | ||||
| CVE-2025-1349 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more | 2025-08-24 | 5.5 Medium |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-1348 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more | 2025-08-24 | 4 Medium |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user’s web browser cache due to not using a suitable caching policy. | ||||
| CVE-2025-36049 | 7 Apple, Ibm, Linux and 4 more | 7 Macos, Webmethods Integration, Linux Kernel and 4 more | 2025-08-24 | 8.8 High |
| IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. | ||||
| CVE-2025-36048 | 7 Apple, Ibm, Linux and 4 more | 7 Macos, Webmethods Integration, Linux Kernel and 4 more | 2025-08-24 | 7.2 High |
| IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges. | ||||
| CVE-2024-54183 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more | 2025-08-24 | 5.4 Medium |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-54172 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more | 2025-08-24 | 4.3 Medium |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2025-3221 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-08-24 | 7.5 High |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a remote attacker to cause a denial of service due to insufficient validation of incoming request resources. | ||||
| CVE-2025-3629 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-08-24 | 4.3 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an authenticated user to delete another user's comments due to improper ownership management. | ||||
| CVE-2025-3630 | 3 Ibm, Linux, Microsoft | 5 Aix, Sterling B2b Integrator, Sterling File Gateway and 2 more | 2025-08-24 | 6.4 Medium |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||