Export limit exceeded: 20163 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20163 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-20892 | 1 Vmware | 1 Vcenter Server | 2025-02-13 | 8.1 High |
| The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server. | ||||
| CVE-2023-1820 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-02-13 | 8.8 High |
| Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-1812 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-02-13 | 8.8 High |
| Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-1810 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-02-13 | 8.8 High |
| Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-1801 | 1 Tcpdump | 1 Tcpdump | 2025-02-13 | 6.5 Medium |
| The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. | ||||
| CVE-2023-1529 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 9.8 Critical |
| Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) | ||||
| CVE-2023-1220 | 1 Google | 1 Chrome | 2025-02-13 | 8.8 High |
| Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-1219 | 1 Google | 1 Chrome | 2025-02-13 | 8.8 High |
| Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-0930 | 1 Google | 1 Chrome | 2025-02-13 | 8.8 High |
| Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-0841 | 1 Gpac | 1 Gpac | 2025-02-13 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087. | ||||
| CVE-2023-0809 | 2 Eclipse, Redhat | 3 Mosquitto, Satellite, Satellite Capsule | 2025-02-13 | 5.8 Medium |
| In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. | ||||
| CVE-2023-0199 | 1 Nvidia | 7 Geforce, Gpu Display Driver, Nvs and 4 more | 2025-02-13 | 6.1 Medium |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering. | ||||
| CVE-2023-0191 | 6 Citrix, Linux, Microsoft and 3 more | 6 Hypervisor, Linux Kernel, Windows and 3 more | 2025-02-13 | 7.1 High |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering. | ||||
| CVE-2023-0183 | 5 Citrix, Linux, Nvidia and 2 more | 5 Hypervisor, Linux Kernel, Virtual Gpu and 2 more | 2025-02-13 | 7.1 High |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-bounds write can lead to denial of service and data tampering. | ||||
| CVE-2022-4920 | 1 Google | 1 Chrome | 2025-02-13 | 9.6 Critical |
| Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2022-4914 | 1 Google | 1 Chrome | 2025-02-13 | 8.8 High |
| Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2022-38143 | 1 Openimageio | 1 Openimageio | 2025-02-13 | 9.8 Critical |
| A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2022-28888 | 1 Spryker | 1 Cloud Commerce | 2025-02-13 | 9.8 Critical |
| Spryker Commerce OS 1.4.2 allows Remote Command Execution. | ||||
| CVE-2022-28734 | 3 Gnu, Netapp, Redhat | 5 Grub2, Active Iq Unified Manager, Enterprise Linux and 2 more | 2025-02-13 | 8.1 High |
| Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata. | ||||
| CVE-2022-23086 | 1 Freebsd | 1 Freebsd | 2025-02-13 | 9.8 Critical |
| Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Users with access to the mpr, mps or mpt device node may overwrite heap data, potentially resulting in privilege escalation. Note that the device node is only accessible to root and members of the operator group. | ||||