Skip to main content

Heap Overflow

1940 CVEs technique

Monthly

CVE-2024-28910 HIGH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Ole Db Driver For Sql Server +2
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2024-28909 HIGH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Ole Db Driver For Sql Server +2
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-28908 HIGH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Ole Db Driver For Sql Server +2
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-28906 HIGH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Ole Db Driver For Sql Server +2
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2024-28896 HIGH This Week

Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2024-26239 HIGH This Week

Windows Telephony Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-26229 HIGH This Week

Windows CSC Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
7.8
EPSS
9.4%
CVE-2024-26214 HIGH This Week

Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-26211 HIGH This Week

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2024-26210 HIGH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-26205 HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-26202 HIGH This Week

DHCP Server Service Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Windows Server 2012 Windows Server 2016 +3
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2024-26200 HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-26195 HIGH This Week

DHCP Server Service Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Windows Server 2008 Windows Server 2012 +4
NVD
CVSS 3.1
7.2
EPSS
2.2%
CVE-2024-26179 HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-26168 MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2024-27341 HIGH This Week

Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Power Pdf
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-27340 HIGH This Week

Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Power Pdf
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-3209 CRITICAL POC Act Now

A vulnerability was found in UPX up to 4.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Upx Fedora
NVD VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-3207 CRITICAL POC Act Now

A vulnerability was found in ermig1979 Simd up to 6.0.134. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Simd
NVD VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-3204 CRITICAL POC Act Now

A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow C Blosc2
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-3203 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow C Blosc2
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2024-30806 MEDIUM POC This Month

An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service Bento4
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-3024 HIGH POC This Week

A vulnerability was found in appneta tcpreplay up to 4.4.4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Tcpreplay
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-20259 HIGH This Week

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Cisco Denial Of Service Apple +1
NVD
CVSS 3.1
8.6
EPSS
0.8%
CVE-2024-25390 HIGH This Week

A heap buffer overflow occurs in finsh/msh_file.c and finsh/msh.c in RT-Thread through 5.0.2. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rt Thread
NVD GitHub
CVSS 3.1
8.4
EPSS
0.3%
CVE-2024-24335 HIGH This Week

A heap buffer overflow occurs in the dfs_v2 romfs filesystem RT-Thread through 5.0.2. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rt Thread
NVD GitHub
CVSS 3.1
8.4
EPSS
0.4%
CVE-2024-24334 HIGH This Week

A heap buffer overflow occurs in dfs_v2 dfs_file in RT-Thread through 5.0.2. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rt Thread
NVD GitHub
CVSS 3.1
8.4
EPSS
0.4%
CVE-2024-2212 HIGH POC This Week

In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Threadx
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-21913 HIGH This Week

A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rockwell Arena
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-2824 MEDIUM POC This Month

A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical.c. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.7%
CVE-2024-1848 HIGH This Week

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-28231 HIGH POC PATCH This Week

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Fast Dds
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-28572 MEDIUM POC This Month

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service Freeimage
NVD GitHub
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-22453 MEDIUM This Month

Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Dell Poweredge R730 Firmware Poweredge R730Xd Firmware +23
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2024-20755 HIGH This Week

Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Bridge
NVD
CVSS 3.1
7.8
EPSS
4.4%
CVE-2024-20745 HIGH This Week

Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Premiere Pro
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-26540 HIGH POC This Week

A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg<unsigned char>::_load_analyze. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Cimg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-26178 HIGH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-26166 HIGH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-26161 HIGH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-26159 HIGH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-21330 HIGH This Week

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Azure Automation Azure Automation Update Management Azure Security Center +5
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2024-27209 HIGH This Week

there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-22857 CRITICAL Act Now

Heap based buffer flow in zlog v1.1.0 to v1.2.17 in zlog_rule_new().The size of record_name is MAXLEN_PATH(1024) + 1 but file_path may have data upto MAXLEN_CFG_LINE(MAXLEN_PATH*4) + 1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-0156 HIGH This Week

Dell Digital Delivery, versions prior to 5.2.0.0, contain a Buffer Overflow Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Dell Buffer Overflow RCE Privilege Escalation +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-22100 HIGH This Week

MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior are affected by a heap-based buffer overflow vulnerability, which could allow an attacker to execute arbitrary code on affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Dicom Viewer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-25262 HIGH This Week

texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2024-22532 MEDIUM POC This Month

Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service Microsoft Nconvert
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-1847 HIGH This Week

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Solidworks
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-21802 HIGH POC This Week

Remote code execution in llama.cpp (commit 18c2e17) is possible when a user opens a malicious .gguf model file, triggering a heap-based buffer overflow in the GGUF library's info->ne handling. Publicly available exploit code exists, though EPSS estimates exploitation probability at 0.48% (65th percentile), reflecting moderate but not widespread targeting risk against this AI inference runtime.

