Search Results (245 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-34301 2 Ashlar, Ashlar Vellum 2 Cobalt, Cobalt 2025-08-08 N/A
Ashlar-Vellum Cobalt CO File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-17909.
CVE-2023-34309 1 Ashlar 1 Cobalt 2025-08-08 N/A
Ashlar-Vellum Cobalt Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-19876.
CVE-2023-34300 2 Ashlar, Ashlar Vellum 2 Cobalt, Cobalt 2025-08-08 N/A
Ashlar-Vellum Cobalt XE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-17948.
CVE-2024-25078 1 Insyde 2 Insydeh2o, Kernel 2025-07-29 7.4 High
A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB19130163 in 05.61.07 could lead to escalating privileges in SMM.
CVE-2024-38187 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2025-07-10 7.8 High
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-38185 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2025-07-10 7.8 High
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-43636 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2025-07-08 7.8 High
Win32k Elevation of Privilege Vulnerability
CVE-2024-43629 1 Microsoft 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more 2025-07-08 7.8 High
Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-43624 1 Microsoft 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more 2025-07-08 8.8 High
Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
CVE-2024-43646 1 Microsoft 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more 2025-07-08 6.7 Medium
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-43631 1 Microsoft 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more 2025-07-08 6.7 Medium
Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2023-43532 1 Qualcomm 26 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 23 more 2025-06-17 8.4 High
Memory corruption while reading ACPI config through the user mode app.
CVE-2023-34333 1 Ami 1 Megarac Sp-x 2025-06-17 7.8 High
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference via a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
CVE-2023-34332 1 Ami 1 Megarac Sp-x 2025-06-17 7.8 High
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference by a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
CVE-2024-20680 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-06-09 6.5 Medium
Windows Message Queuing Client (MSMQC) Information Disclosure
CVE-2024-20663 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-06-03 6.5 Medium
Windows Message Queuing Client (MSMQC) Information Disclosure
CVE-2023-36011 1 Microsoft 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more 2025-05-22 7.8 High
Win32k Elevation of Privilege Vulnerability
CVE-2023-27342 1 Pdf-xchange 2 Pdf-tools, Pdf-xchange Editor 2025-05-20 7.8 High
PDF-XChange Editor EMF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18766.
CVE-2023-39501 1 Pdf-xchange 2 Pdf-tools, Pdf-xchange Editor 2025-05-19 7.8 High
PDF-XChange Editor OXPS File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OXPS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20034.
CVE-2023-40471 1 Pdf-xchange 3 Pdf-tools, Pdf-xchange Editor, Pdf-xchange Pro 2025-05-19 7.8 High
PDF-XChange Editor App Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of App objects. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20729.