ReportizFlow
Filtered by vendor
Subscriptions
Total
3034 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2804 | 1 Libjpeg-turbo | 1 Libjpeg-turbo | 2025-01-16 | 6.5 Medium |
| A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash. | ||||
| CVE-2021-31439 | 3 Debian, Netatalk, Synology | 3 Debian Linux, Netatalk, Diskstation Manager | 2025-01-14 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326. | ||||
| CVE-2018-5996 | 2 7-zip, Debian | 3 7-zip, P7zip, Debian Linux | 2025-01-10 | N/A |
| Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. | ||||
| CVE-2017-17969 | 2 7-zip, Debian | 3 7-zip, P7zip, Debian Linux | 2025-01-10 | N/A |
| Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive. | ||||
| CVE-2024-32038 | 1 Wazuh | 1 Wazuh | 2025-01-09 | 9.8 Critical |
| Wazuh is a free and open source platform used for threat prevention, detection, and response. There is a buffer overflow hazard in wazuh-analysisd when handling Unicode characters from Windows Eventchannel messages. It impacts Wazuh Manager 3.8.0 and above. This vulnerability is fixed in Wazuh Manager 4.7.2. | ||||
| CVE-2024-0156 | 1 Dell | 1 Digital Delivery | 2025-01-08 | 7 High |
| Dell Digital Delivery, versions prior to 5.2.0.0, contain a Buffer Overflow Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation. | ||||
| CVE-2023-2157 | 1 Imagemagick | 1 Imagemagick | 2025-01-08 | 5.5 Medium |
| A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing. | ||||
| CVE-2023-24014 | 1 Deltaww | 1 Cncsoft-b | 2025-01-07 | 7.8 High |
| Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to heap-based buffer overflow, which could allow an attacker to execute arbitrary code. | ||||
| CVE-2024-13051 | 1 Ashlar | 1 Graphite | 2025-01-03 | 7.8 High |
| Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24977. | ||||
| CVE-2024-13050 | 1 Ashlar | 1 Graphite | 2025-01-03 | 7.8 High |
| Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24976. | ||||
| CVE-2024-3758 | 1 Openatom | 1 Openharmony | 2025-01-02 | 6.5 Medium |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow. | ||||
| CVE-2024-8905 | 1 Google | 1 Chrome | 2025-01-02 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-7018 | 1 Google | 1 Chrome | 2025-01-02 | 8.8 High |
| Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) | ||||
| CVE-2023-35630 | 1 Microsoft | 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more | 2025-01-01 | 8.8 High |
| Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | ||||
| CVE-2023-35639 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2025-01-01 | 8.8 High |
| Microsoft ODBC Driver Remote Code Execution Vulnerability | ||||
| CVE-2023-21740 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2025-01-01 | 7.8 High |
| Windows Media Remote Code Execution Vulnerability | ||||
| CVE-2023-38170 | 1 Microsoft | 1 Hevc Video Extensions | 2025-01-01 | 7.8 High |
| HEVC Video Extensions Remote Code Execution Vulnerability | ||||
| CVE-2023-35374 | 1 Microsoft | 1 Paint 3d | 2025-01-01 | 7.8 High |
| Paint 3D Remote Code Execution Vulnerability | ||||
| CVE-2023-35305 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2025-01-01 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2023-35304 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2025-01-01 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||