Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CVEs (14,093)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-5853 1Tenda 1Ac6 Firmware Jun 9, 2025 Jun 9, 2025 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability classified as critical was found in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg. The manipulation of the argument remoteI...Show more A vulnerability classified as critical was found in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-5847 1Tenda 1Ac9 Firmware Jun 9, 2025 Jun 8, 2025 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Reque...Show more A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-5481 1Santesoft 1Dicom Viewer Pro Aug 14, 2025 Jun 6, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. U...Show more Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26168.Show less
CVE-2025-5685 1Tenda 1Ch22 Firmware Jun 10, 2025 Jun 5, 2025 8.7 HIGH· v4 9.8 CRITICAL· v3 9.0 HIGH· v2 A vulnerability, which was classified as critical, was found in Tenda CH22 1.0.0.1. This affects the function formNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer o...Show more A vulnerability, which was classified as critical, was found in Tenda CH22 1.0.0.1. This affects the function formNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-5630 1Dlink 1Dir 816 Firmware Jun 6, 2025 Jun 5, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-bas...Show more A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.Show less
CVE-2025-5624 1Dlink 1Dir 816 Firmware Jun 6, 2025 Jun 5, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group...Show more A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_remarker leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.Show less
CVE-2025-5623 1Dlink 1Dir 816 Firmware Jun 6, 2025 Jun 5, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_addre...Show more A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.Show less
CVE-2025-5622 1Dlink 1Dir 816 Firmware Jun 6, 2025 Jun 5, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_...Show more A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5g leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.Show less
CVE-2025-5619 1Tenda 1Ch22 Firmware Jun 6, 2025 Jun 4, 2025 8.7 HIGH· v4 9.8 CRITICAL· v3 9.0 HIGH· v2 A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to...Show more A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-5600 1Totolink 1Ex1200t Firmware Jun 10, 2025 Jun 4, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argum...Show more A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument LangType leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-5688 - - Oct 14, 2025 Jun 4, 2025 7.5 HIGH· v4 N/A· v3 N/A· v2 We have identified a buffer overflow issue allowing out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This issue only affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS...Show more We have identified a buffer overflow issue allowing out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This issue only affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled. Users should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.Show less
CVE-2025-5601 1Wireshark 1Wireshark Nov 21, 2025 Jun 4, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file
CVE-2025-47728 1Deltaww 1Cncsoft G2 Jul 11, 2025 Jun 4, 2025 7.3 HIGH· v4 7.3 HIGH· v3 N/A· v2 Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2025-47727 1Deltaww 1Cncsoft Jul 11, 2025 Jun 4, 2025 7.3 HIGH· v4 7.3 HIGH· v3 N/A· v2 Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2025-47726 1Deltaww 1Cncsoft Jul 11, 2025 Jun 4, 2025 7.3 HIGH· v4 7.3 HIGH· v3 N/A· v2 Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2025-47725 1Deltaww 1Cncsoft Jul 11, 2025 Jun 4, 2025 7.3 HIGH· v4 7.3 HIGH· v3 N/A· v2 Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2025-47724 1Deltaww 1Cncsoft Jul 11, 2025 Jun 4, 2025 7.3 HIGH· v4 7.3 HIGH· v3 N/A· v2 Delta Electronics CNCSoft lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2025-5572 1Dlink 1Dcs 932l Firmware Jun 6, 2025 Jun 4, 2025 8.7 HIGH· v4 7.5 HIGH· v3 9.0 HIGH· v2 A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file /setSystemEmail. The manipulation of the argument EmailSMT...Show more A vulnerability was found in D-Link DCS-932L 2.18.01. It has been declared as critical. Affected by this vulnerability is the function setSystemEmail of the file /setSystemEmail. The manipulation of the argument EmailSMTPPortNumber leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.Show less
CVE-2025-20993 1Samsung 1Android Feb 10, 2026 Jun 4, 2025 N/A· v4 6.8 MEDIUM· v3 N/A· v2 Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory.
CVE-2025-5527 1Tenda 1Rx3 Firmware Jun 9, 2025 Jun 3, 2025 8.7 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was found in Tenda RX3 16.03.13.11_multi_TDE01. It has been rated as critical. This issue affects the function save_staticroute_data of the file /goform/SetStaticRouteCfg. The manipulation of the argument...Show more A vulnerability was found in Tenda RX3 16.03.13.11_multi_TDE01. It has been rated as critical. This issue affects the function save_staticroute_data of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less

Previous 1...747576...705 Next