Total
2516 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50054 | 1 Openvpn | 1 Ovpn-dco-win | 2025-06-23 | 5.5 Medium |
| Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to send a too large control message buffer to the kernel driver resulting in a system crash | ||||
| CVE-2025-6499 | 2025-06-23 | 3.3 Low | ||
| A vulnerability classified as problematic was found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_parse_multiline_string of the file src/ucl_parser.c. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-22058 | 1 Ivanti | 1 Endpoint Manager | 2025-06-20 | N/A |
| A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older. | ||||
| CVE-2024-36702 | 1 Mz-automation | 1 Libiec61850 | 2025-06-18 | 7.4 High |
| libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c. | ||||
| CVE-2023-4264 | 1 Zephyrproject | 1 Zephyr | 2025-06-18 | 7.1 High |
| Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem. | ||||
| CVE-2023-5344 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2025-06-18 | 7.5 High |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. | ||||
| CVE-2023-41276 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2025-06-17 | 5.5 Medium |
| A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later | ||||
| CVE-2023-52356 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2025-06-17 | 7.5 High |
| A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. | ||||
| CVE-2023-31031 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2025-06-17 | 4.2 Medium |
| NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering. | ||||
| CVE-2023-48263 | 1 Bosch | 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more | 2025-06-17 | 8.1 High |
| The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. | ||||
| CVE-2025-49850 | 2025-06-17 | N/A | ||
| A Heap-based Buffer Overflow vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruption issues within the application, such as reading and writing past the end of allocated data structures. | ||||
| CVE-2023-37295 | 1 Ami | 1 Megarac Sp-x | 2025-06-17 | 8.3 High |
| AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | ||||
| CVE-2023-37294 | 1 Ami | 1 Megarac Sp-x | 2025-06-17 | 8.3 High |
| AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | ||||
| CVE-2025-47868 | 1 Apache | 1 Nuttx | 2025-06-17 | 9.8 Critical |
| Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is optional and neither part of NuttX RTOS nor Applications runtime, but active bdf-converter users may be affected when this tool is exposed to external provided user data data (i.e. publicly available automation). This issue affects Apache NuttX: from 6.9 before 12.9.0. Users are recommended to upgrade to version 12.9.0, which fixes the issue. | ||||
| CVE-2025-6120 | 1 Assimp | 1 Assimp | 2025-06-17 | 5.3 Medium |
| A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future. | ||||
| CVE-2024-1283 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-06-17 | 8.8 High |
| Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-41056 | 3 Fedoraproject, Redhat, Redis | 3 Fedora, Enterprise Linux, Redis | 2025-06-17 | 8.1 High |
| Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. | ||||
| CVE-2025-24797 | 1 Meshtastic | 1 Firmware | 2025-06-17 | 9.4 Critical |
| Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not require authentication or user interaction, as long as the target device rebroadcasts packets on the default channel. This vulnerability fixed in 2.6.2. | ||||
| CVE-2025-30317 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2025-06-16 | 7.8 High |
| InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-45679 | 1 Assimp | 1 Assimp | 2025-06-13 | 8.4 High |
| Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product. | ||||