Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CVEs (14,113)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-20101 2Google Mediatek 2Android Software Development Kit Apr 24, 2025 Oct 7, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploi...Show more In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998901; Issue ID: MSV-1602.Show less
CVE-2024-20100 2Google Mediatek 3Android Iot YoctoSoftware Development Kit Apr 25, 2025 Oct 7, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploi...Show more In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998449; Issue ID: MSV-1603.Show less
CVE-2024-20099 2Google Linuxfoundation 2Android Yocto Apr 25, 2025 Oct 7, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation....Show more In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08997492; Issue ID: MSV-1625.Show less
CVE-2024-20098 2Google Linuxfoundation 2Android Yocto Apr 25, 2025 Oct 7, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation....Show more In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996886; Issue ID: MSV-1626.Show less
CVE-2024-20092 1Google 1Android Apr 25, 2025 Oct 7, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. P...Show more In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1700.Show less
CVE-2024-20090 1Google 1Android Apr 25, 2025 Oct 7, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. P...Show more In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1703.Show less
CVE-2024-9482 2Avas!t Avg 2Antivirus Antivirus Nov 8, 2024 Oct 4, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed Mach-O file to crash the application during file processing.
CVE-2024-9481 2Avas!t Avg 2Antivirus Antivirus Nov 8, 2024 Oct 4, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 An out-of-bounds write in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed eml file to crash the application during file processing.
CVE-2024-6444 1Zephyrproject 1Zephyr Nov 13, 2024 Oct 4, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
CVE-2024-6443 1Zephyrproject 1Zephyr Nov 12, 2024 Oct 4, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In utf8_trunc in zephyr/lib/utils/utf8.c, last_byte_p can point to one byte before the string pointer if the string is empty.
CVE-2024-6442 1Zephyrproject 1Zephyr Nov 13, 2024 Oct 4, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecked tailroom could lead to a global buffer overflow.
CVE-2024-41595 1Draytek 1Vigor3910 Firmware Apr 10, 2025 Oct 3, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write operations.
CVE-2024-41593 1Draytek 24Vigor1000b Firmware Vigor165 FirmwareVigor166 Firmware+21 more Mar 13, 2025 Oct 3, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, lead...Show more DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy call, leading to a heap-based Buffer Overflow.Show less
CVE-2024-47135 1Jtekt 1Kostac Plc Oct 15, 2024 Oct 3, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was...Show more Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.Show less
CVE-2024-47134 1Electronics.jtekt 1Kostac Plc Programming Software Oct 16, 2024 Oct 3, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved u...Show more Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.Show less
CVE-2024-20501 1Cisco 25Meraki Mx100 Firmware Meraki Mx105 FirmwareMeraki Mx250 Firmware+22 more Jun 4, 2025 Oct 2, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConne...Show more Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.Show less
CVE-2024-20499 1Cisco 25Meraki Mx100 Firmware Meraki Mx105 FirmwareMeraki Mx250 Firmware+22 more Jun 4, 2025 Oct 2, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConne...Show more Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention.Show less
CVE-2024-20524 1Cisco 4Rv042 Firmware Rv042g FirmwareRv320 Firmware+1 more Oct 8, 2024 Oct 2, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an...Show more A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.Show less
CVE-2024-20523 1Cisco 4Rv042 Firmware Rv042g FirmwareRv320 Firmware+1 more Oct 8, 2024 Oct 2, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an...Show more A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.Show less
CVE-2024-20522 1Cisco 4Rv042 Firmware Rv042g FirmwareRv320 Firmware+1 more Oct 8, 2024 Oct 2, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an...Show more A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition.Show less

Previous 1...128129130...706 Next