Total
2646 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0633 | 2025-02-19 | 4.0 Medium | ||
| Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory | ||||
| CVE-2023-25664 | 1 Google | 1 Tensorflow | 2025-02-19 | 7.5 High |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1. | ||||
| CVE-2023-25668 | 1 Google | 1 Tensorflow | 2025-02-19 | 9.8 Critical |
| TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1. | ||||
| CVE-2023-1655 | 1 Gpac | 1 Gpac | 2025-02-19 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0. | ||||
| CVE-2023-0210 | 1 Linux | 1 Linux Kernel | 2025-02-19 | 7.5 High |
| A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems. | ||||
| CVE-2022-24672 | 1 Canon | 152 1435i\+, 1435i\+ Firmware, 1435if and 149 more | 2025-02-19 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15802. | ||||
| CVE-2025-1052 | 1 Mintty Project | 1 Mintty | 2025-02-18 | 8.8 High |
| Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mintty. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of sixel images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-23382. | ||||
| CVE-2022-2848 | 4 Ge, Ptc, Rockwellautomation and 1 more | 8 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 5 more | 2025-02-18 | 9.1 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486. | ||||
| CVE-2024-2212 | 1 Eclipse | 1 Threadx | 2025-02-13 | 7.3 High |
| In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows. | ||||
| CVE-2023-6879 | 2 Aomedia, Fedoraproject | 2 Aomedia, Fedora | 2025-02-13 | 9 Critical |
| Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). | ||||
| CVE-2024-5835 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 8.8 High |
| Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-5493 | 3 Canonical, Fedoraproject, Google | 3 Ubuntu Linux, Fedora, Chrome | 2025-02-13 | 8.8 High |
| Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-5160 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2025-02-13 | 8.8 High |
| Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-4559 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 7.5 High |
| Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-7158 | 1 Micropython | 1 Micropython | 2025-02-13 | 7.3 High |
| A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180. | ||||
| CVE-2023-6861 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-02-13 | 8.8 High |
| The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | ||||
| CVE-2023-6856 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2025-02-13 | 8.8 High |
| The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | ||||
| CVE-2023-6246 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Glibc, Enterprise Linux | 2025-02-13 | 8.4 High |
| A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer. | ||||
| CVE-2023-5686 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2025-02-13 | 8.8 High |
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. | ||||
| CVE-2023-49600 | 1 Libigl | 1 Libigl | 2025-02-13 | 8.1 High |
| An out-of-bounds write vulnerability exists in the PlyFile ply_cast_ascii functionality of libigl v2.5.0. A specially crafted .ply file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | ||||