Export limit exceeded: 335258 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2937 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32027 | 1 Microsoft | 2 Odbc Driver For Sql Server, Sql Server | 2025-02-28 | 7.8 High |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | ||||
| CVE-2023-33152 | 1 Microsoft | 2 365 Apps, Office | 2025-02-28 | 7 High |
| Microsoft ActiveX Remote Code Execution Vulnerability | ||||
| CVE-2023-35302 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-02-28 | 8.8 High |
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | ||||
| CVE-2023-33129 | 1 Microsoft | 1 Sharepoint Server | 2025-02-28 | 6.5 Medium |
| Microsoft SharePoint Server Denial of Service Vulnerability | ||||
| CVE-2023-32083 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2025-02-28 | 6.5 Medium |
| Microsoft Failover Cluster Information Disclosure Vulnerability | ||||
| CVE-2023-36865 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-02-27 | 7.8 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||
| CVE-2023-36896 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-02-27 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2023-38154 | 1 Microsoft | 2 Windows 10 1809, Windows Server 2019 | 2025-02-27 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2023-38212 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2025-02-27 | 7.8 High |
| Adobe Dimension version 3.4.9 is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-20111 | 2025-02-26 | 7.4 High | ||
| A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames. An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to an affected device. A successful exploit could allow the attacker to cause the device to reload. | ||||
| CVE-2023-1448 | 1 Gpac | 1 Gpac | 2025-02-26 | 5.3 Medium |
| A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function gf_m2ts_process_sdt of the file media_tools/mpegts.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223293 was assigned to this vulnerability. | ||||
| CVE-2025-1538 | 1 Dlink | 2 Dap-1320, Dap-1320 Firmware | 2025-02-25 | 8.8 High |
| A vulnerability classified as critical was found in D-Link DAP-1320 1.00. Affected by this vulnerability is the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-45421 | 2025-02-25 | 8.5 High | ||
| Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access. | ||||
| CVE-2023-27591 | 1 Miniflux Project | 1 Miniflux | 2025-02-25 | 7.5 High |
| Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the `METRICS_COLLECTOR` configuration option is enabled and `METRICS_ALLOWED_NETWORKS` is set to `127.0.0.1/8` (the default). A patch is available in Miniflux 2.0.43. As a workaround, set `METRICS_COLLECTOR` to `false` (default) or run Miniflux behind a trusted reverse-proxy. | ||||
| CVE-2025-0633 | 2025-02-19 | 4.0 Medium | ||
| Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory | ||||
| CVE-2023-25664 | 1 Google | 1 Tensorflow | 2025-02-19 | 7.5 High |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1. | ||||
| CVE-2023-25668 | 1 Google | 1 Tensorflow | 2025-02-19 | 9.8 Critical |
| TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1. | ||||
| CVE-2023-1655 | 1 Gpac | 1 Gpac | 2025-02-19 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0. | ||||
| CVE-2023-0210 | 1 Linux | 1 Linux Kernel | 2025-02-19 | 7.5 High |
| A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems. | ||||
| CVE-2022-24672 | 1 Canon | 152 1435i\+, 1435i\+ Firmware, 1435if and 149 more | 2025-02-19 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15802. | ||||