Total
1748 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0633 | 2025-02-19 | N/A | N/A | ||
| Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory | |||||
| CVE-2025-1052 | 1 Mintty Project | 1 Mintty | 2025-02-18 | N/A | 8.8 HIGH |
| Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mintty. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of sixel images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-23382. | |||||
| CVE-2022-2848 | 4 Ge, Ptc, Rockwellautomation and 1 more | 8 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 5 more | 2025-02-18 | N/A | 9.1 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486. | |||||
| CVE-2024-1062 | 2 Fedoraproject, Redhat | 13 Fedora, 389 Directory Server, Directory Server and 10 more | 2025-02-18 | N/A | 5.5 MEDIUM |
| A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr. | |||||
| CVE-2025-21407 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-14 | N/A | 8.8 HIGH |
| Windows Telephony Service Remote Code Execution Vulnerability | |||||
| CVE-2025-21410 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-02-14 | N/A | 8.8 HIGH |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||
| CVE-2025-21414 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-02-14 | N/A | 7.0 HIGH |
| Windows Core Messaging Elevation of Privileges Vulnerability | |||||
| CVE-2024-2212 | 1 Eclipse | 1 Threadx | 2025-02-13 | N/A | 7.3 HIGH |
| In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows. | |||||
| CVE-2023-4264 | 1 Zephyrproject | 1 Zephyr | 2025-02-13 | N/A | 7.1 HIGH |
| Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem. | |||||
| CVE-2023-31276 | 2025-02-12 | N/A | 8.2 HIGH | ||
| Heap-based buffer overflow in BMC Firmware for the Intel(R) Server Board S2600WF, Intel(R) Server Board S2600ST, Intel(R) Server Board S2600BP, before version 02.01.0017 and Intel(R) Server Board M50CYP and Intel(R) Server Board D50TNP before version R01.01.0009 may allow a privileged user to enable escalation of privilege via local access. | |||||
| CVE-2025-0903 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2025-02-12 | N/A | 8.8 HIGH |
| PDF-XChange Editor RTF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of RTF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25421. | |||||
| CVE-2024-0145 | 2025-02-12 | N/A | 6.8 MEDIUM | ||
| NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a heap-based buffer overflow issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering. | |||||
| CVE-2023-49600 | 1 Libigl | 1 Libigl | 2025-02-12 | N/A | 8.1 HIGH |
| An out-of-bounds write vulnerability exists in the PlyFile ply_cast_ascii functionality of libigl v2.5.0. A specially crafted .ply file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2025-21200 | 2025-02-11 | N/A | 8.8 HIGH | ||
| Windows Telephony Service Remote Code Execution Vulnerability | |||||
| CVE-2025-21190 | 2025-02-11 | N/A | 8.8 HIGH | ||
| Windows Telephony Service Remote Code Execution Vulnerability | |||||
| CVE-2023-1906 | 2 Fedoraproject, Imagemagick | 3 Extra Packages For Enterprise Linux, Fedora, Imagemagick | 2025-02-10 | N/A | 5.5 MEDIUM |
| A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. | |||||
| CVE-2025-0662 | 2025-02-07 | N/A | 4.9 MEDIUM | ||
| In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14 uninitialized bytes of kernel memory being copied out to userspace. It is possible for an unprivileged userspace program to leak 14 bytes of a kernel heap allocation to userspace. | |||||
| CVE-2023-27911 | 1 Autodesk | 1 Fbx Software Development Kit | 2025-02-06 | N/A | 7.8 HIGH |
| A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution. | |||||
| CVE-2021-23165 | 1 Htmldoc Project | 1 Htmldoc | 2025-02-05 | 10.0 HIGH | 9.8 CRITICAL |
| A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service. | |||||
| CVE-2024-55192 | 1 Openimageio | 1 Openimageio | 2025-02-05 | N/A | 9.8 CRITICAL |
| OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*). | |||||