Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-30 | CVE-2024-7670 | Out-of-bounds Read vulnerability in Autodesk Navisworks 2025/2025.1/2025.2 A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-of-Bounds Read. | 7.8 |
| 2024-09-30 | CVE-2024-7671 | Out-of-bounds Write vulnerability in Autodesk Navisworks 2025/2025.1/2025.2 A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. | 7.8 |
| 2024-09-30 | CVE-2024-7672 | Out-of-bounds Write vulnerability in Autodesk Navisworks 2025/2025.1/2025.2 A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. | 7.8 |
| 2024-09-30 | CVE-2024-7673 | Out-of-bounds Write vulnerability in Autodesk Navisworks 2025/2025.1/2025.2 A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. | 7.8 |
| 2024-09-30 | CVE-2024-7674 | Out-of-bounds Write vulnerability in Autodesk Navisworks 2025/2025.1/2025.2 A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. | 7.8 |
| 2024-09-30 | CVE-2024-7675 | Use After Free vulnerability in Autodesk Navisworks 2025/2025.1/2025.2 A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. | 7.8 |
| 2024-09-30 | CVE-2024-9158 | Cross-site Scripting vulnerability in Tenable Nessus Network Monitor A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI. | 4.6 |
| 2024-09-30 | CVE-2024-46869 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel_pcie: Allocate memory for driver private data Fix driver not allocating memory for struct btintel_data which is used to store internal data. | 5.5 |
| 2024-09-30 | CVE-2024-47067 | Cross-site Scripting vulnerability in Alist Project Alist AList is a file list program that supports multiple storages. | 6.1 |
| 2024-09-30 | CVE-2024-47178 | Unspecified vulnerability in Expressjs Basic-Auth-Connect basic-auth-connect is Connect's Basic Auth middleware in its own module. | 5.3 |