Skip to main content

Heap Overflow

1940 CVEs technique

Monthly

CVE-2021-22564 MEDIUM POC PATCH This Month

For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when processing the groups out of order the decoder can perform an out of bounds copy of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Libjxl
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-3756 CRITICAL POC PATCH Act Now

libmysofa is vulnerable to Heap-based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Libmysofa Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2021-3903 HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-34583 HIGH POC This Week

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow 750 8214 Firmware 750 8216 Firmware 750 8217 Firmware +25
NVD
CVSS 3.1
7.5
EPSS
8.4%
CVE-2021-3872 HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-33023 CRITICAL Act Now

Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Webaccess
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-3875 MEDIUM POC PATCH This Month

vim is vulnerable to Heap-based Buffer Overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.4%
CVE-2021-21940 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Eufy Homebase 2 Firmware
NVD
CVSS 3.1
10.0
EPSS
1.3%
CVE-2021-37199 HIGH This Week

A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions < V4.95). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sinumerik 808D Firmware Sinumerik 828D Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-25495 HIGH This Week

A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Heap Overflow RCE Notes
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25479 HIGH This Week

A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Heap Overflow RCE Android
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2021-25475 MEDIUM This Month

A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-31986 MEDIUM This Month

User controlled parameters related to SMTP notifications are not correctly validated. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Heap Overflow Axis Os Axis Os 2016 Axis Os 2018 +1
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2021-3625 CRITICAL POC Act Now

Buffer overflow in Zephyr USB DFU DNLOAD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-32626 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Redis Heap Overflow RCE Fedora +4
NVD GitHub
CVSS 3.1
8.8
EPSS
15.1%
CVE-2021-36051 HIGH PATCH This Week

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
7.8
EPSS
5.4%
CVE-2021-39863 HIGH This Week

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Adobe Acrobat Dc +5
NVD
CVSS 3.1
7.8
EPSS
12.5%
CVE-2021-39823 HIGH PATCH This Week

Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Adobe Svg Native Viewer
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2021-32959 CRITICAL PATCH Act Now

Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Suitelink
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-34770 CRITICAL Act Now

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Apple Heap Overflow +2
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-38404 HIGH This Week

Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Dopsoft
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-3778 HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-25449 CRITICAL Act Now

An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2021-26603 HIGH This Week

A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Ark Library
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-3770 HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora Ontap Select Deploy Administration Utility
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-28560 HIGH This Week

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Adobe Acrobat Dc +3
NVD
CVSS 3.1
8.8
EPSS
66.9%
CVE-2021-28558 HIGH This Week

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Heap-based buffer overflow vulnerability in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Adobe Acrobat Dc +3
NVD
CVSS 3.0
8.8
EPSS
10.4%
CVE-2021-36073 HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a heap-based buffer overflow vulnerability when parsing a crafted .SGI file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
5.6%
CVE-2021-36065 HIGH This Week

Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by a heap-based buffer overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Adobe Photoshop
NVD
CVSS 3.1
7.8
EPSS
4.2%
CVE-2021-36056 MEDIUM PATCH This Month

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
5.5
EPSS
4.4%
CVE-2021-36054 LOW PATCH Monitor

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Denial Of Service Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
3.3
EPSS
3.8%
CVE-2021-36050 HIGH PATCH This Week

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE Xmp Toolkit Software Development Kit Debian Linux
NVD
CVSS 3.1
7.8
EPSS
5.4%
CVE-2021-33007 HIGH This Week

A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Tpeditor
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-28629 HIGH PATCH This Week

Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Adobe Animate
NVD
CVSS 3.0
7.8
EPSS
5.8%
CVE-2021-28620 HIGH PATCH This Week

Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Adobe Animate
NVD
CVSS 3.0
7.8
EPSS
5.8%
CVE-2021-28610 HIGH This Week

Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Adobe After Effects
NVD
CVSS 3.1
7.8
EPSS
4.4%
CVE-2021-28608 HIGH This Week

Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Adobe After Effects
NVD
CVSS 3.0
7.8
EPSS
4.5%
CVE-2021-28604 HIGH This Week

Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Adobe After Effects
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2021-28603 HIGH This Week

Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Adobe After Effects
NVD
CVSS 3.1
7.8
EPSS
4.1%
CVE-2021-28638 HIGH This Week

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Adobe Acrobat Dc +1
NVD
CVSS 3.1
7.8
EPSS
4.9%
CVE-2021-28624 HIGH This Week

Adobe Bridge version 11.0.2 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
5.3%
CVE-2021-21825 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Xmill
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-21810 CRITICAL POC Act Now

A memory corruption vulnerability exists in the XML-parsing ParseAttribs functionality of AT&T Labs’ Xmill 0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Xmill
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-21830 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Xmill
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-21829 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Xmill
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-24036 CRITICAL PATCH Act Now

Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution.07.22.00.80.5, all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE Folly Hhvm
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2021-34329 HIGH This Week

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Jt2Go Solid Edge Teamcenter Visualization
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-34328 HIGH This Week

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Jt2Go Solid Edge Teamcenter Visualization
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-34327 HIGH This Week

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Jt2Go Solid Edge Teamcenter Visualization
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-34326 HIGH This Week

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Jt2Go Solid Edge Teamcenter Visualization
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-34317 HIGH This Week

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-34313 HIGH This Week

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-34312 HIGH This Week

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-33000 HIGH This Week

Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Webaccess Hmi Designer
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-21572 HIGH This Week

Dell BIOSConnect feature contains a buffer overflow vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Heap Overflow Dell RCE Alienware M15 R6 Firmware +127
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-31485 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Brava Desktop
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-31483 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Brava Desktop
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-31478 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Brava Desktop
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-21555 MEDIUM This Month

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Dell Information Disclosure Heap Overflow +10
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-21554 MEDIUM PATCH This Month

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Heap Overflow RCE Dell Information Disclosure +11
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-21795 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the PSD read_icc_icCurve_data functionality of Accusoft ImageGear 19.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagegear
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-28211 MEDIUM POC This Month

A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Edk2
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-25387 CRITICAL Act Now

An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Android
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2021-25384 CRITICAL Act Now

An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2021-25383 CRITICAL Act Now

An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2021-26691 CRITICAL PATCH Act Now

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Apache Http Server Debian Linux +6
NVD
CVSS 3.1
9.8
EPSS
68.1%
CVE-2021-31439 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Synology Heap Overflow RCE Diskstation Manager +2
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2021-31454 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Foxit Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2021-29464 HIGH PATCH This Week

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE Exiv2 Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-31436 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Foxit Studio Photo
NVD
CVSS 3.1
7.8
EPSS
2.8%
CVE-2021-31429 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Parallels Desktop
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2021-31428 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Parallels Desktop
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2021-31424 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-25668 CRITICAL PATCH Act Now

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Siemens Scalance X200 4P Irt Firmware Scalance X201 3P Irt Firmware +27
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-29457 HIGH POC PATCH This Week

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow RCE Exiv2 Fedora +1
NVD GitHub
CVSS 3.1
7.8
EPSS
2.2%
CVE-2021-27253 HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Netgear RCE Br200 Firmware +42
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-25360 CRITICAL Act Now

An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-21077 HIGH PATCH This Week

Adobe Animate version 21.0.3 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Adobe Animate
NVD
CVSS 3.0
7.8
EPSS
7.5%
CVE-2021-24025 CRITICAL PATCH Act Now

Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow.56.3, all versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Hhvm
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-20587 CRITICAL Act Now

Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow C Controller Module Setting And Monitoring Tool Cpu Module Logging Configuration Tool Cw Configurator +38
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2021-21017 HIGH KEV THREAT This Week

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Adobe Acrobat +3
NVD
CVSS 3.1
8.8
EPSS
86.2%
CVE-2021-22641 HIGH POC This Week

A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE V Server V Simulator
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-21006 HIGH This Week

Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffer overflow vulnerability when handling a specially crafted font file. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Adobe Photoshop
NVD
CVSS 3.1
8.6
EPSS
5.6%
CVE-2020-25843 CRITICAL Act Now

NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Nhiservisignadapter
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-25712 HIGH PATCH This Week

A flaw was found in xorg-x11-server before 1.20.10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Heap Overflow X Server Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-25187 CRITICAL Act Now

Medtronic MyCareLink Smart 25000 is vulnerable when an authenticated attacker runs a debug command, which can be sent to the patient reader and cause a heap overflow event within the MCL Smart. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Mycarelink Smart Model 25000 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2020-25199 HIGH This Week

A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Levistudiou
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-27752 HIGH POC This Week

A flaw was found in ImageMagick in MagickCore/quantum-private.h. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2020-25674 MEDIUM POC This Month

WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-25667 MEDIUM POC This Month

TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick
NVD
CVSS 3.1
5.5
EPSS
1.1%
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when processing the groups out of order the decoder can perform an out of bounds copy of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Libjxl
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

libmysofa is vulnerable to Heap-based Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Libmysofa +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +2
NVD GitHub
EPSS 8% CVSS 7.5
HIGH POC This Week

Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow 750 8214 Firmware +27
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +2
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Webaccess
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

vim is vulnerable to Heap-based Buffer Overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +1
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Eufy Homebase 2 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions < V4.95). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sinumerik 808D Firmware +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Heap Overflow +2
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Heap Overflow +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

User controlled parameters related to SMTP notifications are not correctly validated. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Heap Overflow Axis Os +3
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Buffer overflow in Zephyr USB DFU DNLOAD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Zephyr
NVD GitHub
EPSS 15% CVSS 8.8
HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Redis Heap Overflow +6
NVD GitHub
EPSS 5% CVSS 7.8
HIGH PATCH This Week