RCE Buffer Overflow Heap Overflow Llama Cpp
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-23127 HIGH This Week

A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Information Disclosure RCE Autocad +8
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-21795 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow RCE Libbiosig Fedora
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2024-20739 HIGH This Week

Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Audition
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-21370 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-21369 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2024-21368 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-21367 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-21366 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-21365 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-21361 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-21360 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-21359 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-21358 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2024-21354 HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-21353 HIGH PATCH This Week

Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows Server 2022 23h2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-21349 HIGH PATCH This Week

Microsoft ActiveX Data Objects Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-21348 HIGH PATCH This Week

Internet Connection Sharing (ICS) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Denial Of Service Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2024-21347 HIGH PATCH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-21345 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Heap Overflow Buffer Overflow Microsoft Windows Server 2022 23h2
NVD
CVSS 3.1
8.8
EPSS
20.4%
CVE-2024-21341 MEDIUM PATCH This Month

Windows Kernel Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1809 +8
NVD
CVSS 3.1
6.8
EPSS
1.0%
CVE-2024-23796 HIGH PATCH This Week

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Tecnomatix Plant Simulation
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-1062 MEDIUM This Month

A heap overflow flaw was found in 389-ds-base. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service 389 Directory Server Directory Server +11
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-0911 MEDIUM This Month

A flaw was found in indent, a program for formatting C code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Indent
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-6779 HIGH POC This Week

Heap-based off-by-one buffer overflow in glibc's __vsyslog_internal function affects versions 2.37 and newer, triggered when syslog() or vsyslog() are invoked with messages exceeding INT_MAX bytes. Remote attackers can cause application crashes (denial of service) and potentially impact integrity in applications that log attacker-controlled data via syslog. Publicly available exploit code exists, though EPSS exploitation probability remains moderate at 0.65% (71st percentile) and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow Glibc Fedora
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2023-6246 HIGH POC THREAT Act Now

Local privilege escalation in GNU glibc 2.36 and newer arises from a heap-based buffer overflow in __vsyslog_internal, reachable via the syslog/vsyslog interfaces when openlog was not called (or called with a NULL ident) and argv[0]'s basename exceeds 1024 bytes. Any setuid/setgid binary on affected Linux distributions (including Fedora 38 and 39) that invokes syslog can be leveraged by a local attacker to crash the process or escalate privileges to root. Publicly available exploit code exists and EPSS sits at the 96th percentile, signaling meaningful real-world risk despite the local attack vector.

Privilege Escalation Heap Overflow Buffer Overflow Glibc Fedora
NVD
CVSS 3.1
8.4
EPSS
25.5%
CVE-2023-52356 HIGH PATCH This Week

Heap-buffer overflow in libtiff's TIFFReadRGBATileExt() API allows remote unauthenticated attackers to trigger denial of service via crafted TIFF files. The vulnerability (CWE-122) has a CVSS 7.5 HIGH rating with network attack vector and low complexity, though EPSS score of 0.72% (72nd percentile) suggests moderate real-world exploitation likelihood. Vendor patches are available through Red Hat advisories and upstream GitLab merge request #546. The flaw affects libtiff library across multiple Red Hat Enterprise Linux 8.x and 9.x deployments, requiring applications that process untrusted TIFF images through this specific API function.

Buffer Overflow Denial Of Service Heap Overflow
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-31031 MEDIUM This Month

NVIDIA DGX Station A100 and DGX Station A800 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow Information Disclosure Nvidia +2
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2024-21596 MEDIUM This Month

A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Denial Of Service Juniper Junos +1
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-21594 MEDIUM This Month

A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Denial Of Service Juniper Junos
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-21337 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required.

