Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. (Chromium security severity: Medium)
Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.
Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
SQL Server Native Client Remote Code Execution Vulnerability
SQL Server Native Client Remote Code Execution Vulnerability
SQL Server Native Client Remote Code Execution Vulnerability
SQL Server Native Client Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
SQL Server Native Client Remote Code Execution Vulnerability
SQL Server Native Client Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
SQL Server Native Client Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
SQL Server Native Client Remote Code Execution Vulnerability
SQL Server Native Client Remote Code Execution Vulnerability
SQL Server Native Client Remote Code Execution Vulnerability
SQL Server Native Client Remote Code Execution Vulnerability
SQL Server Native Client Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
SQL Server Native Client Remote Code Execution Vulnerability
SQL Server Native Client Remote Code Execution Vulnerability
SQL Server Native Client Remote Code Execution Vulnerability
SQL Server Native Client Remote Code Execution Vulnerability
SQL Server Native Client Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability