Total
1016 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44441 | 2024-05-03 | N/A | 7.8 HIGH | ||
| GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DDS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22093. | |||||
| CVE-2023-50230 | 2024-05-03 | N/A | 7.1 HIGH | ||
| BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device. The specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20938. | |||||
| CVE-2023-44442 | 2024-05-03 | N/A | 7.8 HIGH | ||
| GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process. Was ZDI-CAN-22094. | |||||
| CVE-2023-28798 | 2024-05-02 | N/A | 6.5 MEDIUM | ||
| An out-of-bounds write to heap in the pacparser library on Zscaler Client Connector on Mac may lead to arbitrary code execution. | |||||
| CVE-2024-25048 | 2024-04-29 | N/A | 7.5 HIGH | ||
| IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137. | |||||
| CVE-2023-32643 | 1 Gnome | 1 Glib | 2024-04-26 | N/A | 7.8 HIGH |
| A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665. | |||||
| CVE-2022-3437 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2024-04-22 | N/A | 6.5 MEDIUM |
| A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack. | |||||
| CVE-2024-32038 | 2024-04-19 | N/A | 9.8 CRITICAL | ||
| Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh Manager 4.7.2. | |||||
| CVE-2024-0257 | 2024-04-18 | N/A | 3.3 LOW | ||
| RoboDK v5.5.4 is vulnerable to heap-based buffer overflow while processing a specific project file. The resulting memory corruption may crash the application. | |||||
| CVE-2023-5400 | 2024-04-17 | N/A | 8.1 HIGH | ||
| Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. | |||||
| CVE-2024-26178 | 2024-04-11 | N/A | 7.8 HIGH | ||
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-26166 | 2024-04-11 | N/A | 8.8 HIGH | ||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2024-26161 | 2024-04-11 | N/A | 8.8 HIGH | ||
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2024-26159 | 2024-04-11 | N/A | 8.8 HIGH | ||
| Microsoft ODBC Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-26211 | 2024-04-10 | N/A | 7.8 HIGH | ||
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |||||
| CVE-2024-26168 | 2024-04-10 | N/A | 6.8 MEDIUM | ||
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-28932 | 2024-04-10 | N/A | 8.8 HIGH | ||
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2024-26229 | 2024-04-10 | N/A | 7.8 HIGH | ||
| Windows CSC Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-28896 | 2024-04-10 | N/A | 7.5 HIGH | ||
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-28908 | 2024-04-10 | N/A | 8.8 HIGH | ||
| Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | |||||