Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CVEs (14,094)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-57850 1Linux 1Linux Kernel Nov 3, 2025 Jan 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompression routine does not fully check bounds during the entirety of the decompression...Show more In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompression routine does not fully check bounds during the entirety of the decompression pass and can corrupt memory outside the decompression buffer if the compressed data is corrupted. This adds the required check to prevent this failure mode.Show less
CVE-2024-52319 1Linux 1Linux Kernel Sep 23, 2025 Jan 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In the Linux kernel, the following vulnerability has been resolved: mm: use aligned address in clear_gigantic_page() In current kernel, hugetlb_no_page() calls folio_zero_user() with the fault address. Where the fault...Show more In the Linux kernel, the following vulnerability has been resolved: mm: use aligned address in clear_gigantic_page() In current kernel, hugetlb_no_page() calls folio_zero_user() with the fault address. Where the fault address may be not aligned with the huge page size. Then, folio_zero_user() may call clear_gigantic_page() with the address, while clear_gigantic_page() requires the address to be huge page size aligned. So, this may cause memory corruption or information leak, addtional, use more obvious naming 'addr_hint' instead of 'addr' for clear_gigantic_page().Show less
CVE-2024-51729 1Linux 1Linux Kernel Sep 23, 2025 Jan 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In the Linux kernel, the following vulnerability has been resolved: mm: use aligned address in copy_user_gigantic_page() In current kernel, hugetlb_wp() calls copy_user_large_folio() with the fault address. Where the...Show more In the Linux kernel, the following vulnerability has been resolved: mm: use aligned address in copy_user_gigantic_page() In current kernel, hugetlb_wp() calls copy_user_large_folio() with the fault address. Where the fault address may be not aligned with the huge page size. Then, copy_user_large_folio() may call copy_user_gigantic_page() with the address, while copy_user_gigantic_page() requires the address to be huge page size aligned. So, this may cause memory corruption or information leak, addtional, use more obvious naming 'addr_hint' instead of 'addr' for copy_user_gigantic_page().Show less
CVE-2025-0349 1Tenda 1Ac6 Firmware Mar 22, 2025 Jan 9, 2025 8.7 HIGH· v4 9.8 CRITICAL· v3 9.0 HIGH· v2 A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src/mac leads to st...Show more A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src/mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.Show less
CVE-2025-0283 1Ivanti 3Connect Secure Neurons For Zero Trust AccessPolicy Secure Jan 14, 2025 Jan 8, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attac...Show more A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges.Show less
CVE-2025-0282 1Ivanti 3Connect Secure Neurons For Zero Trust AccessPolicy Secure Oct 24, 2025 Jan 8, 2025 N/A· v4 9.0 CRITICAL· v3 N/A· v2 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated at...Show more A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.Show less
CVE-2024-56784 1Linux 1Linux Kernel Oct 1, 2025 Jan 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adding array index check to prevent memory corruption [Why & How] Array indices out of bound caused memory corruption. Adding checks...Show more In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adding array index check to prevent memory corruption [Why & How] Array indices out of bound caused memory corruption. Adding checks to ensure that array index stays in bound.Show less
CVE-2024-55413 - - Jan 8, 2025 Jan 7, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability exits in driver snxppamd.sys in SUNIX Parallel Driver x64 - 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests . This can be exploited for...Show more A vulnerability exits in driver snxppamd.sys in SUNIX Parallel Driver x64 - 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.Show less
CVE-2024-55412 - - Jan 8, 2025 Jan 7, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability exits in driver snxpsamd.sys in SUNIX Serial Driver x64 - 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests . This can be exploited for p...Show more A vulnerability exits in driver snxpsamd.sys in SUNIX Serial Driver x64 - 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.Show less
CVE-2025-0247 1Mozilla 2Firefox Thunderbird Apr 13, 2026 Jan 7, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code....Show more Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 134 and Thunderbird 134.Show less
CVE-2025-0243 1Mozilla 2Firefox Thunderbird Apr 13, 2026 Jan 7, 2025 N/A· v4 5.1 MEDIUM· v3 N/A· v2 Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could hav...Show more Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.Show less
CVE-2025-0242 1Mozilla 2Firefox Thunderbird Apr 13, 2026 Jan 7, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that wi...Show more Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Firefox ESR 115.19, Thunderbird 134, and Thunderbird 128.6.Show less
CVE-2024-47398 1Openatom 1Openharmony Oct 16, 2025 Jan 7, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to boot up through out-of-bounds write.
CVE-2024-55627 1Oisf 1Suricata Mar 31, 2025 Jan 6, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being ze...Show more Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer underflow. The issue has been addressed in Suricata 7.0.8.Show less
CVE-2024-45555 1Qualcomm 41Msm8996au Firmware Qam8255p FirmwareQam8295p Firmware+38 more Jan 13, 2025 Jan 6, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tamper...Show more Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image.Show less
CVE-2024-45542 1Qualcomm 51Aqt1000 Firmware Fastconnect 6200 FirmwareFastconnect 6700 Firmware+48 more Aug 11, 2025 Jan 6, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.
CVE-2024-33041 1Qualcomm 34Fastconnect 6900 Firmware Fastconnect 7800 FirmwareQam8295p Firmware+31 more Aug 11, 2025 Jan 6, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,
CVE-2024-20154 1Mediatek 5Lr12a Lr13Nr16.r1.mp+2 more Feb 17, 2026 Jan 6, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional exec...Show more In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00720348; Issue ID: MSV-2392.Show less
CVE-2024-20151 1Mediatek 2Nr16 Nr17 Apr 21, 2025 Jan 6, 2025 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not...Show more In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01399339; Issue ID: MSV-1928.Show less
CVE-2024-20148 3Google LinuxfoundationMediatek 3Android Software Development KitYocto Apr 22, 2025 Jan 6, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is n...Show more In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389045 / ALPS09136494; Issue ID: MSV-1796.Show less

Previous 1...102103104...705 Next