Known Exploited Vulnerabilities Buffer Overflow Capability Group

This heap buffer overflow vulnerability is exploited by a remote attacker via a crafted HTML page. This vulnerability has been leveraged by the NSO group to enable remote code execution within a browser's WebRTC component to install the spyware Pegasus on victim endpoints.

This heap buffer overflow vulnerability is exploited by a remote attacker via a crafted HTML page. This vulnerability has been leveraged by the NSO group to enable remote code execution within a browser's WebRTC component to install the spyware Pegasus on victim endpoints.

This buffer overflow vulnerability can be exploited to cause a denial of service.

This buffer overflow vulnerability can be exploited to cause a denial of service.

This vulnerability was exploited by a remote attacker using a crafted HTML page to trigger a heap buffer overflow in the vp8 encoding of libvpx, leading to heap corruption. This flaw was part of a spyware campaign. The exploitation allowed for program crashes or arbitrary code execution, ultimately resulting in the installation of spyware.

This vulnerability was exploited by a remote attacker using a crafted HTML page to trigger a heap buffer overflow in the vp8 encoding of libvpx, leading to heap corruption. This flaw was part of a spyware campaign. The exploitation allowed for program crashes or arbitrary code execution, ultimately resulting in the installation of spyware.

This is a buffer overflow vulnerability that results in unauthorized disclosure of memory, including session tokens.

This is a buffer overflow vulnerability that results in unauthorized disclosure of memory, including session tokens.

This is a buffer overflow vulnerability that results in unauthorized disclosure of memory, including session tokens.

This buffer overflow vulnerability allows adversaries to remotely execute arbitrary code via specially crafted requests. Adversaries have been observed adding accounts to config files

This buffer overflow vulnerability allows adversaries to remotely execute arbitrary code via specially crafted requests. Adversaries have been observed adding accounts to config files

This buffer overflow vulnerability allows adversaries to remotely execute arbitrary code via specially crafted requests. Adversaries have been observed adding accounts to config files

CVE-2022-42475 is a remotely-expoitable heap overflow vulnerability. Adversaries have been observed exploiting this vulnerability to deliver malicious software to the target device. This malicious software has observed anti-debugging and command and control capabilities (over HTTP).

CVE-2022-42475 is a remotely-expoitable heap overflow vulnerability. Adversaries have been observed exploiting this vulnerability to deliver malicious software to the target device. This malicious software has observed anti-debugging and command and control capabilities (over HTTP).

CVE-2022-42475 is a remotely-expoitable heap overflow vulnerability. Adversaries have been observed exploiting this vulnerability to deliver malicious software to the target device. This malicious software has observed anti-debugging and command and control capabilities (over HTTP).

CVE-2022-42475 is a remotely-expoitable heap overflow vulnerability. Adversaries have been observed exploiting this vulnerability to deliver malicious software to the target device. This malicious software has observed anti-debugging and command and control capabilities (over HTTP).

This vulnerability is exploited by bypassing user authentication mechanisms via a lack of proper validation of a user-supplied string before executing a system call. This could grant adversaries root access to execute arbitrary code.

This vulnerability is exploited by bypassing user authentication mechanisms via a lack of proper validation of a user-supplied string before executing a system call. This could grant adversaries root access to execute arbitrary code.

This Digital Signature Verification Bypass vulnerability is exploited by an unauthenticated, local attacker. The attacker exploits an improper verification of software images that could allow the attacker to install and boot malicious images or execute unsigned binaries.

This insufficient authorization vulnerability is exploited by a local attacker who has access to low-privileged code where they then execute commands within confd_cli at a higher privilege levels. Performing these commands could grant the local attacker root privileges.

This insufficient authorization vulnerability is exploited by a local attacker who has access to low-privileged code where they then execute commands within confd_cli at a higher privilege levels. Performing these commands could grant the local attacker root privileges.

This vulnerability is exploited by a remote attacker who sends specific commands to a Cisco router that does not have sufficient authorization enforcement mechanisms in place. This could allow the remote attacker to gain root privileges and execute arbitrary commands on the system.

This vulnerability is exploited by a remote attacker who sends specific commands to a Cisco router that does not have sufficient authorization enforcement mechanisms in place. This could allow the remote attacker to gain root privileges and execute arbitrary commands on the system.

