Total
1003 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21375 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-26 | N/A | 7.8 HIGH |
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | |||||
| CVE-2025-21368 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-26 | N/A | 8.8 HIGH |
| Microsoft Digest Authentication Remote Code Execution Vulnerability | |||||
| CVE-2024-12084 | 2025-02-26 | N/A | 9.8 CRITICAL | ||
| A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer. | |||||
| CVE-2025-22881 | 2025-02-26 | N/A | N/A | ||
| Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2024-27245 | 2025-02-25 | N/A | 4.3 MEDIUM | ||
| Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access. | |||||
| CVE-2025-1538 | 1 Dlink | 2 Dap-1320, Dap-1320 Firmware | 2025-02-25 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in D-Link DAP-1320 1.00. Affected by this vulnerability is the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-45421 | 2025-02-25 | N/A | 8.5 HIGH | ||
| Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access. | |||||
| CVE-2025-22920 | 2025-02-19 | N/A | 5.3 MEDIUM | ||
| A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS). | |||||
| CVE-2025-21390 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-02-19 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2025-0633 | 2025-02-19 | N/A | N/A | ||
| Heap-based Buffer Overflow vulnerability inĀ iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory | |||||
| CVE-2025-1052 | 1 Mintty Project | 1 Mintty | 2025-02-18 | N/A | 8.8 HIGH |
| Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mintty. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of sixel images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-23382. | |||||
| CVE-2025-20128 | 2025-02-18 | N/A | 5.3 MEDIUM | ||
| A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2022-2848 | 4 Ge, Ptc, Rockwellautomation and 1 more | 8 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 5 more | 2025-02-18 | N/A | 9.1 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486. | |||||
| CVE-2024-37601 | 2025-02-18 | N/A | 4.6 MEDIUM | ||
| An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically. | |||||
| CVE-2024-1062 | 2 Fedoraproject, Redhat | 13 Fedora, 389 Directory Server, Directory Server and 10 more | 2025-02-18 | N/A | 5.5 MEDIUM |
| A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr. | |||||
| CVE-2025-21407 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-14 | N/A | 8.8 HIGH |
| Windows Telephony Service Remote Code Execution Vulnerability | |||||
| CVE-2025-21410 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-02-14 | N/A | 8.8 HIGH |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||
| CVE-2025-21414 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-02-14 | N/A | 7.0 HIGH |
| Windows Core Messaging Elevation of Privileges Vulnerability | |||||
| CVE-2024-2212 | 1 Eclipse | 1 Threadx | 2025-02-13 | N/A | 7.3 HIGH |
| In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows. | |||||
| CVE-2023-31276 | 2025-02-12 | N/A | 8.2 HIGH | ||
| Heap-based buffer overflow in BMC Firmware for the Intel(R) Server Board S2600WF, Intel(R) Server Board S2600ST, Intel(R) Server Board S2600BP, before version 02.01.0017 and Intel(R) Server Board M50CYP and Intel(R) Server Board D50TNP before version R01.01.0009 may allow a privileged user to enable escalation of privilege via local access. | |||||