Total
1969 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21200 | 2025-02-11 | N/A | 8.8 HIGH | ||
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21190 | 2025-02-11 | N/A | 8.8 HIGH | ||
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2023-1906 | 2 Fedoraproject, Imagemagick | 3 Extra Packages For Enterprise Linux, Fedora, Imagemagick | 2025-02-10 | N/A | 5.5 MEDIUM |
|
A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.
|
|||||
| CVE-2025-0662 | 2025-02-07 | N/A | 4.9 MEDIUM | ||
|
In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14 uninitialized bytes of kernel memory being copied out to userspace.
It is possible for an unprivileged userspace program to leak 14 bytes of a kernel heap allocation to userspace.
|
|||||
| CVE-2023-27911 | 1 Autodesk | 1 Fbx Software Development Kit | 2025-02-06 | N/A | 7.8 HIGH |
|
A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.
|
|||||
| CVE-2021-23165 | 1 Htmldoc Project | 1 Htmldoc | 2025-02-05 | 10.0 HIGH | 9.8 CRITICAL |
|
A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service.
|
|||||
| CVE-2024-55192 | 1 Openimageio | 1 Openimageio | 2025-02-05 | N/A | 9.8 CRITICAL |
|
OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*).
|
|||||
| CVE-2024-22453 | 1 Dell | 50 Nx3230, Nx3230 Firmware, Nx3330 and 47 more | 2025-02-04 | N/A | 7.2 HIGH |
|
Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privileged attacker could potentially exploit this vulnerability to write to otherwise unauthorized memory.
|
|||||
| CVE-2023-2241 | 1 Podofo Project | 1 Podofo | 2025-02-04 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerab ...
Show More |
|||||
| CVE-2024-33505 | 1 Fortinet | 3 Fortianalyzer, Fortimanager, Fortimanager Cloud | 2025-01-31 | N/A | 5.6 MEDIUM |
|
A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requests
|
|||||
| CVE-2025-21237 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-29 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2024-7673 | 1 Autodesk | 1 Navisworks | 2025-01-29 | N/A | 7.8 HIGH |
|
A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
|
|||||
| CVE-2025-21266 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-27 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21256 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-27 | N/A | 6.6 MEDIUM |
|
Windows Digital Media Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-21223 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-27 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21178 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-01-27 | N/A | 8.8 HIGH |
|
Visual Studio Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21273 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-27 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21282 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-27 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2024-30259 | 1 Eprosima | 1 Fast Dds | 2025-01-27 | N/A | 8.2 HIGH |
|
FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed `RTPS` packet, heap buffer overflow occurs on the subscriber. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.
|
|||||
| CVE-2025-21286 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21252 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21250 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21246 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21248 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21245 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21241 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21239 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21240 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21238 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21236 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21233 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21306 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21305 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21303 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21302 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2019-15690 | 2025-01-24 | N/A | 8.8 HIGH | ||
|
LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution.
|
|||||
| CVE-2020-12819 | 1 Fortinet | 1 Fortios | 2025-01-21 | N/A | 5.4 MEDIUM |
|
A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode is enabled. Arbitrary code execution may be theoretically possible, albeit practically very difficult to achieve in this context
|
|||||
| CVE-2025-21339 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-21 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21139 | 1 Adobe | 1 Substance 3d Designer | 2025-01-21 | N/A | 7.8 HIGH |
|
Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2025-21137 | 1 Adobe | 1 Substance 3d Designer | 2025-01-21 | N/A | 7.8 HIGH |
|
Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||