Total
2563 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1890 | 1 Lenovo | 12 Thinkbook 14-iil, Thinkbook 14-iil Firmware, Thinkbook 14-iml and 9 more | 2025-04-01 | 6.7 Medium |
| A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code. | ||||
| CVE-2025-24439 | 1 Adobe | 1 Substance 3d Sampler | 2025-04-01 | 7.8 High |
| Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-24443 | 1 Adobe | 1 Substance 3d Sampler | 2025-04-01 | 7.8 High |
| Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-42405 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2025-03-31 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18367. | ||||
| CVE-2024-55627 | 1 Oisf | 1 Suricata | 2025-03-31 | 5.9 Medium |
| Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer underflow. The issue has been addressed in Suricata 7.0.8. | ||||
| CVE-2024-28572 | 1 Freeimage Project | 1 Freeimage | 2025-03-28 | 6.2 Medium |
| Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG format. | ||||
| CVE-2022-42403 | 1 Pdf-xchange | 1 Pdf-xchange Editor | 2025-03-27 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18892. | ||||
| CVE-2022-34400 | 1 Dell | 166 Alienware M15 R6, Alienware M15 R6 Firmware, Alienware M15 R7 and 163 more | 2025-03-27 | 7.1 High |
| Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM. | ||||
| CVE-2022-45491 | 1 Json.h Project | 1 Json.h | 2025-03-26 | 7.8 High |
| Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. | ||||
| CVE-2025-2618 | 1 Dlink | 2 Dap-1620, Dap-1620 Firmware | 2025-03-26 | 9.8 Critical |
| A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2022-42783 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 6.4 Medium |
| In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | ||||
| CVE-2024-29013 | 1 Sonicwall | 22 Nsa 2700, Nsa 3700, Nsa 4700 and 19 more | 2025-03-25 | 5.3 Medium |
| Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function. | ||||
| CVE-2023-0760 | 1 Gpac | 1 Gpac | 2025-03-24 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV. | ||||
| CVE-2022-34454 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-24 | 6.7 Medium |
| Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters. | ||||
| CVE-2025-2584 | 1 Webassembly | 1 Wabt | 2025-03-24 | 5 Medium |
| A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-0819 | 1 Gpac | 1 Gpac | 2025-03-21 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV. | ||||
| CVE-2024-29509 | 1 Artifex | 1 Ghostscript | 2025-03-20 | 8.8 High |
| Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle. | ||||
| CVE-2023-24550 | 1 Siemens | 1 Solid Edge Se2023 | 2025-03-20 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to heap-based buffer while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2023-24551 | 1 Siemens | 1 Solid Edge Se2023 | 2025-03-20 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to heap-based buffer underflow while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2024-53310 | 2025-03-19 | 5.5 Medium | ||
| A Structured Exception Handler based buffer overflow vulnerability exists in Effectmatrix Total Video Converter Command Line (TVCC) 2.50 when a specially crafted file is passed to the -ff parameter. The vulnerability occurs due to improper handling of file input with overly long characters, leading to memory corruption. This can result in arbitrary code execution or denial of service. | ||||