Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CVEs (14,114)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-32909 1Google 1Android Nov 21, 2024 Jun 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In handle_msg of main.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not n...Show more In handle_msg of main.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-32905 1Google 1Android Nov 21, 2024 Jun 13, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interac...Show more In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-32903 1Google 1Android Nov 21, 2024 Jun 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed....Show more In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-32901 1Google 1Android Mar 24, 2025 Jun 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User intera...Show more In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-32895 1Google 1Android Nov 21, 2024 Jun 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...Show more In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-29786 1Google 1Android Nov 21, 2024 Jun 13, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. U...Show more In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-5950 1Deepseaelectronics 1Dse855 Firmware Nov 21, 2024 Jun 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatio...Show more Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of multipart form variables. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23172.Show less
CVE-2024-5948 1Deepseaelectronics 1Dse855 Firmware Nov 21, 2024 Jun 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of...Show more Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of multipart boundaries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23170.Show less
CVE-2024-37022 1Fujielectric 1Tellus Lite V Simulator Nov 21, 2024 Jun 13, 2024 8.5 HIGH· v4 7.8 HIGH· v3 N/A· v2 Fuji Electric Tellus Lite V-Simulator is vulnerable to an out-of-bounds write, which could allow an attacker to manipulate memory, resulting in execution of arbitrary code.
CVE-2024-37280 1Elastic 1Elasticsearch Nov 21, 2024 Jun 13, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cau...Show more A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature.Show less
CVE-2024-32504 1Samsung 8Exynos 1080 Firmware Exynos 1280 FirmwareExynos 1330 Firmware+5 more Mar 13, 2025 Jun 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper length c...Show more An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper length checking, which can result in an OOB (Out-of-Bounds) Write vulnerability.Show less
CVE-2024-31956 1Samsung 3Exynos 1480 Firmware Exynos 2200 FirmwareExynos 2400 Firmware Mar 14, 2025 Jun 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks proper buffer length checking, which can result in an Out-of-Bounds Write.
CVE-2024-34115 1Adobe 1Substance 3d Stager Nov 21, 2024 Jun 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Substance3D - Stager versions 2.1.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires u...Show more Substance3D - Stager versions 2.1.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2024-37036 1Schneider Electric 1Sage Rtu Firmware Nov 21, 2024 Jun 12, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 CWE-787: Out-of-bounds Write vulnerability exists that could result in an authentication bypass when sending a malformed POST request and particular configuration parameters are set.
CVE-2024-36761 1Gfx Rs 2Naga Wgpu May 23, 2025 Jun 12, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs.
CVE-2024-28970 1Dell 14G7 7500 Firmware G7 7700 FirmwareInspiron 14 Plus 7440 Firmware+11 more Nov 21, 2024 Jun 12, 2024 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service.
CVE-2024-5844 2Fedoraproject Google 2Chrome Fedora Mar 13, 2025 Jun 11, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-5835 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Jun 11, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page....Show more Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)Show less
CVE-2024-5830 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Jun 11, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
CVE-2024-28877 1Microdicom 1Dicom Viewer Apr 10, 2025 Jun 11, 2024 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit this vulner...Show more MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit this vulnerability.Show less

Previous 1...151152153...706 Next