4293 matches found
CVE-2025-49695
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally...
CVE-2025-49683
Integer overflow or wraparound in Virtual Hard Disk VHDX allows an unauthorized attacker to execute code locally...
CVE-2025-48822
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally...
CVE-2025-48806
Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally...
CVE-2025-48805
Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally...
CVE-2025-48805
Heap-based buffer overflow in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally...
CVE-2025-49695
CVE-2025-49695 is a Microsoft Office remote code execution/use-after-free vulnerability affecting Office components (notably Office 2016 and related suites). The issue enables local code execution when a user opens or previews crafted content; Microsoft lists updates (e.g., KB5002742) and multipl...
CVE-2025-48822
CVE-2025-48822 is an out-of-bounds read vulnerability in Windows Hyper-V that could enable local code execution. The connected NCSC entry explicitly lists the impact as Execution of arbitrary code on Windows Hyper‑V, with CVSS base score 8.6 (LOCAL, HIGH). The documents do not provide additional ...
CVE-2025-48805
CVE-2025-48805 describes a heap-based buffer overflow in the Microsoft MPEG-2 Video Extension that could allow an authorized local attacker to execute code. The provided Connected Documents do not supply additional technical details (no vendor, product version, root-cause, specific vulnerable com...
PT-2025-28593
Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Description: An out-of-bounds read issue in Microsoft Office allows an unauthorized attacker to execute code locally. Recommendations: At the moment, there is no information about a newer versi...
PT-2025-28538 · Microsoft · Mpeg-2 Video Extension +1
Name of the Vulnerable Software and Affected Versions: Microsoft MPEG-2 Video Extension affected versions not specified Description: The issue is related to a heap-based buffer overflow in the Microsoft MPEG-2 Video Extension, which allows an authorized attacker to execute code locally...
PT-2025-28539 · Microsoft · Mpeg-2 Video Extension +1
Name of the Vulnerable Software and Affected Versions: Microsoft MPEG-2 Video Extension affected versions not specified Description: The issue is related to a use after free condition in the Microsoft MPEG-2 Video Extension, which allows an authorized attacker to execute code locally...
PT-2025-28592
Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Description: The issue is related to a use after free condition in Microsoft Office, which enables an unauthorized attacker to execute code locally. Recommendations: At the moment, there is no...
PT-2025-28768
Name of the Vulnerable Software and Affected Versions: Helm versions prior to 3.18.4 Description: A specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file can be crafted to cause...
AlmaLinux 9 : thunderbird (ALSA-2025:8607)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:8607 advisory. firefox: thunderbird: Out-of-bounds access when resolving Promise objects CVE-2025-4918 firefox: thunderbird: Out-of-bounds access when optimizing linear...
HDF5 安全漏洞
HDF5 is an open source file format and library for storing and managing large-scale scientific data. HDF5 suffers from a heap buffer overflow vulnerability that originates from an exception in the handling of the H5Ochunkprotect function in the file /src/H5Ochunk.c. An attacker can exploit this...
Updated thunderbird packages fix security vulnerabilities
CVE-2025-5262: A double-free could have occurred in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. CVE-2025-5263: Error handling for script execution was incorrectly isolated fr...
MGASA-2025-0197 Updated thunderbird packages fix security vulnerabilities
CVE-2025-5262: A double-free could have occurred in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. CVE-2025-5263: Error handling for script execution was incorrectly isolated fr...
MGASA-2025-0195 Updated nss & firefox packages fix security vulnerabilities
CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. CVE-2025-5264: Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this...
CVE-2025-49487
An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services WFBSS agent could have allowed an attacker with physical access to a machine to execute arbitrary code on affected installations. An attacker must have had physical access to the target system in...