Search Results (3542 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-50678 1 Microsoft 9 365 Apps, Excel 2016, Office 2019 and 6 more 2026-07-15 6.6 Medium
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-15028 1 Redhat 3 Enterprise Linux, Hummingbird, Openshift 2026-07-15 3.9 Low
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation could lead to a denial of service, making the system unavailable, or potentially allow for arbitrary code execution, giving the attacker control over the affected system.
CVE-2026-48914 1 Redhat 5 Enterprise Linux, Enterprise Linux For Nvidia 26, Enterprise Linux Nvidia and 2 more 2026-07-15 6.7 Medium
A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an out-of-bounds write in the host heap memory and a potential denial of service (DoS) for the QEMU process.
CVE-2026-58471 2 Gnu, Wget 2 Wget, Wget 2026-07-14 5.9 Medium
GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convert_fname() function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is too small during iconv E2BIG reallocation, the reallocation logic miscalculates the remaining space, leading to a heap buffer overflow that can be exploited via a maliciously crafted server response.
CVE-2026-56123 2 Dest-unreach, Socat 2 Socat, Socat 2026-07-14 8.1 High
socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read through a signed char field causing a negative bytes_to_read value that is implicitly converted to size_t, resulting in an unbounded heap write into the 262-byte reply buffer with attacker-controlled size and content.
CVE-2026-50696 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-14 7.5 High
Heap-based buffer overflow in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
CVE-2026-56155 1 Microsoft 8 Windows 10 1607, Windows 10 1809, Windows Server 2012 and 5 more 2026-07-14 7.8 High
Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.
CVE-2026-56189 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 7.8 High
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code locally.
CVE-2026-56182 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 7.8 High
Integer overflow or wraparound in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-56159 1 Microsoft 8 Windows 10 1607, Windows 10 1809, Windows Server 2012 and 5 more 2026-07-14 9.8 Critical
Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a network.
CVE-2026-55130 1 Microsoft 8 365 Apps, Office 2019, Office 2021 and 5 more 2026-07-14 7.8 High
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-55127 1 Microsoft 11 365 Apps, Office 2019, Office 2021 and 8 more 2026-07-14 7.8 High
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-50447 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 9.8 Critical
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over a network.
CVE-2026-55017 1 Microsoft 5 365 Apps, Office 2016, Office 2019 and 2 more 2026-07-14 7.8 High
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-50301 1 Microsoft 5 365 Apps, Office 2016, Office 2019 and 2 more 2026-07-14 7.8 High
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-55010 1 Microsoft 1 Minecraft Bedrock Dedicated Server 2026-07-14 9.8 Critical
Heap-based buffer overflow in Minecraft Bedrock Dedicated Server allows an unauthorized attacker to execute code over a network.
CVE-2026-50655 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-14 7.8 High
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVE-2026-50492 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-14 6.8 Medium
Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an unauthorized attacker to execute code with a physical attack.
CVE-2026-50480 1 Microsoft 4 Windows 10 1607, Windows Server 2012, Windows Server 2012 R2 and 1 more 2026-07-14 7.8 High
Heap-based buffer overflow in Windows Web Proxy Auto-Discovery Protocol (WPAD) allows an authorized attacker to elevate privileges locally.
CVE-2026-50448 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-14 7.8 High
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.