Skip to main content

Heap Overflow

1940 CVEs technique

Monthly

CVE-2020-25665 MEDIUM POC This Month

The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-25664 MEDIUM POC This Month

In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick Fedora
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-13494 MEDIUM POC This Month

A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Information Disclosure Openusd
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-13493 HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-25181 HIGH This Week

WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Plc Editor
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-27255 HIGH This Week

A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Information Disclosure Factorytalk Linx
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-27251 CRITICAL Act Now

A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Factorytalk Linx
NVD
CVSS 3.1
9.8
EPSS
5.5%
CVE-2020-6156 HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-6155 HIGH POC This Week

A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Openusd
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2020-6150 HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-6149 HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-6148 HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-6147 HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd Ipados Iphone Os
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2020-24435 HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Adobe Acrobat +3
NVD
CVSS 3.1
7.8
EPSS
51.3%
CVE-2020-5138 HIGH This Week

A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow Sonicos Sonicosv
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-1906 HIGH This Week

A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Heap Overflow Whatsapp Whatsapp Business
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-6146 HIGH POC THREAT This Week

An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Nitro Pro
NVD
CVSS 3.1
8.8
EPSS
78.5%
CVE-2020-14524 CRITICAL Act Now

Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Opc
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-16223 HIGH This Week

Delta Electronics TPEditor Versions 1.97 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Tpeditor
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2020-16207 HIGH This Week

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Webaccess Hmi Designer
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2020-14311 MEDIUM This Month

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Grub2 Enterprise Linux Enterprise Linux Eus +4
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2020-14310 MEDIUM This Month

There is an issue on grub2 before version 2.06 at function read_section_as_string(). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Grub2 Enterprise Linux Enterprise Linux Eus +4
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2020-7829 HIGH This Week

DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-7828 HIGH This Week

DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-10928 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Heap Overflow RCE R6700 Firmware
NVD
CVSS 3.1
8.4
EPSS
0.6%
CVE-2020-11061 HIGH This Week

In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Bareos Debian Linux
NVD GitHub
CVSS 3.1
7.4
EPSS
1.2%
CVE-2020-14482 HIGH This Week

Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Dopsoft
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2020-4068 CRITICAL PATCH Act Now

In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to result in a heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Apnswift
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-7586 HIGH This Week

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Simatic Pcs 7 Simatic Process Device Manager Simatic Step 7 +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-10638 CRITICAL Act Now

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Webaccess
NVD
CVSS 3.1
9.8
EPSS
7.1%
CVE-2020-8899 CRITICAL POC Act Now

There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung RCE Google Heap Overflow +1
NVD
CVSS 4.0
10.0
EPSS
5.7%
CVE-2020-10896 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2020-10646 HIGH This Week

Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow V Server
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-6970 CRITICAL Act Now

A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Openenterprise Scada Server
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-1711 MEDIUM PATCH This Month

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Buffer Overflow Denial Of Service RCE Heap Overflow Qemu +4
NVD
CVSS 3.1
6.0
EPSS
4.0%
CVE-2020-6007 HIGH POC This Week

Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code. Rated high severity (CVSS 7.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Hue Bridge V2 Firmware
NVD
CVSS 3.1
7.9
EPSS
2.1%
CVE-2019-15694 HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Tigervnc Leap
NVD GitHub
CVSS 3.1
7.2
EPSS
4.5%
CVE-2019-15693 HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow RCE Tigervnc
NVD GitHub
CVSS 3.1
7.2
EPSS
4.3%
CVE-2019-15692 HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow RCE Tigervnc Leap
NVD GitHub
CVSS 3.1
7.2
EPSS
4.8%
CVE-2019-16778 PyPI CRITICAL PATCH Act Now

In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Tensorflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2019-18330 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18329 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18328 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18327 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18326 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18325 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18324 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18323 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-18297 HIGH This Week

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-18296 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-18295 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-18294 HIGH This Week

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-18293 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-18292 HIGH POC This Week

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-18291 HIGH This Week

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-18290 HIGH This Week

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-18289 CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sppa T3000 Ms3000 Migration Server
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-5154 HIGH This Week

