Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-56001

Summary
Assigner-suse
Assigner Org ID-404e59f5-483d-4b8a-8e7a-e67604dd8afb
Published At-08 Jul, 2026 | 08:49
Updated At-09 Jul, 2026 | 03:55
Rejected At-
Credits

libXfont2 BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow

A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:suse
Assigner Org ID:404e59f5-483d-4b8a-8e7a-e67604dd8afb
Published At:08 Jul, 2026 | 08:49
Updated At:09 Jul, 2026 | 03:55
Rejected At:
▼CVE Numbering Authority (CNA)
libXfont2 BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow

A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont

Affected Products
Vendor
X.Org FoundationX.Org
Product
libXfont2
Package Name
libXfont2
Repo
https://gitlab.freedesktop.org/xorg/lib/libxfont
Default Status
unaffected
Versions
Affected
  • From 0 before 2.0.8 (rpm)
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122 Heap-based buffer overflow
Type: CWE
CWE ID: CWE-122
Description: CWE-122 Heap-based buffer overflow
Metrics
VersionBase scoreBase severityVector
3.18.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-234CAPEC-234 Hijacking a privileged process
CAPEC ID: CAPEC-234
Description: CAPEC-234 Hijacking a privileged process
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Anonymous working with Trend Micro Zero Day Initiative.
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.openwall.com/lists/oss-security/2026/07/08/1
vendor-advisory
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/be0b08e2d354138d3222b4490e2a77c6ee42f778
patch
Hyperlink: https://www.openwall.com/lists/oss-security/2026/07/08/1
Resource:
vendor-advisory
Hyperlink: https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/be0b08e2d354138d3222b4490e2a77c6ee42f778
Resource:
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:meissner@suse.de
Published At:08 Jul, 2026 | 09:16
Updated At:09 Jul, 2026 | 19:46

A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

X.Org Foundation
x
>>libxfont>>Versions from 2.0.0(inclusive) to 2.0.8(exclusive)
cpe:2.3:a:x:libxfont:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-122Secondarymeissner@suse.de
CWE ID: CWE-122
Type: Secondary
Source: meissner@suse.de
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/be0b08e2d354138d3222b4490e2a77c6ee42f778meissner@suse.de
Patch
https://www.openwall.com/lists/oss-security/2026/07/08/1meissner@suse.de
Mailing List
Patch
Third Party Advisory
Hyperlink: https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/be0b08e2d354138d3222b4490e2a77c6ee42f778
Source: meissner@suse.de
Resource:
Patch
Hyperlink: https://www.openwall.com/lists/oss-security/2026/07/08/1
Source: meissner@suse.de
Resource:
Mailing List
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

79Records found

CVE-2024-29161
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.86% / 54.44%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 16:24
Updated-18 Apr, 2025 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

Action-Not Available
Vendor-n/aThe HDF Group
Product-hdf5n/ahdf5
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-32710
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.86% / 54.31%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 18:31
Updated-31 Mar, 2026 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in MariaDB

MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2.

Action-Not Available
Vendor-MariaDB Foundation
Product-mariadbserver
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-26191
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.62% / 73.42%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:53
Updated-31 Dec, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2019sql_server_2022sql_2016_azure_connect_feature_packsql_server_2017sql_server_2016Microsoft SQL Server 2022 for (CU 14)Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2017 (GDR)Microsoft SQL Server 2017 (CU 31)Microsoft SQL Server 2019 (CU 28)Microsoft SQL Server 2022 (GDR)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-32137
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-1.32% / 67.71%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 07:46
Updated-16 Sep, 2024 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODESYS Runtime System prone to heap based buffer overflow

In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User interaction is not required.

Action-Not Available
Vendor-CODESYS GmbH
Product-runtime_toolkitplcwinntPLCWinNTRuntime Toolkit
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-31144
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7||HIGH
EPSS-3.13% / 86.41%
||
7 Day CHG+0.75%
Published-19 Jul, 2022 | 20:15
Updated-23 Apr, 2025 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential heap overflow in Redis

Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4.

Action-Not Available
Vendor-Redis Inc.
Product-redisredis
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-15196
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.5||HIGH
EPSS-0.90% / 55.73%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 18:40
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap buffer overflow in Tensorflow

In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both tensors are fully specified. In the sparse and ragged count weights are still accessed in parallel with the data. But, since there is no validation, a user passing fewer weights than the values for the tensors can generate a read from outside the bounds of the heap buffer allocated for the weights. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-2915
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-8.8||HIGH
EPSS-1.36% / 68.56%
||
7 Day CHG~0.00%
Published-26 Aug, 2022 | 20:30
Updated-03 Aug, 2024 | 00:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions.