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE +2
NVD
EPSS 12% CVSS 7.8
HIGH This Week

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +7
NVD
EPSS 4% CVSS 7.8
HIGH PATCH This Week

Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow +2
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Suitelink
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco +4
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Dopsoft
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +3
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Ark Library
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

vim is vulnerable to Heap-based Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim +2
NVD GitHub
EPSS 67% CVSS 8.8
HIGH This Week

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +5
NVD
EPSS 10% CVSS 8.8
HIGH This Week

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Heap-based buffer overflow vulnerability in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +5
NVD
EPSS 6% CVSS 7.8
HIGH PATCH This Week

Adobe Bridge version 11.1 (and earlier) is affected by a heap-based buffer overflow vulnerability when parsing a crafted .SGI file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Adobe +1
NVD
EPSS 4% CVSS 7.8
HIGH This Week

Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by a heap-based buffer overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +2
NVD
EPSS 4% CVSS 5.5
MEDIUM PATCH This Month

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE +2
NVD
EPSS 4% CVSS 3.3
LOW PATCH Monitor

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Denial Of Service +2
NVD
EPSS 5% CVSS 7.8
HIGH PATCH This Week

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 6% CVSS 7.8
HIGH PATCH This Week

Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow +2
NVD
EPSS 6% CVSS 7.8
HIGH PATCH This Week

Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow +2
NVD
EPSS 4% CVSS 7.8
HIGH This Week

Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +2
NVD
EPSS 5% CVSS 7.8
HIGH This Week

Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +2
NVD
EPSS 4% CVSS 7.8
HIGH This Week

Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +2
NVD
EPSS 4% CVSS 7.8
HIGH This Week

Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +2
NVD
EPSS 5% CVSS 7.8
HIGH This Week

Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +3
NVD
EPSS 5% CVSS 7.8
HIGH This Week

Adobe Bridge version 11.0.2 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +2
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A memory corruption vulnerability exists in the XML-parsing ParseAttribs functionality of AT&T Labs’ Xmill 0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Xmill
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution.07.22.00.80.5, all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE +2
NVD GitHub
EPSS 2% CVSS 7.8
HIGH This Week

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Jt2Go +2
NVD
EPSS 2% CVSS 7.8
HIGH This Week

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Jt2Go +2
NVD
EPSS 2% CVSS 7.8
HIGH This Week

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Jt2Go +2
NVD
EPSS 2% CVSS 7.8
HIGH This Week

A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Jt2Go +2
NVD
EPSS 2% CVSS 7.8
HIGH This Week

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Jt2Go +1
NVD
EPSS 2% CVSS 7.8
HIGH This Week

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Jt2Go +1
NVD
EPSS 2% CVSS 7.8
HIGH This Week

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Jt2Go +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Dell BIOSConnect feature contains a buffer overflow vulnerability. Rated high severity (CVSS 7.5). No vendor patch available.

Buffer Overflow Heap Overflow Dell +129
NVD
EPSS 1% CVSS 7.8
HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava!. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Dell +12
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Heap Overflow RCE +13
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the PSD read_icc_icCurve_data functionality of Accusoft ImageGear 19.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagegear
NVD
EPSS 0% CVSS 6.7
MEDIUM POC This Month

A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Edk2
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 68% CVSS 9.8
CRITICAL PATCH Act Now

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Apache +8
NVD
EPSS 2% CVSS 8.8
HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Synology Heap Overflow +4
NVD
EPSS 3% CVSS 7.8
HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +2
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE +2
NVD GitHub
EPSS 3% CVSS 7.8
HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 0% CVSS 8.2
HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 0% CVSS 8.2
HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Siemens +29
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow RCE +3
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Netgear +44
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 8% CVSS 7.8
HIGH PATCH This Week

Adobe Animate version 21.0.3 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow +2
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow.56.3, all versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Hhvm
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL Act Now

Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module Logging Configuration Tool versions 1.112R and prior, CW Configurator versions 1.011M and prior,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow C Controller Module Setting And Monitoring Tool +40
NVD
EPSS 86% CVSS 8.8
HIGH KEV THREAT This Week

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +5
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE +2
NVD
EPSS 6% CVSS 8.6
HIGH This Week

Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffer overflow vulnerability when handling a specially crafted font file. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Nhiservisignadapter
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A flaw was found in xorg-x11-server before 1.20.10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Heap Overflow +2
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Medtronic MyCareLink Smart 25000 is vulnerable when an authenticated attacker runs a debug command, which can be sent to the patient reader and cause a heap overflow event within the MCL Smart. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Mycarelink Smart Model 25000 Firmware
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Levistudiou
NVD
EPSS 1% CVSS 7.1
HIGH POC This Week

A flaw was found in ImageMagick in MagickCore/quantum-private.h. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick
NVD
Prev Page 20 of 22 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy