Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CVEs (14,093)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-27477 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jul 8, 2025 Apr 8, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2025-27198 1Adobe 1Photoshop May 5, 2025 Apr 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Photoshop Desktop versions 25.12.1, 26.4.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this iss...Show more Photoshop Desktop versions 25.12.1, 26.4.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-27196 1Adobe 1Premiere Pro May 5, 2025 Apr 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Premiere Pro versions 25.1, 24.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requi...Show more Premiere Pro versions 25.1, 24.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-27195 1Adobe 1Media Encoder May 5, 2025 Apr 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Media Encoder versions 25.1, 24.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requ...Show more Media Encoder versions 25.1, 24.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-27194 1Adobe 1Media Encoder May 5, 2025 Apr 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Media Encoder versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires u...Show more Media Encoder versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-27193 1Adobe 1Bridge May 5, 2025 Apr 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Bridge versions 14.1.5, 15.0.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires...Show more Bridge versions 14.1.5, 15.0.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-27183 1Adobe 1After Effects Apr 18, 2025 Apr 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires u...Show more After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-27182 1Adobe 1After Effects Apr 18, 2025 Apr 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires u...Show more After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-3289 1Rockwellautomation 1Arena Jul 14, 2025 Apr 8, 2025 8.5 HIGH· v4 7.8 HIGH· v3 N/A· v2 A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can...Show more A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.Show less
CVE-2025-2829 1Rockwellautomation 1Arena Jul 14, 2025 Apr 8, 2025 8.5 HIGH· v4 7.8 HIGH· v3 N/A· v2 A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied...Show more A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.Show less
CVE-2025-2293 1Rockwellautomation 1Arena Jul 14, 2025 Apr 8, 2025 8.5 HIGH· v4 7.8 HIGH· v3 N/A· v2 A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied...Show more A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.Show less
CVE-2025-2288 1Rockwellautomation 1Arena Jul 14, 2025 Apr 8, 2025 8.5 HIGH· v4 7.8 HIGH· v3 N/A· v2 A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied...Show more A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.Show less
CVE-2025-30015 - - Apr 8, 2025 Apr 8, 2025 N/A· v4 4.1 MEDIUM· v3 N/A· v2 Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to mani...Show more Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact on the confidentiality, integrity and the availability of the application.Show less
CVE-2025-21441 1Qualcomm 49Aqt1000 Firmware Fastconnect 6200 FirmwareFastconnect 6700 Firmware+46 more Aug 20, 2025 Apr 7, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
CVE-2025-21440 1Qualcomm 49Aqt1000 Firmware Fastconnect 6200 FirmwareFastconnect 6700 Firmware+46 more Aug 20, 2025 Apr 7, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
CVE-2025-21439 1Qualcomm 25Fastconnect 6700 Firmware Fastconnect 6900 FirmwareQca6595au Firmware+22 more Jan 30, 2026 Apr 7, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption may occur while reading board data via IOCTL call when the WLAN driver copies the content to the provided output buffer.
CVE-2024-45543 1Qualcomm 65C V2x 9150 Firmware Fastconnect 6200 FirmwareFastconnect 6800 Firmware+62 more Oct 6, 2025 Apr 7, 2025 N/A· v4 6.6 MEDIUM· v3 N/A· v2 Memory corruption while accessing MSM channel map and mixer functions.
CVE-2025-20658 2Google Mediatek 19Android Mt2718Mt6781+16 more Apr 9, 2025 Apr 7, 2025 N/A· v4 6.0 MEDIUM· v3 N/A· v2 In DA, there is a possible permission bypass due to a logic error. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User...Show more In DA, there is a possible permission bypass due to a logic error. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09474894; Issue ID: MSV-2597.Show less
CVE-2025-20657 1Google 1Android Apr 18, 2025 Apr 7, 2025 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In vdec, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not ne...Show more In vdec, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09486425; Issue ID: MSV-2609.Show less
CVE-2025-20656 5Google LinuxfoundationMediatek+2 more 20Android Mt6781Mt6789+17 more Apr 9, 2025 Apr 7, 2025 N/A· v4 6.8 MEDIUM· v3 N/A· v2 In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges ne...Show more In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; Issue ID: MSV-3033.Show less

Previous 1...858687...705 Next