| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally. |
| The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents. |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. |
| A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/formSyslogConf. The manipulation of the argument ServerIp results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| A vulnerability has been found in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy of the file /goform/formPolicyRouteConf. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formP2PLimitConfig. Performing a manipulation of the argument except results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network. |
| Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. |
| Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. |
| Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. |
| Access of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally. |
| Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. |
| Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. |
