Total
1588 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21376 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-26 | N/A | 8.1 HIGH |
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | |||||
| CVE-2025-21368 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-26 | N/A | 8.8 HIGH |
| Microsoft Digest Authentication Remote Code Execution Vulnerability | |||||
| CVE-2025-21369 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-26 | N/A | 8.8 HIGH |
| Microsoft Digest Authentication Remote Code Execution Vulnerability | |||||
| CVE-2025-21375 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-26 | N/A | 7.8 HIGH |
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-27245 | 2025-02-25 | N/A | 4.3 MEDIUM | ||
| Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access. | |||||
| CVE-2025-1538 | 1 Dlink | 2 Dap-1320, Dap-1320 Firmware | 2025-02-25 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in D-Link DAP-1320 1.00. Affected by this vulnerability is the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-45421 | 2025-02-25 | N/A | 8.5 HIGH | ||
| Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access. | |||||
| CVE-2025-22920 | 2025-02-19 | N/A | 5.3 MEDIUM | ||
| A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS). | |||||
| CVE-2025-0633 | 2025-02-19 | N/A | N/A | ||
| Heap-based Buffer Overflow vulnerability inĀ iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory | |||||
| CVE-2025-1052 | 1 Mintty Project | 1 Mintty | 2025-02-18 | N/A | 8.8 HIGH |
| Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mintty. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of sixel images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-23382. | |||||
| CVE-2025-20128 | 2025-02-18 | N/A | 5.3 MEDIUM | ||
| A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2022-2848 | 4 Ge, Ptc, Rockwellautomation and 1 more | 8 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 5 more | 2025-02-18 | N/A | 9.1 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486. | |||||
| CVE-2024-1062 | 2 Fedoraproject, Redhat | 13 Fedora, 389 Directory Server, Directory Server and 10 more | 2025-02-18 | N/A | 5.5 MEDIUM |
| A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr. | |||||
| CVE-2025-21407 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-14 | N/A | 8.8 HIGH |
| Windows Telephony Service Remote Code Execution Vulnerability | |||||
| CVE-2025-21410 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-02-14 | N/A | 8.8 HIGH |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||
| CVE-2025-21414 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-02-14 | N/A | 7.0 HIGH |
| Windows Core Messaging Elevation of Privileges Vulnerability | |||||
| CVE-2024-2212 | 1 Eclipse | 1 Threadx | 2025-02-13 | N/A | 7.3 HIGH |
| In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows. | |||||
| CVE-2024-22211 | 1 Freerdp | 1 Freerdp | 2025-02-13 | N/A | 3.7 LOW |
| FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability. | |||||
| CVE-2021-21017 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-02-13 | 6.8 MEDIUM | 8.8 HIGH |
| Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-4264 | 1 Zephyrproject | 1 Zephyr | 2025-02-13 | N/A | 7.1 HIGH |
| Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem. | |||||