Total
1969 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8905 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
|
Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2024-7018 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 7.8 HIGH |
|
Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
|
|||||
| CVE-2023-38154 | 1 Microsoft | 2 Windows 10 1809, Windows Server 2019 | 2025-01-01 | N/A | 7.8 HIGH |
|
Windows Kernel Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-33129 | 1 Microsoft | 1 Sharepoint Server | 2025-01-01 | N/A | 6.5 MEDIUM |
|
Microsoft SharePoint Server Denial of Service Vulnerability
|
|||||
| CVE-2024-56732 | 2024-12-28 | N/A | 8.8 HIGH | ||
|
HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.
|
|||||
| CVE-2024-26178 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 21h2 and 9 more | 2024-12-27 | N/A | 7.8 HIGH |
|
Windows Kernel Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-21330 | 1 Microsoft | 8 Azure Automation, Azure Automation Update Management, Azure Security Center and 5 more | 2024-12-27 | N/A | 7.8 HIGH |
|
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-5493 | 3 Canonical, Fedoraproject, Google | 3 Ubuntu Linux, Fedora, Chrome | 2024-12-26 | N/A | 8.8 HIGH |
|
Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-11576 | 1 Luxion | 1 Keyshot | 2024-12-20 | N/A | 7.8 HIGH |
|
Luxion KeyShot 3DS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of the length of user-supplied data prior to c ...
Show More |
|||||
| CVE-2024-11580 | 1 Luxion | 1 Keyshot | 2024-12-20 | N/A | 7.8 HIGH |
|
Luxion KeyShot ABC File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of abc files. The issue results from the lack of proper validation of the length of user-supplied data prior to c ...
Show More |
|||||
| CVE-2024-5160 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-12-20 | N/A | 8.8 HIGH |
|
Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-4559 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-19 | N/A | 6.5 MEDIUM |
|
Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2024-32664 | 1 Oisf | 1 Suricata | 2024-12-19 | N/A | 5.3 MEDIUM |
|
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false.
|
|||||
| CVE-2024-49545 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-12-18 | N/A | 7.8 HIGH |
|
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-6816 | 1 Irfanview | 1 Irfanview | 2024-12-18 | N/A | 7.8 HIGH |
|
IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it ...
Show More |
|||||
| CVE-2024-11511 | 1 Irfanview | 1 Irfanview | 2024-12-18 | N/A | 7.8 HIGH |
|
IrfanView XCF Plugin XCF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XCF files. The issue results from the lack of proper validation of the length of user-supplied data prior to ...
Show More |
|||||
| CVE-2024-49552 | 1 Adobe | 1 Media Encoder | 2024-12-18 | N/A | 7.8 HIGH |
|
Media Encoder versions 25.0, 24.6.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-52995 | 1 Adobe | 1 Substance 3d Sampler | 2024-12-18 | N/A | 7.8 HIGH |
|
Substance3D - Sampler versions 4.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-52996 | 1 Adobe | 1 Substance 3d Sampler | 2024-12-18 | N/A | 7.8 HIGH |
|
Substance3D - Sampler versions 4.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-21913 | 1 Rockwellautomation | 1 Arena | 2024-12-17 | N/A | 7.8 HIGH |
|
A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by overstepping the memory boundaries, which triggers an access violation. Once inside, the threat actor can run harmful code on the system. This affects the confidentiality, integrity, and availability of the product. To trigger this, the user would unwittingly need to open a malicious file shared by the threa ...
Show More |
|||||
| CVE-2023-44429 | 1 Gstreamer Project | 1 Gstreamer | 2024-12-16 | N/A | 8.8 HIGH |
|
GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prio ...
Show More |
|||||
| CVE-2024-0040 | 1 Google | 1 Android | 2024-12-16 | N/A | 7.5 HIGH |
|
In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-0033 | 1 Google | 1 Android | 2024-12-16 | N/A | 7.8 HIGH |
|
In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-0018 | 1 Google | 1 Android | 2024-12-16 | N/A | 7.8 HIGH |
|
In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-37310 | 2024-12-16 | N/A | 9.0 CRITICAL | ||
|
EVerest is an EV charging software stack. An integer overflow in the "v2g_incoming_v2gtp" function in the v2g_server.cpp implementation can allow a remote attacker to overflow the process' heap. This vulnerability is fixed in 2024.3.1 and 2024.6.0.
|
|||||
| CVE-2024-8587 | 1 Autodesk | 8 Advance Steel, Autocad, Autocad Architecture and 5 more | 2024-12-16 | N/A | 7.8 HIGH |
|
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
|
|||||
| CVE-2024-53956 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2024-12-13 | N/A | 7.8 HIGH |
|
Premiere Pro versions 25.0, 24.6.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-53957 | 1 Adobe | 1 Substance 3d Painter | 2024-12-13 | N/A | 7.8 HIGH |
|
Substance3D - Painter versions 10.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-52999 | 1 Adobe | 1 Substance 3d Modeler | 2024-12-12 | N/A | 7.8 HIGH |
|
Substance3D - Modeler versions 1.14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-8025 | 1 Nikon | 1 Nef Codec | 2024-12-11 | N/A | 7.8 HIGH |
|
Nikon NEF Codec Thumbnail Provider NRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nikon NEF Codec. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of NRW files. The issue results from the lack of proper validation of the length of user-sup ...
Show More |
|||||
| CVE-2024-54093 | 2024-12-10 | N/A | 7.8 HIGH | ||
|
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted ASM files. This could allow an attacker to execute code in the context of the current process.
|
|||||
| CVE-2024-41981 | 2024-12-10 | N/A | 7.8 HIGH | ||
|
A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process.
|
|||||
| CVE-2022-23086 | 1 Freebsd | 1 Freebsd | 2024-12-09 | N/A | 7.8 HIGH |
|
Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small.
Users with access to the mpr, mps or mpt device node may overwrite heap data, potentially resulting in privilege escalation. Note that the device node is only accessible to root and members of the operator group.
|
|||||
| CVE-2024-26166 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-06 | N/A | 8.8 HIGH |
|
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-20739 | 3 Adobe, Apple, Microsoft | 3 Audition, Macos, Windows | 2024-12-06 | N/A | 7.8 HIGH |
|
Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2024-26210 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-06 | N/A | 8.8 HIGH |
|
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-26214 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-06 | N/A | 8.8 HIGH |
|
Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability
|
|||||
| CVE-2024-26161 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-05 | N/A | 8.8 HIGH |
|
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-26159 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-12-05 | N/A | 8.8 HIGH |
|
Microsoft ODBC Driver Remote Code Execution Vulnerability
|
|||||
| CVE-2024-20745 | 3 Adobe, Apple, Microsoft | 3 Premiere Pro, Macos, Windows | 2024-12-04 | N/A | 7.8 HIGH |
|
Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||