Action-Not Available
Vendor-SonicWall Inc.
Product-sma_410_firmwaresma_210sma_400_firmwaresma_410sma_210_firmwaresma_500v_firmwaresma_500vsma_200_firmwaresma_200sma_400SMA100
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-25588
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-1.03% / 59.81%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 16:48
Updated-07 May, 2026 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RedisTimeSeries RESTORE invalid memory access may allow remote code execution

RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the RedisTimeSeries module loaded can supply a crafted serialized payload that triggers invalid memory access and may lead to remote code execution. A workaround is to restrict access to the RESTORE command with ACL rules. This has been patched in version 1.12.14.

Action-Not Available
Vendor-redistimeseriesRedisTimeSeries
Product-redistimeseriesRedisTimeSeries
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-25589
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-1.33% / 67.91%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 16:50
Updated-07 May, 2026 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RedisBloom RESTORE invalid memory access may allow remote code execution

RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the RedisBloom module loaded can supply a crafted serialized payload that triggers invalid memory access and may lead to remote code execution. A workaround is to restrict access to the RESTORE command with ACL rules. This issue is fixed in version 2.8.20.

Action-Not Available
Vendor-redisbloomRedisBloom
Product-redisbloomRedisBloom
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-25243
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-3.00% / 85.83%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 16:44
Updated-16 Jul, 2026 | 12:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
redis-server RESTORE invalid memory access may allow remote code execution

Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may lead to remote code execution. A workaround is to restrict access to the RESTORE command with ACL rules. This is patched in version 8.6.3.

Action-Not Available
Vendor-Red Hat, Inc.Redis Inc.
Product-redisredisRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Hardened ImagesRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-2005
Matching Score-4
Assigner-PostgreSQL
ShareView Details
Matching Score-4
Assigner-PostgreSQL
CVSS Score-8.8||HIGH
EPSS-1.21% / 64.94%
||
7 Day CHG~0.00%
Published-12 Feb, 2026 | 13:00
Updated-15 Jul, 2026 | 02:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Action-Not Available
Vendor-n/aRed Hat, Inc.The PostgreSQL Global Development Group
Product-postgresqlPostgreSQLRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Update Infrastructure 5Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Hardened Images
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-12244
Matching Score-4
Assigner-NLnet Labs
ShareView Details
Matching Score-4
Assigner-NLnet Labs
CVSS Score-8.7||HIGH
EPSS-0.30% / 22.26%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 05:24
Updated-26 Jun, 2026 | 02:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap overflow and crash with crafted SVCB RR

If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an (uint16_t) variable that is used to allocate space needed for the RR wrap (because total size > 65535), causing a heap overflow. The attacker can perform a controlled (RCE class) head write of up to 65509 bytes

Action-Not Available
Vendor-nlnetlabsNLnet Labs
Product-nsdNSD
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-11610
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.63% / 46.02%
||
7 Day CHG~0.00%
Published-07 Jul, 2026 | 09:17
Updated-08 Jul, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
389-ds-base: 389-ds-base: heap buffer overflow in sasl_io_recv() via padded sasl unbind

A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). After a successful SASL bind with integrity protection (SSF > 0), an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer without a bounds check in sasl_io_recv() in sasl_io.c. This allows up to approximately 2 megabytes of attacker-controlled data to overflow the buffer, causing a denial of service (server crash). In FreeIPA and Red Hat Identity Management deployments, any domain user with a valid Kerberos ticket, any enrolled host, or any service account can trigger this vulnerability over the network after authenticating via GSSAPI. The vulnerable code path has existed since approximately 2013 (389-ds-base 1.3.2) and was not addressed by the CVE-2025-14905 fix, which patched a separate heap overflow in schema.c only.

Action-Not Available
Vendor-389dsRed Hat, Inc.
Product-Red Hat Directory Server 13Red Hat Directory Server 12.4 E4S for RHEL 9Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 6Red Hat Directory Server 11.9 for RHEL 8Red Hat Directory Server 11.7 E4S for RHEL 8Red Hat Directory Server 12Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.8 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Directory Server 11.5 E4S for RHEL 8Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Directory Server 12.2 E4S for RHEL 9389-ds-baseRed Hat Directory Server 13.2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-0132
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-8.8||HIGH
EPSS-0.29% / 20.51%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:51
Updated-17 Jun, 2026 | 03:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-0149
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-8.8||HIGH
EPSS-0.29% / 20.51%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 18:51
Updated-17 Jun, 2026 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-8178
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.78% / 51.67%
||
7 Day CHG~0.00%
Published-26 Jul, 2025 | 04:32
Updated-01 Aug, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda AC10 RequestsProcessLaid heap-based overflow

A vulnerability classified as critical has been found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /goform/RequestsProcessLaid. The manipulation of the argument device1D leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Tenda Technology Co., Ltd.
Product-ac10ac10_firmwareAC10
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-33877
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.92% / 56.28%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 16:48
Updated-18 Apr, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c.

