Total
1073 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28910 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
| Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2024-28911 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
| Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2024-28912 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
| Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2024-28913 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
| Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2024-28914 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
| Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2024-28915 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-07 | N/A | 8.8 HIGH |
| Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2024-13051 | 1 Ashlar | 1 Graphite | 2025-01-03 | N/A | 7.8 HIGH |
| Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24977. | |||||
| CVE-2024-13050 | 1 Ashlar | 1 Graphite | 2025-01-03 | N/A | 7.8 HIGH |
| Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24976. | |||||
| CVE-2024-3758 | 1 Openatom | 1 Openharmony | 2025-01-02 | N/A | 6.5 MEDIUM |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow. | |||||
| CVE-2024-8905 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-7018 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 7.8 HIGH |
| Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) | |||||
| CVE-2023-38154 | 1 Microsoft | 2 Windows 10 1809, Windows Server 2019 | 2025-01-01 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-33129 | 1 Microsoft | 1 Sharepoint Server | 2025-01-01 | N/A | 6.5 MEDIUM |
| Microsoft SharePoint Server Denial of Service Vulnerability | |||||
| CVE-2023-28252 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-01 | N/A | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-56732 | 2024-12-28 | N/A | 8.8 HIGH | ||
| HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function. | |||||
| CVE-2024-26178 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 21h2 and 9 more | 2024-12-27 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-21330 | 1 Microsoft | 8 Azure Automation, Azure Automation Update Management, Azure Security Center and 5 more | 2024-12-27 | N/A | 7.8 HIGH |
| Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | |||||
| CVE-2024-5493 | 3 Canonical, Fedoraproject, Google | 3 Ubuntu Linux, Fedora, Chrome | 2024-12-26 | N/A | 8.8 HIGH |
| Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-11576 | 1 Luxion | 1 Keyshot | 2024-12-20 | N/A | 7.8 HIGH |
| Luxion KeyShot 3DS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23681. | |||||
| CVE-2024-11580 | 1 Luxion | 1 Keyshot | 2024-12-20 | N/A | 7.8 HIGH |
| Luxion KeyShot ABC File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of abc files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23700. | |||||