This vulnerability is exploited by a remote, unauthenticated attacker by "sending a specially crafted HTTP request to a vulnerable device that is acting as an SSL VPN Gateway.” This can be performed due to insufficient boundary checks when processing specific HTTP requests. If exploited, this could grant root privileges to the attacker.

This vulnerability is exploited by a remote, unauthenticated attacker by "sending a specially crafted HTTP request to a vulnerable device that is acting as an SSL VPN Gateway.” This can be performed due to insufficient boundary checks when processing specific HTTP requests. If exploited, this could grant root privileges to the attacker.

This vulnerability is exploited through a buffer overflow weakness. Remote authenticated attackers leverage this vulnerability to perform arbitrary code execution with root privileges on the Pulse Connect Secure gateway by manipulating input buffers.

This vulnerability is exploited through a buffer overflow weakness. Remote authenticated attackers leverage this vulnerability to perform arbitrary code execution with root privileges on the Pulse Connect Secure gateway by manipulating input buffers.

CVE-2021-21148 allows an adversary to use JavaScript to exploit the Chromium browser V8 JavaScript engine which allows for a write into the heap.

CVE-2021-21148 allows an adversary to use JavaScript to exploit the Chromium browser V8 JavaScript engine which allows for a write into the heap.

This exploit requires a user to open a malicious file. It can then result in execution of arbitrary code which could have any number of impacts.

CVE-2020-5735 is a stack-based buffer overflow vulnerability in Amcrest cameras and NVR that allows an authenticated remote attacker to possibly execute unauthorized code over port 37777 and crash the device.

CVE-2020-5735 is a stack-based buffer overflow vulnerability in Amcrest cameras and NVR that allows an authenticated remote attacker to possibly execute unauthorized code over port 37777 and crash the device.

CVE-2020-29557 is a buffer overflow vulnerability in the web interface allows attackers to achieve pre-authentication remote code execution. Unidentified threat actors are reported to have been actively exploiting it to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure.

CVE-2020-29557 is a buffer overflow vulnerability in the web interface allows attackers to achieve pre-authentication remote code execution. Unidentified threat actors are reported to have been actively exploiting it to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure.

CVE-2020-29557 is a buffer overflow vulnerability in the web interface allows attackers to achieve pre-authentication remote code execution. Unidentified threat actors are reported to have been actively exploiting it to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure.

CVE-2018-6789 is a vulnerability in Exim, an open-source mail transfer agent. This vulnerability, identified as an off-by-one buffer overflow, allows attackers to execute arbitrary code remotely by sending specially crafted messages to the SMTP listener.

CVE-2018-6789 is a vulnerability in Exim, an open-source mail transfer agent. This vulnerability, identified as an off-by-one buffer overflow, allows attackers to execute arbitrary code remotely by sending specially crafted messages to the SMTP listener.

This heap-based buffer overflow vulnerability is exploited by having a user open a maliciously-crafted file. In the wild, this exploitation has been used in order to establish command and control (over HTTP) with a target system. The command and control functionality has also been seen to employ debugging/sandboxing evasion.

This heap-based buffer overflow vulnerability is exploited by having a user open a maliciously-crafted file. In the wild, this exploitation has been used in order to establish command and control (over HTTP) with a target system. The command and control functionality has also been seen to employ debugging/sandboxing evasion.

This heap-based buffer overflow vulnerability is exploited by having a user open a maliciously-crafted file. In the wild, this exploitation has been used in order to establish command and control (over HTTP) with a target system. The command and control functionality has also been seen to employ debugging/sandboxing evasion.

This heap-based buffer overflow vulnerability is exploited by having a user open a maliciously-crafted file. In the wild, this exploitation has been used in order to establish command and control (over HTTP) with a target system. The command and control functionality has also been seen to employ debugging/sandboxing evasion.

This buffer overflow vulnerability is exploited via malicious-crafted pdf files delivered via targeted emails. Adversaries use this exploit to deliver a remote administration tool with the goal of data exfiltration.

This buffer overflow vulnerability is exploited via malicious-crafted pdf files delivered via targeted emails. Adversaries use this exploit to deliver a remote administration tool with the goal of data exfiltration.

This buffer overflow vulnerability is exploited via malicious-crafted pdf files delivered via targeted emails. Adversaries use this exploit to deliver a remote administration tool with the goal of data exfiltration.

This vulnerability is exploited by the user opening a malicious pdf file to achieve arbitrary code execution.