An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Leadtools
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2019-14901 CRITICAL Act Now

A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Linux RCE Heap Overflow +4
NVD
CVSS 3.1
9.8
EPSS
16.9%
CVE-2019-14895 CRITICAL PATCH Act Now

A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Linux RCE Heap Overflow +5
NVD
CVSS 3.1
9.8
EPSS
7.8%
CVE-2019-14896 CRITICAL Act Now

A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Linux RCE Heap Overflow +5
NVD
CVSS 3.1
9.8
EPSS
8.7%
CVE-2019-14815 HIGH PATCH This Week

A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Heap Overflow Linux Linux Kernel Codeready Linux Builder Eus +16
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-18240 CRITICAL Act Now

In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE V Server
NVD
CVSS 3.1
9.8
EPSS
14.0%
CVE-2019-5125 HIGH POC This Week

An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Leadtools
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2019-5030 HIGH POC This Week

A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Microsoft RCE Rainbow Pdf Office Server Document Converter
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2019-15679 CRITICAL Act Now

TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Tightvnc
NVD
CVSS 3.1
9.8
EPSS
12.8%
CVE-2019-15678 CRITICAL Act Now

TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Tightvnc
NVD
CVSS 3.1
9.8
EPSS
13.1%
CVE-2019-5050 HIGH POC This Week

A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Nitropdf
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2019-5048 HIGH POC This Week

A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Nitropdf
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2019-5046 HIGH POC This Week

A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Nitropdf
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2019-5045 HIGH POC This Week

A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Nitropdf
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2019-14816 HIGH POC PATCH This Week

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Linux RCE Heap Overflow +39
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-14814 HIGH POC PATCH This Week

There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Linux RCE Heap Overflow +34
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-5482 CRITICAL PATCH Act Now

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Curl Fedora Leap +14
NVD VulDB
CVSS 3.1
9.8
EPSS
6.9%
CVE-2019-13536 HIGH This Week

Delta Electronics TPEditor, Versions 1.94 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Tpeditor
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2019-5039 HIGH POC This Week

An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE Openweave Core
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-5058 HIGH This Week

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sdl2 Image Backports Sle +1
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2019-5057 HIGH This Week

An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Sdl2 Image Backports Sle +1
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2019-10982 HIGH PATCH This Week

Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE Cnssoft Screeneditor
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2019-3570 CRITICAL PATCH Act Now

Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Buffer Overflow Heap Overflow Information Disclosure Hiphop Virtual Machine
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2019-10192 HIGH PATCH This Week

A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Redis Buffer Overflow Heap Overflow Openstack Software Collections +7
NVD
CVSS 3.1
7.2
EPSS
26.0%
CVE-2019-10126 CRITICAL PATCH Act Now

A flaw was found in the Linux kernel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Linux Linux Kernel Virtualization +21
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2019-6530 HIGH This Week

Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Control Fpwin Pro
NVD
CVSS 3.1
7.8
EPSS
6.9%
CVE-2019-6740 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Heap Overflow Samsung Galaxy S9 Firmware
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2019-3846 HIGH POC PATCH This Week

A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Linux Kernel Enterprise Linux Ubuntu Linux +9
NVD
CVSS 3.1
8.8
EPSS
5.6%
CVE-2019-5436 HIGH POC PATCH THREAT Act Now

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 13.3%.

Heap Overflow Buffer Overflow RCE Libcurl Leap +9
NVD VulDB
CVSS 3.1
7.8
EPSS
13.3%
CVE-2019-3568 CRITICAL KEV THREAT Act Now

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple RCE Google +3
NVD
CVSS 3.1
9.8
EPSS
39.2%
CVE-2019-9136 HIGH This Week

DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed JPEG2000 format file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-9135 HIGH This Week

DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed DIB format file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Daviewindy
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-10951 HIGH PATCH This Week

Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE Cncsoft Screeneditor
NVD
CVSS 3.1
7.8
EPSS
2.9%
EPSS 1% CVSS 5.5
MEDIUM POC This Month

The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Imagemagick +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Information Disclosure +1
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd
NVD
EPSS 2% CVSS 8.8
HIGH This Week

WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 3% CVSS 7.5
HIGH This Week

A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Information Disclosure +1
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd
NVD
EPSS 3% CVSS 7.8
HIGH POC This Week

A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Openusd +2
NVD
EPSS 51% CVSS 7.8
HIGH This Week

Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +5
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Heap Overflow +2
NVD
EPSS 78% CVSS 8.8
HIGH POC THREAT This Week

An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Delta Electronics TPEditor Versions 1.97 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 4% CVSS 7.8
HIGH This Week

Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Grub2 +6
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

There is an issue on grub2 before version 2.06 at function read_section_as_string(). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Grub2 +6
NVD
EPSS 1% CVSS 7.8
HIGH This Week

DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 1% CVSS 8.4
HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Heap Overflow +2
NVD
EPSS 1% CVSS 7.4
HIGH This Week

In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Bareos +1
NVD GitHub
EPSS 3% CVSS 7.8
HIGH This Week

Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to result in a heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Apnswift
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Simatic Pcs 7 +3
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 6% CVSS 10.0
CRITICAL POC Act Now

There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung RCE +3
NVD
EPSS 5% CVSS 7.8
HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow V Server
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Openenterprise Scada Server
NVD
EPSS 4% CVSS 6.0
MEDIUM PATCH This Month

An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Buffer Overflow Denial Of Service RCE +6
NVD
EPSS 2% CVSS 7.9
HIGH POC This Week

Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code. Rated high severity (CVSS 7.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 4% CVSS 7.2
HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE +2
NVD GitHub
EPSS 4% CVSS 7.2
HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow RCE +1
NVD GitHub
EPSS 5% CVSS 7.2
HIGH POC PATCH This Week

TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow RCE +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Tensorflow
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sppa T3000 Ms3000 Migration Server
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sppa T3000 Ms3000 Migration Server
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Sppa T3000 Ms3000 Migration Server
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sppa T3000 Ms3000 Migration Server
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sppa T3000 Ms3000 Migration Server
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 3% CVSS 8.8
HIGH This Week

An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 17% CVSS 9.8
CRITICAL Act Now

A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Linux +6
NVD
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Linux +7
NVD
EPSS 9% CVSS 9.8
CRITICAL Act Now

A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Linux +7
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Heap Overflow Linux +18
NVD GitHub
EPSS 14% CVSS 9.8
CRITICAL Act Now

In Fuji Electric V-Server 4.0.6 and prior, several heap-based buffer overflows have been identified, which may allow an attacker to remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Microsoft +2
NVD
EPSS 13% CVSS 9.8
CRITICAL Act Now

TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 13% CVSS 9.8
CRITICAL Act Now

TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 3% CVSS 7.8
HIGH POC This Week

A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Linux +41
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Linux +36
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Curl +16
NVD VulDB
EPSS 1% CVSS 7.8
HIGH This Week

Delta Electronics TPEditor, Versions 1.94 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 4% CVSS 8.8
HIGH This Week

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +3
NVD
EPSS 4% CVSS 8.8
HIGH This Week

An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Buffer Overflow Heap Overflow +2
NVD GitHub
EPSS 26% CVSS 7.2
HIGH PATCH This Week

A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Redis Buffer Overflow Heap Overflow +9
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

A flaw was found in the Linux kernel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Heap Overflow Linux +23
NVD
EPSS 7% CVSS 7.8
HIGH This Week

Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 3% CVSS 8.8
HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Heap Overflow +2
NVD
EPSS 6% CVSS 8.8
HIGH POC PATCH This Week

A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Linux Kernel +11
NVD
EPSS 13% CVSS 7.8
HIGH POC PATCH THREAT Act Now

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 13.3%.

Heap Overflow Buffer Overflow RCE +11
NVD VulDB
EPSS 39% CVSS 9.8
CRITICAL KEV THREAT Act Now

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple +5
NVD
EPSS 1% CVSS 7.8
HIGH This Week

DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed JPEG2000 format file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed DIB format file that is mishandled by Daview.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE +1
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE +1
NVD
Prev Page 21 of 22 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy