CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-37003 |
Description: A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.07%
January 28th, 2025 (6 months ago)
|
|
CVE-2024-37002 |
Description: A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
CVSS: HIGH (7.8) EPSS Score: 0.07%
January 28th, 2025 (6 months ago)
|
|
CVE-2024-37001 |
Description: A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.07%
January 28th, 2025 (6 months ago)
|
|
CVE-2024-37000 |
Description: A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.13%
January 28th, 2025 (6 months ago)
|
|
CVE-2024-36248 |
Description: API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 28th, 2025 (6 months ago)
|
|
CVE-2024-35244 |
Description: There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 28th, 2025 (6 months ago)
|
|
CVE-2024-35144 |
Description: IBM Maximo Application Suite 8.10, 8.11, and 9.0 - Monitor Component stores source code on the web server that could aid in further attacks against the system.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
January 28th, 2025 (6 months ago)
|
|
CVE-2024-35134 |
Description: IBM Analytics Content Hub 2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
January 28th, 2025 (6 months ago)
|
|
CVE-2024-35117 |
Description: IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user.
CVSS: MEDIUM (4.4) EPSS Score: 0.05%
January 28th, 2025 (6 months ago)
|
|
CVE-2024-35114 |
Description: IBM Control Center 6.2.1 and 6.3.1
could allow a remote attacker to enumerate usernames due to an observable discrepancy between login attempts.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
January 28th, 2025 (6 months ago)
|