Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CVEs (14,114)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-6965 1Tenda 1O3 Firmware1.0.0.10(2478) Nov 21, 2024 Jul 22, 2024 8.7 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability has been found in Tenda O3 1.0.0.10 and classified as critical. Affected by this vulnerability is the function fromVirtualSet. The manipulation of the argument ip/localPort/publicPort/app leads to stack-b...Show more A vulnerability has been found in Tenda O3 1.0.0.10 and classified as critical. Affected by this vulnerability is the function fromVirtualSet. The manipulation of the argument ip/localPort/publicPort/app leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272119. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-6964 1Tenda 1O3 Firmware1.0.0.10(2478) Nov 21, 2024 Jul 22, 2024 8.7 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability, which was classified as critical, was found in Tenda O3 1.0.0.10. Affected is the function fromDhcpSetSer. The manipulation of the argument dhcpEn/startIP/endIP/preDNS/altDNS/mask/gateway leads to stack-...Show more A vulnerability, which was classified as critical, was found in Tenda O3 1.0.0.10. Affected is the function fromDhcpSetSer. The manipulation of the argument dhcpEn/startIP/endIP/preDNS/altDNS/mask/gateway leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272118 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-6963 1Tenda 1O3 Firmware1.0.0.10(2478) Nov 21, 2024 Jul 22, 2024 8.7 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. This issue affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The...Show more A vulnerability, which was classified as critical, has been found in Tenda O3 1.0.0.10. This issue affects the function formexeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272117 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-6962 1Tenda 1O3 Firmware1.0.0.10(2478) Nov 21, 2024 Jul 22, 2024 8.7 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability classified as critical was found in Tenda O3 1.0.0.10. This vulnerability affects the function formQosSet. The manipulation of the argument remark/ipRange/upSpeed/downSpeed/enable leads to stack-based buf...Show more A vulnerability classified as critical was found in Tenda O3 1.0.0.10. This vulnerability affects the function formQosSet. The manipulation of the argument remark/ipRange/upSpeed/downSpeed/enable leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272116. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-40724 1Assimp 1Assimp Mar 25, 2025 Jul 19, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.2 allows a local attacker to execute arbitrary code by inputting a specially crafted file into the product.
CVE-2024-40764 1Sonicwall 1Sonicos Nov 21, 2024 Jul 18, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS).
CVE-2023-7272 1Eclipse 1Parsson Feb 6, 2025 Jul 17, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. par...Show more In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents.Show less
CVE-2024-3176 1Google 1Chrome Mar 17, 2025 Jul 16, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
CVE-2024-21175 1Oracle 1Weblogic Server Jun 9, 2025 Jul 16, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthentic...Show more Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).Show less
CVE-2024-6779 1Google 1Chrome Mar 20, 2025 Jul 16, 2024 N/A· v4 9.6 CRITICAL· v3 N/A· v2 Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2024-6773 1Google 1Chrome Dec 26, 2024 Jul 16, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-6772 1Google 1Chrome Dec 26, 2024 Jul 16, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CVE-2024-40130 1Open5gs 1Open5gs Nov 21, 2024 Jul 16, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 open5gs v2.6.4 is vulnerable to Buffer Overflow. via /lib/core/abts.c.
CVE-2024-40129 1Open5gs 1Open5gs Nov 21, 2024 Jul 16, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Open5GS v2.6.4 is vulnerable to Buffer Overflow. via /lib/pfcp/context.c.
CVE-2024-33182 1Tendacn 1Ac18 Firmware Nov 21, 2024 Jul 16, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter.
CVE-2024-33180 1Tendacn 1Ac18 Firmware Nov 21, 2024 Jul 16, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo.
CVE-2022-48847 1Linux 1Linux Kernel Nov 21, 2024 Jul 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In the Linux kernel, the following vulnerability has been resolved: watch_queue: Fix filter limit check In watch_queue_set_filter(), there are a couple of places where we check that the filter type value does not excee...Show more In the Linux kernel, the following vulnerability has been resolved: watch_queue: Fix filter limit check In watch_queue_set_filter(), there are a couple of places where we check that the filter type value does not exceed what the type_filter bitmap can hold. One place calculates the number of bits by: if (tf[i].type >= sizeof(wfilter->type_filter) * 8) which is fine, but the second does: if (tf[i].type >= sizeof(wfilter->type_filter) * BITS_PER_LONG) which is not. This can lead to a couple of out-of-bounds writes due to a too-large type: (1) __set_bit() on wfilter->type_filter (2) Writing more elements in wfilter->filters[] than we allocated. Fix this by just using the proper WATCH_TYPE__NR instead, which is the number of types we actually know about. The bug may cause an oops looking something like: BUG: KASAN: slab-out-of-bounds in watch_queue_set_filter+0x659/0x740 Write of size 4 at addr ffff88800d2c66bc by task watch_queue_oob/611 ... Call Trace: <TASK> dump_stack_lvl+0x45/0x59 print_address_description.constprop.0+0x1f/0x150 ... kasan_report.cold+0x7f/0x11b ... watch_queue_set_filter+0x659/0x740 ... __x64_sys_ioctl+0x127/0x190 do_syscall_64+0x43/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Allocated by task 611: kasan_save_stack+0x1e/0x40 __kasan_kmalloc+0x81/0xa0 watch_queue_set_filter+0x23a/0x740 __x64_sys_ioctl+0x127/0x190 do_syscall_64+0x43/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae The buggy address belongs to the object at ffff88800d2c66a0 which belongs to the cache kmalloc-32 of size 32 The buggy address is located 28 bytes inside of 32-byte region [ffff88800d2c66a0, ffff88800d2c66c0)Show less
CVE-2024-40416 1Tenda 1Ax1806 Firmware Nov 21, 2024 Jul 15, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability in /goform/SetVirtualServerCfg in the sub_6320C function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.
CVE-2024-40415 1Tenda 1Ax1806 Firmware Nov 21, 2024 Jul 15, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability in /goform/SetStaticRouteCfg in the sub_519F4 function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.
CVE-2024-40414 1Tenda 1Ax1806 Firmware Nov 21, 2024 Jul 15, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability in /goform/SetNetControlList in the sub_656BC function in Tenda AX1806 1.0.0.1 firmware leads to stack-based buffer overflow.

Previous 1...144145146...706 Next