This vulnerability is exploited by the user opening a malicious pdf file to achieve arbitrary code execution.

This vulnerability is exploited by the user opening a malicious pdf file to achieve arbitrary code execution.

This vulnerability is exploited via a malicious PDF file in order to execute arbitrary code.

This heap-based buffer overflow vulnerability in Windows NTFS allows an attacker to elevate to SYSTEM-level privileges. This vulnerability can be exploited via malicious virtual hard disk (VHD) files that can be mounted by a system user, leading to code execution.

This heap-based buffer overflow vulnerability in Windows NTFS allows an attacker to elevate to SYSTEM-level privileges. This vulnerability can be exploited via malicious virtual hard disk (VHD) files that can be mounted by a system user, leading to code execution.

This heap-based buffer overflow vulnerability in Windows NTFS allows an attacker to elevate to SYSTEM-level privileges. This vulnerability can be exploited via malicious virtual hard disk (VHD) files that can be mounted by a system user, leading to code execution.

This heap-based buffer overflow vulnerability in Windows NTFS allows an attacker to elevate to SYSTEM-level privileges. This vulnerability can be exploited via malicious virtual hard disk (VHD) files that can be mounted by a system user, leading to code execution.

This heap-based buffer overflow vulnerability in Windows NTFS allows an attacker to elevate to SYSTEM-level privileges. This vulnerability can be exploited via malicious virtual hard disk (VHD) files that can be mounted by a system user, leading to code execution.

This vulnerability, if exploited, would allow an adversary to obtain SYSTEM-level privileges, resulting in total system compromise.

This vulnerability, if exploited, would allow an adversary to obtain SYSTEM-level privileges, resulting in total system compromise.

Exploiting this buffer overflow vulnerability could lead to an adversary gaining elevated privileges on the machine, leading to the potential for process injection using malicious code, as well as data loss.

Exploiting this buffer overflow vulnerability could lead to an adversary gaining elevated privileges on the machine, leading to the potential for process injection using malicious code, as well as data loss.

Exploiting this buffer overflow vulnerability could lead to an adversary gaining elevated privileges on the machine, leading to the potential for process injection using malicious code, as well as data loss.

Ivanti Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, and ZTA Gateways products running old versions are susceptible to a stack-based buffer overflow exploit that can lead to remote code execution. The patched versions of each product that remove this vulnerability are as follows: Ivanti Connect Secure (22.7R2.6), Pulse Connect Secure (22.7R2.6), Ivanti Policy Secure (22.7R1.4), and ZTA Gateways (22.8R2.2).

Ivanti Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, and ZTA Gateways products running old versions are susceptible to a stack-based buffer overflow exploit that can lead to remote code execution. The patched versions of each product that remove this vulnerability are as follows: Ivanti Connect Secure (22.7R2.6), Pulse Connect Secure (22.7R2.6), Ivanti Policy Secure (22.7R1.4), and ZTA Gateways (22.8R2.2).

This vulnerability in Ivanti products is version-specific, requiring any reconaissance efforts to return the exact version before exploiting. If exploited, attackers may gain the ability to execute arbitrary code and harvest credentials from the compromised device. Additionally, they may perform internal reconaissance to find additional devices on the network to compromise.

This vulnerability in Ivanti products is version-specific, requiring any reconaissance efforts to return the exact version before exploiting. If exploited, attackers may gain the ability to execute arbitrary code and harvest credentials from the compromised device. Additionally, they may perform internal reconaissance to find additional devices on the network to compromise.

This vulnerability in Ivanti products is version-specific, requiring any reconaissance efforts to return the exact version before exploiting. If exploited, attackers may gain the ability to execute arbitrary code and harvest credentials from the compromised device. Additionally, they may perform internal reconaissance to find additional devices on the network to compromise.

This vulnerability in Ivanti products is version-specific, requiring any reconaissance efforts to return the exact version before exploiting. If exploited, attackers may gain the ability to execute arbitrary code and harvest credentials from the compromised device. Additionally, they may perform internal reconaissance to find additional devices on the network to compromise.

This vulnerability in Ivanti products is version-specific, requiring any reconaissance efforts to return the exact version before exploiting. If exploited, attackers may gain the ability to execute arbitrary code and harvest credentials from the compromised device. Additionally, they may perform internal reconaissance to find additional devices on the network to compromise.

