A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 53aebe66170d545bb6265906fe4324e4477de8b4. It is suggested to install a patch to address this issue.

Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.

Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High)

Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer oveflow takes place trying to copy the first 12 bits from local variable.

Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file.

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.

A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function AI_MD5_PARSE_STRING_IN_QUOTATION of the file code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Handler. The manipulation of the argument data leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.