| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch. |
| Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
| Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
| Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. |
| Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. |
| A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c. |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
| Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
| vim is vulnerable to Heap-based Buffer Overflow |
| An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that |
| vim is vulnerable to Heap-based Buffer Overflow |
| An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. |
| An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. |
| A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a patch to fix this issue. |
| Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12. |
| Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator account across all versions. |
