Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CVEs (14,114)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-21469 1Qualcomm 2229205 Lte Modem Firmware Aqt1000 FirmwareAr8031 Firmware+219 more Nov 21, 2024 Jul 1, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption when an invoke call and a TEE call are bound for the same trusted application.
CVE-2023-43554 1Qualcomm 42Aqt1000 Firmware Fastconnect 6200 FirmwareFastconnect 6700 Firmware+39 more Aug 11, 2025 Jul 1, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption while processing IOCTL handler in FastRPC.
CVE-2024-39430 1Google 1Android Nov 21, 2024 Jul 1, 2024 N/A· v4 6.2 MEDIUM· v3 N/A· v2 In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed
CVE-2024-39429 1Google 1Android Nov 21, 2024 Jul 1, 2024 N/A· v4 6.2 MEDIUM· v3 N/A· v2 In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed
CVE-2024-39428 1Google 1Android Nov 21, 2024 Jul 1, 2024 N/A· v4 4.4 MEDIUM· v3 N/A· v2 In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
CVE-2024-39427 1Google 1Android Nov 21, 2024 Jul 1, 2024 N/A· v4 4.4 MEDIUM· v3 N/A· v2 In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
CVE-2024-20081 4Google LinuxfoundationOpenwrt+1 more 4Android OpenwrtRdk B+1 more Mar 13, 2025 Jul 1, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for expl...Show more In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08719602; Issue ID: MSV-1412.Show less
CVE-2024-20079 1Google 1Android Mar 13, 2025 Jul 1, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for expl...Show more In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: MSV-1491.Show less
CVE-2024-39840 - - Nov 21, 2024 Jun 29, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake objects.
CVE-2024-38533 - - Nov 21, 2024 Jun 28, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has...Show more ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version 1.5.0.Show less
CVE-2024-6403 1Tendacn 1A301 Firmware Nov 21, 2024 Jun 28, 2024 7.1 HIGH· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 A vulnerability, which was classified as critical, has been found in Tenda A301 15.13.08.12. Affected by this issue is the function formWifiBasicSet of the file /goform/SetOnlineDevName. The manipulation of the argument...Show more A vulnerability, which was classified as critical, has been found in Tenda A301 15.13.08.12. Affected by this issue is the function formWifiBasicSet of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269948. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-6402 1Tendacn 1A301 Firmware Nov 21, 2024 Jun 28, 2024 7.1 HIGH· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 A vulnerability classified as critical was found in Tenda A301 15.13.08.12. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/SetOnlineDevName. The manipulation of the argument devN...Show more A vulnerability classified as critical was found in Tenda A301 15.13.08.12. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269947. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-29176 1Dell 1Data Domain Operating System Nov 21, 2024 Jun 26, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to...Show more Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.Show less
CVE-2024-37894 1Squid Cache 1Squid Nov 3, 2025 Jun 25, 2024 N/A· v4 6.3 MEDIUM· v3 N/A· v2 Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a De...Show more Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.Show less
CVE-2024-37006 1Autodesk 9Advance Steel AutocadAutocad Architecture+6 more Jan 22, 2026 Jun 25, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulne...Show more A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.Show less
CVE-2024-37003 1Autodesk 9Advance Steel AutocadAutocad Architecture+6 more Nov 13, 2025 Jun 25, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to c...Show more A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.Show less
CVE-2024-36999 1Autodesk 9Advance Steel AutocadAutocad Architecture+6 more Nov 13, 2025 Jun 25, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or e...Show more A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.Show less
CVE-2024-32855 1Dell 74Inspiron 3480 Firmware Inspiron 3580 FirmwareLatitude 3120 Firmware+71 more Feb 4, 2025 Jun 25, 2024 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Informat...Show more Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.Show less
CVE-2024-23157 1Autodesk 9Advance Steel AutocadAutocad Architecture+6 more Jan 22, 2026 Jun 25, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulne...Show more A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.Show less
CVE-2024-23156 1Autodesk 9Advance Steel AutocadAutocad Architecture+6 more Jan 22, 2026 Jun 25, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMkern229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with othe...Show more A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMkern229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.Show less

Previous 1...148149150...706 Next