Total
1451 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-13051 | 1 Ashlar | 1 Graphite | 2025-01-03 | N/A | 7.8 HIGH |
| Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24977. | |||||
| CVE-2024-13050 | 1 Ashlar | 1 Graphite | 2025-01-03 | N/A | 7.8 HIGH |
| Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24976. | |||||
| CVE-2024-3758 | 1 Openatom | 1 Openharmony | 2025-01-02 | N/A | 6.5 MEDIUM |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow. | |||||
| CVE-2024-8905 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-7018 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 7.8 HIGH |
| Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) | |||||
| CVE-2023-38154 | 1 Microsoft | 2 Windows 10 1809, Windows Server 2019 | 2025-01-01 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-33129 | 1 Microsoft | 1 Sharepoint Server | 2025-01-01 | N/A | 6.5 MEDIUM |
| Microsoft SharePoint Server Denial of Service Vulnerability | |||||
| CVE-2023-28252 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-01 | N/A | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-56737 | 2024-12-31 | N/A | 8.8 HIGH | ||
| GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. | |||||
| CVE-2024-56732 | 2024-12-28 | N/A | 8.8 HIGH | ||
| HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function. | |||||
| CVE-2024-26178 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 21h2 and 9 more | 2024-12-27 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-21330 | 1 Microsoft | 8 Azure Automation, Azure Automation Update Management, Azure Security Center and 5 more | 2024-12-27 | N/A | 7.8 HIGH |
| Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | |||||
| CVE-2024-5493 | 3 Canonical, Fedoraproject, Google | 3 Ubuntu Linux, Fedora, Chrome | 2024-12-26 | N/A | 8.8 HIGH |
| Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-11576 | 1 Luxion | 1 Keyshot | 2024-12-20 | N/A | 7.8 HIGH |
| Luxion KeyShot 3DS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23681. | |||||
| CVE-2024-11580 | 1 Luxion | 1 Keyshot | 2024-12-20 | N/A | 7.8 HIGH |
| Luxion KeyShot ABC File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of abc files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23700. | |||||
| CVE-2024-5160 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-12-20 | N/A | 8.8 HIGH |
| Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-4559 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-19 | N/A | 6.5 MEDIUM |
| Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-32664 | 1 Oisf | 1 Suricata | 2024-12-19 | N/A | 5.3 MEDIUM |
| Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false. | |||||
| CVE-2024-49545 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-12-18 | N/A | 7.8 HIGH |
| InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-6816 | 1 Irfanview | 1 Irfanview | 2024-12-18 | N/A | 7.8 HIGH |
| IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23214. | |||||