Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CVEs (14,103)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-9392 1Google 1Android Dec 19, 2024 Dec 4, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege wit...Show more In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-8894 - - Dec 4, 2024 Dec 4, 2024 8.1 HIGH· v4 N/A· v3 N/A· v2 Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception...Show more Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution.Show less
CVE-2024-52275 1Tenda 1Ac6 Firmware May 28, 2025 Dec 4, 2024 8.3 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromWizardHandle modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50.
CVE-2024-52274 1Tenda 1Ac6 Firmware May 28, 2025 Dec 4, 2024 8.3 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tpConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.0...Show more Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tpConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50Show less
CVE-2024-52273 1Tenda 1Ac6 Firmware May 28, 2025 Dec 4, 2024 8.3 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15....Show more Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50Show less
CVE-2024-52272 1Tenda 1Ac6 Firmware May 28, 2025 Dec 4, 2024 8.3 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromAdvSetLanip(overflow arg:lanMask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50
CVE-2024-49415 1Samsung 1Android Feb 10, 2025 Dec 3, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.
CVE-2024-49410 1Samsung 1Android Feb 10, 2025 Dec 3, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.
CVE-2018-9430 1Google 1Android Dec 18, 2024 Dec 2, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In prop2cfg of btif_storage.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not n...Show more In prop2cfg of btif_storage.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2018-9418 1Google 1Android Dec 18, 2024 Dec 2, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In handle_app_cur_val_response of dtif_rc.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interac...Show more In handle_app_cur_val_response of dtif_rc.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-39890 1Samsung 19Exynos 1080 Firmware Exynos 1280 FirmwareExynos 1330 Firmware+16 more Jul 1, 2025 Dec 2, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300. The ba...Show more An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300. The baseband software does not properly check the length specified by the CC (Call Control). This can lead to an Out-of-Bounds write.Show less
CVE-2018-9414 1Google 1Android Dec 18, 2024 Dec 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In gattServerSendResponseNative of com_android_bluetooth_gatt.cpp, there is a possible out of bounds stack write due to a missing bounds check. This could lead to local escalation of privilege with User execution privile...Show more In gattServerSendResponseNative of com_android_bluetooth_gatt.cpp, there is a possible out of bounds stack write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2018-9413 1Google 1Android Dec 18, 2024 Dec 2, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In handle_notification_response of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interact...Show more In handle_notification_response of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Show less
CVE-2018-9376 1Google 1Android Dec 18, 2024 Dec 2, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System ex...Show more In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2018-9380 1Google 1Android Dec 18, 2024 Dec 2, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interact...Show more In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Show less
CVE-2024-53106 1Linux 1Linux Kernel Nov 3, 2025 Dec 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In the Linux kernel, the following vulnerability has been resolved: ima: fix buffer overrun in ima_eventdigest_init_common Function ima_eventdigest_init() calls ima_eventdigest_init_common() with HASH_ALGO__LAST which...Show more In the Linux kernel, the following vulnerability has been resolved: ima: fix buffer overrun in ima_eventdigest_init_common Function ima_eventdigest_init() calls ima_eventdigest_init_common() with HASH_ALGO__LAST which is then used to access the array hash_digest_size[] leading to buffer overrun. Have a conditional statement to handle this.Show less
CVE-2024-43053 1Qualcomm 20Fastconnect 6700 Firmware Fastconnect 6900 FirmwareFastconnect 7800 Firmware+17 more Dec 12, 2024 Dec 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information.
CVE-2024-43050 1Qualcomm 54Aqt1000 Firmware Fastconnect 6200 FirmwareFastconnect 6700 Firmware+51 more Dec 12, 2024 Dec 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.
CVE-2024-43049 1Qualcomm 19Fastconnect 6700 Firmware Fastconnect 6900 FirmwareFastconnect 7800 Firmware+16 more Dec 12, 2024 Dec 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver.
CVE-2024-43048 1Qualcomm 50Fastconnect 6200 Firmware Fastconnect 6900 FirmwareFastconnect 7800 Firmware+47 more Dec 12, 2024 Dec 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption when invalid input is passed to invoke GPU Headroom API call.

Previous 1...110111112...706 Next