Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-01-14 CVE-2024-10254 A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.
local
high complexity
4.7
2025-01-14 CVE-2024-45102 A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances.
network
high complexity
6.8
2025-01-14 CVE-2025-21135 Integer Underflow (Wrap or Wraparound) vulnerability in Adobe Animate
Animate versions 24.0.6, 23.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
local
low complexity
adobe CWE-191
7.8
2025-01-14 CVE-2025-21136 Out-of-bounds Write vulnerability in Adobe Substance 3D Designer
Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
local
low complexity
adobe CWE-787
7.8
2025-01-14 CVE-2025-21137 Out-of-bounds Write vulnerability in Adobe Substance 3D Designer
Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
local
low complexity
adobe CWE-787
7.8
2025-01-14 CVE-2025-21138 Out-of-bounds Write vulnerability in Adobe Substance 3D Designer
Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
local
low complexity
adobe CWE-787
7.8
2025-01-14 CVE-2025-21139 Out-of-bounds Write vulnerability in Adobe Substance 3D Designer
Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
local
low complexity
adobe CWE-787
7.8
2025-01-14 CVE-2025-23018 Unspecified vulnerability in Ietf Ipv6
IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface.
network
high complexity
ietf
6.5
2025-01-14 CVE-2025-23019 Unspecified vulnerability in Ietf Ipv6
IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface.
network
high complexity
ietf
6.5
2025-01-14 CVE-2024-48854 Off-by-one Error vulnerability in Blackberry QNX Software Development Platform 7.0/7.1/8.0
Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.
network
low complexity
blackberry CWE-193
7.5