This vulnerability in Ivanti products is version-specific, requiring any reconaissance efforts to return the exact version before exploiting. If exploited, attackers may gain the ability to execute arbitrary code and harvest credentials from the compromised device. Additionally, they may perform internal reconaissance to find additional devices on the network to compromise.

An unprivileged attacker can leverage this buffer overflow vulnerability, leading to a denial of service attack. No public exploits of this vulnerability exist, and information from Citrix is limited.

An unprivileged attacker can leverage this buffer overflow vulnerability, leading to a denial of service attack, and potentially remote code execution. No public exploits of this vulnerability exist, and information from Citrix is limited.

An unprivileged attacker can leverage this buffer overflow vulnerability, leading to a denial of service attack, and potentially remote code execution. No public exploits of this vulnerability exist, and information from Citrix is limited.

This stack-based buffer overflow vulnerability in Active! mail allows an unauthenticated attacker to achieve remote code execution, as well as execute a denial of service attack by crashing the server.

This stack-based buffer overflow vulnerability in Active! mail allows an unauthenticated attacker to achieve remote code execution, as well as execute a denial of service attack by crashing the server.

This stack-based buffer overflow vulnerability in Active! mail allows an unauthenticated attacker to achieve remote code execution, as well as execute a denial of service attack by crashing the server.

This stack-based buffer overflow vulnerability in Active! mail allows an unauthenticated attacker to achieve remote code execution, as well as execute a denial of service attack by crashing the server.

Attackers use a Python script (publicly available or custom) to send a malformed POST request, triggering a buffer overflow. From there, they execute remote code and malicious payloads (i.e. malware), harvest credentials, move laterally over the network, erase logs to avoid detection, and exfiltrate data over C2.

Attackers use a Python script (publicly available or custom) to send a malformed POST request, triggering a buffer overflow. From there, they execute remote code and malicious payloads (i.e. malware), harvest credentials, move laterally over the network, erase logs to avoid detection, and exfiltrate data over C2.

Attackers use a Python script (publicly available or custom) to send a malformed POST request, triggering a buffer overflow. From there, they execute remote code and malicious payloads (i.e. malware), harvest credentials, move laterally over the network, erase logs to avoid detection, and exfiltrate data over C2.

Attackers use a Python script (publicly available or custom) to send a malformed POST request, triggering a buffer overflow. From there, they execute remote code and malicious payloads (i.e. malware), harvest credentials, move laterally over the network by scanning for other devices, erase logs to avoid detection, and exfiltrate data over C2.

Attackers use a Python script (publicly available or custom) to send a malformed POST request, triggering a buffer overflow. From there, they execute remote code and malicious payloads (i.e. malware), harvest credentials, move laterally over the network by scanning for other devices, erase logs to avoid detection, and exfiltrate data over C2.

Attackers use a Python script (publicly available or custom) to send a malformed POST request, triggering a buffer overflow. From there, they execute remote code and malicious payloads (i.e. malware), harvest credentials, move laterally over the network by scanning for other devices, erase logs to avoid detection, and exfiltrate data over C2.

Attackers use a Python script (publicly available or custom) to send a malformed POST request, triggering a buffer overflow. From there, they execute remote code and malicious payloads (i.e. malware), harvest credentials, move laterally over the network by scanning for other devices, erase logs to avoid detection, and exfiltrate data over C2.

Attackers have exploited this heap-based buffer overflow vulnerability to escalate their privileges to SYSTEM-level, allowing them to execute arbitrary code, disable security tools, deploy malicious payloads, and extract credentials from memory.

Attackers have exploited this heap-based buffer overflow vulnerability to escalate their privileges to SYSTEM-level, allowing them to execute arbitrary code, disable security tools, deploy malicious payloads, and extract credentials from memory.

Attackers have exploited this heap-based buffer overflow vulnerability to escalate their privileges to SYSTEM-level, allowing them to execute arbitrary code, disable security tools, deploy malicious payloads, and extract credentials from memory.

Attackers have exploited this heap-based buffer overflow vulnerability to escalate their privileges to SYSTEM-level, allowing them to execute arbitrary code, disable security tools, deploy malicious payloads, and extract credentials from memory.

Attackers have exploited this heap-based buffer overflow vulnerability to escalate their privileges to SYSTEM-level, allowing them to execute arbitrary code, disable security tools, deploy malicious payloads, and extract credentials from memory.