Buffer Overflow Google Heap Overflow Microsoft Edge Chromium +1
NVD
CVSS 3.1
5.2
EPSS
0.9%
CVE-2023-48263 HIGH This Week

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Heap Overflow Nexo Os
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2023-37297 HIGH This Week

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. Rated high severity (CVSS 8.3), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Heap Overflow Megarac Sp X
NVD
CVSS 3.1
8.3
EPSS
0.0%
CVE-2023-37295 HIGH This Week

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. Rated high severity (CVSS 8.3), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Heap Overflow Megarac Sp X
NVD
CVSS 3.1
8.3
EPSS
0.0%
CVE-2023-37294 HIGH This Week

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. Rated high severity (CVSS 8.3), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Heap Overflow Megarac Sp X
NVD
CVSS 3.1
8.3
EPSS
0.0%
CVE-2024-20697 HIGH PATCH This Month

Windows libarchive Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Epss exploitation probability 49.4%.

Buffer Overflow RCE Heap Overflow Microsoft Windows 11 22h2 +3
NVD GitHub
CVSS 3.1
7.3
EPSS
49.4%
CVE-2024-20696 HIGH PATCH This Month

Windows libarchive Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Buffer Overflow RCE Heap Overflow Microsoft Windows 10 1809 +9
NVD GitHub
CVSS 3.1
7.3
EPSS
7.2%
CVE-2024-20677 HIGH PATCH This Month

A security vulnerability exists in FBX that could lead to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-36764 HIGH This Week

EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Heap Overflow Edk2
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2022-36763 HIGH This Week

EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Heap Overflow Edk2
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
EPSS 3% CVSS 8.8
HIGH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +4
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +4
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +4
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Secure Boot Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow Windows 10 1507 +12
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Windows Telephony Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +13
NVD
EPSS 9% CVSS 7.8
HIGH This Week

Windows CSC Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +15
NVD
EPSS 4% CVSS 7.8
HIGH This Week

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +13
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +15
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +15
NVD
EPSS 2% CVSS 7.2
HIGH This Week

DHCP Server Service Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +5
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +15
NVD
EPSS 2% CVSS 7.2
HIGH This Week

DHCP Server Service Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +6
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +15
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Windows 10 1507 +12
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in UPX up to 4.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Upx +1
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in ermig1979 Simd up to 6.0.134. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Simd
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability has been found in c-blosc2 up to 2.13.2 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow C Blosc2
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow C Blosc2
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

A vulnerability was found in appneta tcpreplay up to 4.4.4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Tcpreplay
NVD VulDB
EPSS 1% CVSS 8.6
HIGH This Week

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Cisco +3
NVD
EPSS 0% CVSS 8.4
HIGH This Week

A heap buffer overflow occurs in finsh/msh_file.c and finsh/msh.c in RT-Thread through 5.0.2. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rt Thread
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Week

A heap buffer overflow occurs in the dfs_v2 romfs filesystem RT-Thread through 5.0.2. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rt Thread
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Week

A heap buffer overflow occurs in dfs_v2 dfs_file in RT-Thread through 5.0.2. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rt Thread
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Threadx
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

A heap-based memory buffer overflow vulnerability in Rockwell Automation Arena Simulation software could potentially allow a malicious user to insert unauthorized code into the software by. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Rockwell +1
NVD
EPSS 1% CVSS 6.3
MEDIUM POC This Month

A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical.c. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Heap Overflow Buffer Overflow Fast Dds
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM POC This Month

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM This Month

Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Dell +25
NVD
EPSS 4% CVSS 7.8
HIGH This Week

Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg<unsigned char>::_load_analyze. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Cimg
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +12
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +15
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +15
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +15
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Azure Automation +7
NVD
EPSS 0% CVSS 8.4
HIGH This Week

there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Heap based buffer flow in zlog v1.1.0 to v1.2.17 in zlog_rule_new().The size of record_name is MAXLEN_PATH(1024) + 1 but file_path may have data upto MAXLEN_CFG_LINE(MAXLEN_PATH*4) + 1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Dell Digital Delivery, versions prior to 5.2.0.0, contain a Buffer Overflow Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Dell Buffer Overflow +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior are affected by a heap-based buffer overflow vulnerability, which could allow an attacker to execute arbitrary code on affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 1% CVSS 8.1
HIGH This Week

texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Remote code execution in llama.cpp (commit 18c2e17) is possible when a user opens a malicious .gguf model file, triggering a heap-based buffer overflow in the GGUF library's info->ne handling. Publicly available exploit code exists, though EPSS estimates exploitation probability at 0.48% (65th percentile), reflecting moderate but not widespread targeting risk against this AI inference runtime.

