Total
1003 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0903 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2025-02-12 | N/A | 8.8 HIGH |
| PDF-XChange Editor RTF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of RTF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25421. | |||||
| CVE-2023-45318 | 2 Silabs, Weston-embedded | 2 Gecko Software Development Kit, Uc-http | 2025-02-12 | N/A | 10.0 CRITICAL |
| A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2024-21802 | 1 Ggerganov | 1 Llama.cpp | 2025-02-12 | N/A | 8.8 HIGH |
| A heap-based buffer overflow vulnerability exists in the GGUF library info->ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2024-0145 | 2025-02-12 | N/A | 6.8 MEDIUM | ||
| NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a heap-based buffer overflow issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering. | |||||
| CVE-2025-21418 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2025-02-12 | N/A | 7.8 HIGH |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||||
| CVE-2023-49600 | 1 Libigl | 1 Libigl | 2025-02-12 | N/A | 8.1 HIGH |
| An out-of-bounds write vulnerability exists in the PlyFile ply_cast_ascii functionality of libigl v2.5.0. A specially crafted .ply file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2025-21200 | 2025-02-11 | N/A | 8.8 HIGH | ||
| Windows Telephony Service Remote Code Execution Vulnerability | |||||
| CVE-2025-21190 | 2025-02-11 | N/A | 8.8 HIGH | ||
| Windows Telephony Service Remote Code Execution Vulnerability | |||||
| CVE-2025-0662 | 2025-02-07 | N/A | 4.9 MEDIUM | ||
| In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14 uninitialized bytes of kernel memory being copied out to userspace. It is possible for an unprivileged userspace program to leak 14 bytes of a kernel heap allocation to userspace. | |||||
| CVE-2025-22880 | 2025-02-07 | N/A | 7.8 HIGH | ||
| Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2023-27911 | 1 Autodesk | 1 Fbx Software Development Kit | 2025-02-06 | N/A | 7.8 HIGH |
| A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution. | |||||
| CVE-2023-32140 | 2025-02-05 | N/A | 7.5 HIGH | ||
| D-Link DAP-1360 webproc var:sys_Token Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing the var:sys_Token parameter, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-18418. | |||||
| CVE-2025-21171 | 3 Apple, Linux, Microsoft | 6 Macos, Linux Kernel, .net and 3 more | 2025-02-05 | N/A | 7.5 HIGH |
| .NET Remote Code Execution Vulnerability | |||||
| CVE-2025-21172 | 3 Apple, Linux, Microsoft | 7 Macos, Linux Kernel, .net and 4 more | 2025-02-05 | N/A | 7.5 HIGH |
| .NET and Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2024-55192 | 1 Openimageio | 1 Openimageio | 2025-02-05 | N/A | 9.8 CRITICAL |
| OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*). | |||||
| CVE-2024-50698 | 2025-02-05 | N/A | 9.8 CRITICAL | ||
| SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content. | |||||
| CVE-2023-40222 | 2025-02-04 | N/A | 7.8 HIGH | ||
| In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application lacks proper validation of user-supplied data when parsing CO files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | |||||
| CVE-2024-22453 | 1 Dell | 50 Nx3230, Nx3230 Firmware, Nx3330 and 47 more | 2025-02-04 | N/A | 7.2 HIGH |
| Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privileged attacker could potentially exploit this vulnerability to write to otherwise unauthorized memory. | |||||
| CVE-2023-2241 | 1 Podofo Project | 1 Podofo | 2025-02-04 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-8798 | 1 Zephyrproject | 1 Zephyr | 2025-02-03 | N/A | 7.5 HIGH |
| No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. | |||||