Action-Not Available
Vendor-n/aThe HDF Group
Product-hdf5n/ahdf5
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-33873
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.92% / 56.28%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 16:46
Updated-18 Apr, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c.

Action-Not Available
Vendor-n/aThe HDF Group
Product-hdf5n/ahdf5
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-32623
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.91% / 56.05%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 16:45
Updated-18 Apr, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (called from H5S_select_elements in H5Spoint.c).

Action-Not Available
Vendor-n/aThe HDF Group
Product-hdf5n/ahdf5
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-32763
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.58% / 43.67%
||
7 Day CHG~0.00%
Published-06 Sep, 2024 | 16:27
Updated-20 Sep, 2024 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-quts_heroqtsQuTS heroQTS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-36824
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.4||HIGH
EPSS-77.42% / 99.51%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 16:16
Updated-10 Apr, 2025 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap overflow in COMMAND GETKEYS and ACL evaluation in Redis

Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.

Action-Not Available
Vendor-Fedora ProjectRedis Inc.
Product-fedoraredisredisredis
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-36423
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.99% / 78.42%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 17:57
Updated-08 Oct, 2025 | 23:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Remote Registry Service Remote Code Execution Vulnerability

Microsoft Remote Registry Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_server_23h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows Server 2016 (Server Core installation)Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server 2022Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows 11 version 22H2Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2012Windows 10 Version 1809Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows 11 version 22H3
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-57740
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.63% / 46.16%
||
7 Day CHG-0.01%
Published-14 Oct, 2025 | 15:22
Updated-14 Jul, 2026 | 12:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions RDP bookmark connection may allow an authenticated user to execute unauthorized code via crafted requests.

Action-Not Available
Vendor-Fortinet, Inc.Siemens AG
Product-fortiproxyfortipamfortiosFortiPAMFortiOSFortiProxyRUGGEDCOM APE1808
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-62456
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.04% / 60.22%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:55
Updated-16 Apr, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_23h2windows_server_2022windows_server_2025windows_server_2022_23h2windows_11_25h2Windows Server 2025Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2022Windows 11 Version 25H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-49717
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.5||HIGH
EPSS-0.92% / 56.20%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Remote Code Execution Vulnerability

Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2022sql_server_2019Microsoft SQL Server 2019 (CU 32)Microsoft SQL Server 2022 (GDR)Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2022 (CU 19)
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-20043
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-8.8||HIGH
EPSS-23.26% / 97.52%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 09:55
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Action-Not Available
Vendor-SonicWall Inc.
Product-sma_410_firmwaresma_210sma_410sma_400_firmwaresma_210_firmwaresma_500v_firmwaresma_500vsma_200_firmwaresma_200sma_400SonicWall SMA100
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-24876
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.40% / 69.48%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 16:55
Updated-28 Feb, 2025 | 21:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_10_20h2windows_11_22h2windows_server_2019windows_10_1607Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2019Windows Server 2012Windows 10 Version 1809Windows 11 version 21H2Windows Server 2022Windows Server 2012 R2Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2016Windows 10 Version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 1607
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-43305
Matching Score-4
Assigner-JFrog
ShareView Details
Matching Score-4
Assigner-JFrog
CVSS Score-8.8||HIGH
EPSS-1.65% / 73.83%
||
7 Day CHG~0.00%
Published-14 Mar, 2022 | 00:00
Updated-21 Nov, 2024 | 06:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.

Action-Not Available
Vendor-yandexyandexDebian GNU/Linux
Product-clickhousedebian_linuxclickhouse
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-43304
Matching Score-4
Assigner-JFrog
ShareView Details
Matching Score-4
Assigner-JFrog
CVSS Score-8.8||HIGH
EPSS-1.65% / 73.83%
||
7 Day CHG~0.00%
Published-14 Mar, 2022 | 00:00
Updated-21 Nov, 2024 | 06:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits.

Action-Not Available
Vendor-yandexyandexDebian GNU/Linux
Product-clickhousedebian_linuxclickhouse
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • Next
Details not found