Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CVEs (14,083)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-20731 2Mediatek Openwrt 2Openwrt Software Development Kit Feb 26, 2026 Nov 4, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege (when OceReduce...Show more In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege (when OceReducedNeighborReport is disabled). User interaction is not needed for exploitation. Patch ID: WCNCR00441511; Issue ID: MSV-4140.Show less
CVE-2025-20729 2Mediatek Openwrt 2Openwrt Software Development Kit Nov 5, 2025 Nov 4, 2025 N/A· v4 4.2 MEDIUM· v3 N/A· v2 In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interacti...Show more In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00441512; Issue ID: MSV-4153.Show less
CVE-2025-20728 1Mediatek 1Software Development Kit Nov 5, 2025 Nov 4, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In wlan STA driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exp...Show more In wlan STA driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00447115; Issue ID: MSV-4276.Show less
CVE-2025-20727 1Mediatek 5Lr12a Nr15Nr16+2 more Feb 4, 2026 Nov 4, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additi...Show more In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623.Show less
CVE-2025-20726 1Mediatek 5Lr12a Nr15Nr16+2 more Nov 5, 2025 Nov 4, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no add...Show more In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622.Show less
CVE-2025-20725 1Mediatek 3Lr12a Nr15Nr16 Nov 5, 2025 Nov 4, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 In ims service, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no...Show more In ims service, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01671924; Issue ID: MSV-4620.Show less
CVE-2025-47367 1Qualcomm 31Fastconnect 6700 Firmware Fastconnect 6900 FirmwareFastconnect 7800 Firmware+28 more Nov 5, 2025 Nov 4, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption while accessing a buffer during IOCTL processing.
CVE-2025-27070 1Qualcomm 174Ar8035 Firmware Fastconnect 6200 FirmwareFastconnect 6700 Firmware+171 more Nov 5, 2025 Nov 4, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption while performing encryption and decryption commands.
CVE-2025-43505 1Apple 1Xcode Nov 4, 2025 Nov 4, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Xcode 26.1. Processing a maliciously crafted file may lead to heap corruption.
CVE-2025-43447 1Apple 4Ipados Iphone OsVisionos+1 more Apr 2, 2026 Nov 4, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The issue was addressed with improved memory handling. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An app may be able to cause unexpected system termination or corrupt...Show more The issue was addressed with improved memory handling. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory.Show less
CVE-2025-43433 1Apple 6Ipados Iphone OsSafari+3 more Apr 2, 2026 Nov 4, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing mali...Show more The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption.Show less
CVE-2025-43431 1Apple 6Ipados Iphone OsSafari+3 more Apr 2, 2026 Nov 4, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing mali...Show more The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption.Show less
CVE-2025-43421 1Apple 4Ipados Iphone OsSafari+1 more Apr 2, 2026 Nov 4, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to...Show more Multiple issues were addressed by disabling array allocation sinking. This issue is fixed in Safari 26.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.Show less
CVE-2025-43380 1Apple 1Macos Apr 2, 2026 Nov 4, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. Parsing a file may lead to an unexpected app termination.
CVE-2025-43373 1Apple 1Macos Apr 2, 2026 Nov 4, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to cause unexpected system termination or corrupt kernel memor...Show more The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory.Show less
CVE-2025-12603 1Azure Access 2Blu Ic2 Firmware Blu Ic4 Firmware Nov 7, 2025 Nov 1, 2025 2.3 LOW· v4 9.8 CRITICAL· v3 N/A· v2 /etc/timezone can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12602 1Azure Access 2Blu Ic2 Firmware Blu Ic4 Firmware Nov 7, 2025 Nov 1, 2025 2.3 LOW· v4 9.8 CRITICAL· v3 N/A· v2 /etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-58148 1Xen 1Xen Jan 14, 2026 Oct 31, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three forma...Show more [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause out-of-bounds reads and writes while processing the inputs. * CVE-2025-58147. Hypercalls using the HV_VP_SET Sparse format can cause vpmask_set() to write out of bounds when converting the bitmap to Xen's format. * CVE-2025-58148. Hypercalls using any input format can cause send_ipi() to read d->vcpu[] out-of-bounds, and operate on a wild vCPU pointer.Show less
CVE-2025-10925 1Gimp 1Gimp Nov 4, 2025 Oct 29, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required...Show more GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ILBM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27793.Show less
CVE-2025-10922 2Debian Gimp 2Debian Linux Gimp Nov 4, 2025 Oct 29, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required t...Show more GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27863.Show less

Previous 1...535455...705 Next