Total
2464 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2025-2368 | 1 Webassembly | 1 Wabt | 2025-03-17 | 6.3 Medium |
A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | ||||
CVE-2024-29508 | 1 Artifex | 1 Ghostscript | 2025-03-17 | 3.3 Low |
Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. | ||||
CVE-2025-22134 | 1 Vim | 1 Vim | 2025-03-14 | 4.2 Medium |
When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003 | ||||
CVE-2024-41437 | 1 Dbohdan | 1 Hicolor | 2025-03-13 | 5.5 Medium |
A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. | ||||
CVE-2024-3516 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-13 | 8.8 High |
Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2023-4863 | 10 Bandisoft, Bentley, Debian and 7 more | 17 Honeyview, Seequent Leapfrog, Debian Linux and 14 more | 2025-03-13 | 8.8 High |
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | ||||
CVE-2024-46264 | 2 Cute Png, Randygaul | 2 Cute Png, Cute Png | 2025-03-13 | 7.8 High |
cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_find() function at cute_png.h. | ||||
CVE-2024-37080 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-03-13 | 9.8 Critical |
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | ||||
CVE-2024-49775 | 2025-03-12 | 9.8 Critical | ||
A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code. | ||||
CVE-2025-21414 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-03-12 | 7 High |
Windows Core Messaging Elevation of Privileges Vulnerability | ||||
CVE-2025-21184 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-03-12 | 7 High |
Windows Core Messaging Elevation of Privileges Vulnerability | ||||
CVE-2025-21371 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-03-12 | 8.8 High |
Windows Telephony Service Remote Code Execution Vulnerability | ||||
CVE-2025-21200 | 2025-03-12 | 8.8 High | ||
Windows Telephony Service Remote Code Execution Vulnerability | ||||
CVE-2025-21190 | 2025-03-12 | 8.8 High | ||
Windows Telephony Service Remote Code Execution Vulnerability | ||||
CVE-2025-21410 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-03-12 | 8.8 High |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
CVE-2025-21407 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-03-12 | 8.8 High |
Windows Telephony Service Remote Code Execution Vulnerability | ||||
CVE-2025-21208 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-03-12 | 8.8 High |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
CVE-2025-21418 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2025-03-12 | 7.8 High |
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | ||||
CVE-2025-21376 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-03-12 | 8.1 High |
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | ||||
CVE-2025-21375 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-03-12 | 7.8 High |
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |