Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-14 | CVE-2024-10254 | A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. local high complexity | 4.7 |
| 2025-01-14 | CVE-2024-45102 | A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances. network high complexity | 6.8 |
| 2025-01-14 | CVE-2025-21135 | Integer Underflow (Wrap or Wraparound) vulnerability in Adobe Animate Animate versions 24.0.6, 23.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2025-01-14 | CVE-2025-21136 | Out-of-bounds Write vulnerability in Adobe Substance 3D Designer Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2025-01-14 | CVE-2025-21137 | Out-of-bounds Write vulnerability in Adobe Substance 3D Designer Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2025-01-14 | CVE-2025-21138 | Out-of-bounds Write vulnerability in Adobe Substance 3D Designer Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2025-01-14 | CVE-2025-21139 | Out-of-bounds Write vulnerability in Adobe Substance 3D Designer Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2025-01-14 | CVE-2025-23018 | Unspecified vulnerability in Ietf Ipv6 IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. | 6.5 |
| 2025-01-14 | CVE-2025-23019 | Unspecified vulnerability in Ietf Ipv6 IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface. | 6.5 |
| 2025-01-14 | CVE-2024-48854 | Off-by-one Error vulnerability in Blackberry QNX Software Development Platform 7.0/7.1/8.0 Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec. | 7.5 |