RCE Buffer Overflow Heap Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Information Disclosure +10
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Buffer Overflow RCE +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +15
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +15
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +15
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +15
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +15
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +15
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +15
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +15
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +15
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +15
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Heap Overflow Buffer Overflow Microsoft +13
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +2
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Microsoft ActiveX Data Objects Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +15
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Internet Connection Sharing (ICS) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Denial Of Service +13
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Heap Overflow Buffer Overflow RCE +15
NVD
EPSS 20% CVSS 8.8
HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Heap Overflow Buffer Overflow Microsoft +1
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

Windows Kernel Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +10
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Tecnomatix Plant Simulation
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A heap overflow flaw was found in 389-ds-base. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service +13
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A flaw was found in indent, a program for formatting C code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Indent
NVD
EPSS 1% CVSS 8.2
HIGH POC This Week

Heap-based off-by-one buffer overflow in glibc's __vsyslog_internal function affects versions 2.37 and newer, triggered when syslog() or vsyslog() are invoked with messages exceeding INT_MAX bytes. Remote attackers can cause application crashes (denial of service) and potentially impact integrity in applications that log attacker-controlled data via syslog. Publicly available exploit code exists, though EPSS exploitation probability remains moderate at 0.65% (71st percentile) and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow Glibc +1
NVD
EPSS 25% CVSS 8.4
HIGH POC THREAT Act Now

Local privilege escalation in GNU glibc 2.36 and newer arises from a heap-based buffer overflow in __vsyslog_internal, reachable via the syslog/vsyslog interfaces when openlog was not called (or called with a NULL ident) and argv[0]'s basename exceeds 1024 bytes. Any setuid/setgid binary on affected Linux distributions (including Fedora 38 and 39) that invokes syslog can be leveraged by a local attacker to crash the process or escalate privileges to root. Publicly available exploit code exists and EPSS sits at the 96th percentile, signaling meaningful real-world risk despite the local attack vector.

Privilege Escalation Heap Overflow Buffer Overflow +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Heap-buffer overflow in libtiff's TIFFReadRGBATileExt() API allows remote unauthenticated attackers to trigger denial of service via crafted TIFF files. The vulnerability (CWE-122) has a CVSS 7.5 HIGH rating with network attack vector and low complexity, though EPSS score of 0.72% (72nd percentile) suggests moderate real-world exploitation likelihood. Vendor patches are available through Red Hat advisories and upstream GitLab merge request #546. The flaw affects libtiff library across multiple Red Hat Enterprise Linux 8.x and 9.x deployments, requiring applications that process untrusted TIFF images through this specific API function.

Buffer Overflow Denial Of Service Heap Overflow
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

NVIDIA DGX Station A100 and DGX Station A800 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow +4
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Denial Of Service +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Denial Of Service +2
NVD
EPSS 1% CVSS 5.2
MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required.

Buffer Overflow Google Heap Overflow +3
NVD
EPSS 2% CVSS 8.1
HIGH This Week

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 0% CVSS 8.3
HIGH This Week

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. Rated high severity (CVSS 8.3), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Heap Overflow Megarac Sp X
NVD
EPSS 0% CVSS 8.3
HIGH This Week

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. Rated high severity (CVSS 8.3), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Heap Overflow Megarac Sp X
NVD
EPSS 0% CVSS 8.3
HIGH This Week

AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. Rated high severity (CVSS 8.3), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Heap Overflow Megarac Sp X
NVD
EPSS 49% CVSS 7.3
HIGH PATCH This Month

Windows libarchive Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Epss exploitation probability 49.4%.

Buffer Overflow RCE Heap Overflow +5
NVD GitHub
EPSS 7% CVSS 7.3
HIGH PATCH This Month

Windows libarchive Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Buffer Overflow RCE Heap Overflow +11
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Month

A security vulnerability exists in FBX that could lead to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow +5
NVD
EPSS 0% CVSS 7.0
HIGH This Week

EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Heap Overflow Edk2
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Week

EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Heap Overflow Edk2
NVD GitHub
Prev Page 15 of 22 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy