Filtered by CWE-122
Total 2524 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-3156 9 Beyondtrust, Debian, Fedoraproject and 6 more 38 Privilege Management For Mac, Privilege Management For Unix\/linux, Debian Linux and 35 more 2025-07-30 7.8 High
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVE-2021-21017 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2025-07-30 8.8 High
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-23376 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-07-30 7.8 High
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-28252 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-07-30 7.8 High
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-27997 1 Fortinet 4 Fortigate 6000, Fortigate 7000, Fortios and 1 more 2025-07-30 9.2 Critical
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
CVE-2023-4863 10 Bandisoft, Bentley, Debian and 7 more 17 Honeyview, Seequent Leapfrog, Debian Linux and 14 more 2025-07-30 8.8 High
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
CVE-2023-36036 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-07-30 7.8 High
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2024-30051 1 Microsoft 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more 2025-07-30 7.8 High
Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-38812 2 Broadcom, Vmware 3 Vmware Cloud Foundation, Vmware Vcenter Server, Vcenter Server 2025-07-30 9.8 Critical
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
CVE-2024-49138 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-30 7.8 High
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2025-21333 1 Microsoft 7 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 4 more 2025-07-30 7.8 High
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
CVE-2025-21418 1 Microsoft 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more 2025-07-30 7.8 High
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-24985 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-30 7.8 High
Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
CVE-2025-24993 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-07-30 7.8 High
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2024-12084 8 Almalinux, Archlinux, Gentoo and 5 more 9 Almalinux, Arch Linux, Linux and 6 more 2025-07-29 9.8 Critical
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
CVE-2025-51089 1 Tenda 3 Ac8, Ac8 Firmware, Ac8v4 2025-07-28 6.5 Medium
Tenda AC8V4 V16.03.34.06` was discovered to contain heap overflow at /goform/GetParentControlInfo.The manipulation of the argument `mac` leads to heap-based buffer overflow.
CVE-2025-2924 1 Hdfgroup 1 Hdf5 2025-07-24 3.3 Low
A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free_block leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVE-2025-2923 1 Hdfgroup 1 Hdf5 2025-07-24 3.3 Low
A vulnerability, which was classified as problematic, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5F_addr_encode_len of the file src/H5Fint.c. The manipulation of the argument pp leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVE-2025-2915 1 Hdfgroup 1 Hdf5 2025-07-24 3.3 Low
A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_size leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVE-2025-2914 1 Hdfgroup 1 Hdf5 2025-07-24 3.3 Low
A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FS__sinfo_Srialize_Sct_cb of the file src/H5FScache.c. The manipulation of the argument sect leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.