Total
2516 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35302 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-02-28 | 8.8 High |
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | ||||
| CVE-2023-33129 | 1 Microsoft | 1 Sharepoint Server | 2025-02-28 | 6.5 Medium |
| Microsoft SharePoint Server Denial of Service Vulnerability | ||||
| CVE-2023-32083 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2025-02-28 | 6.5 Medium |
| Microsoft Failover Cluster Information Disclosure Vulnerability | ||||
| CVE-2023-36865 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-02-27 | 7.8 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||
| CVE-2023-36896 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-02-27 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2023-38154 | 1 Microsoft | 2 Windows 10 1809, Windows Server 2019 | 2025-02-27 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2023-38212 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2025-02-27 | 7.8 High |
| Adobe Dimension version 3.4.9 is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-1448 | 1 Gpac | 1 Gpac | 2025-02-26 | 5.3 Medium |
| A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function gf_m2ts_process_sdt of the file media_tools/mpegts.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223293 was assigned to this vulnerability. | ||||
| CVE-2025-1538 | 1 Dlink | 2 Dap-1320, Dap-1320 Firmware | 2025-02-25 | 8.8 High |
| A vulnerability classified as critical was found in D-Link DAP-1320 1.00. Affected by this vulnerability is the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-45421 | 2025-02-25 | 8.5 High | ||
| Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access. | ||||
| CVE-2023-27585 | 1 Teluu | 1 Pjsip | 2025-02-25 | 7.5 High |
| PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead. | ||||
| CVE-2025-25474 | 2025-02-20 | 6.5 Medium | ||
| DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the component /dcmimgle/diinpxt.h. | ||||
| CVE-2025-25472 | 2025-02-20 | 5.3 Medium | ||
| A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to cause a Denial of Service (DoS) via a crafted DCM file. | ||||
| CVE-2025-0633 | 2025-02-19 | 4.0 Medium | ||
| Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory | ||||
| CVE-2023-25664 | 1 Google | 1 Tensorflow | 2025-02-19 | 7.5 High |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1. | ||||
| CVE-2023-25668 | 1 Google | 1 Tensorflow | 2025-02-19 | 9.8 Critical |
| TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1. | ||||
| CVE-2023-1655 | 1 Gpac | 1 Gpac | 2025-02-19 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0. | ||||
| CVE-2023-0210 | 1 Linux | 1 Linux Kernel | 2025-02-19 | 7.5 High |
| A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems. | ||||
| CVE-2022-24672 | 1 Canon | 152 1435i\+, 1435i\+ Firmware, 1435if and 149 more | 2025-02-19 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15802. | ||||
| CVE-2025-1052 | 1 Mintty Project | 1 Mintty | 2025-02-18 | 8.8 High |
| Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mintty. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of sixel images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-23382. | ||||