Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CVEs (14,114)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-30293 1Adobe 1Animate Dec 2, 2024 May 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Animate versions 24.0.2, 23.0.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue require...Show more Animate versions 24.0.2, 23.0.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2024-30282 1Adobe 1Animate Mar 7, 2025 May 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user...Show more Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2024-30274 1Adobe 1Substance 3d Painter Dec 3, 2024 May 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires...Show more Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2024-4976 1Xpdfreader 1Xpdf Jan 29, 2025 May 15, 2024 2.1 LOW· v4 5.5 MEDIUM· v3 N/A· v2 Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference.
CVE-2023-6322 3Roku ThroughtekWyze 3Cam V3 Firmware Indoor Camera Se FirmwareKalay Platform Feb 11, 2025 May 15, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-...Show more A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability.Show less
CVE-2024-30310 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Dec 2, 2024 May 15, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i...Show more Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2020-26312 - - Nov 21, 2024 May 14, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to r...Show more Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target folder. The routine `untarFile` attempts to guard against creating symbolic links that point outside the directory a tar archive is extracted to. However, a malicious tarball first linking `subdir/parent` to `..` (allowed, because `subdir/..` falls within the archive root) and then linking `subdir/parent/escapes` to `..` results in a symbolic link pointing to the tarball’s parent directory, contrary to the routine’s goals. This issue may lead to arbitrary file write (with same permissions as the program running the unpack operation) if the attacker can control the archive file. Additionally, if the attacker has read access to the unpacked files, they may be able to read arbitrary system files the parent process has permissions to read. As of time of publication, no patch for this issue is available. Show less
CVE-2024-4777 2Debian Mozilla 3Debian Linux FirefoxThunderbird Mar 13, 2025 May 14, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploite...Show more Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.Show less
CVE-2024-30051 1Microsoft 11Windows 10 1507 Windows 10 1607Windows 10 1809+8 more Oct 28, 2025 May 14, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-4761 2Fedoraproject Google 2Chrome Fedora Dec 23, 2025 May 14, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
CVE-2024-34773 1Siemens 1Solid Edge Se2024 Mar 7, 2025 May 14, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected applications contain a stack overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker...Show more A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected applications contain a stack overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.Show less
CVE-2024-34771 1Siemens 1Solid Edge Se2024 Mar 7, 2025 May 14, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an atta...Show more A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.Show less
CVE-2024-34086 1Siemens 2Jt2go Teamcenter Visualization Oct 3, 2025 May 14, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V...Show more A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions < V14.3.0.7), Teamcenter Visualization V2312 (All versions < V2312.0001). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted CGM file. This could allow an attacker to execute code in the context of the current process.Show less
CVE-2024-33489 1Siemens 1Solid Edge Se2024 Mar 7, 2025 May 14, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an atta...Show more A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.Show less
CVE-2024-33008 - - Nov 21, 2024 May 14, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 SAP Replication Server allows an attacker to use gateway for executing some commands to RSSD. This could result in crashing the Replication Server due to memory corruption with high impact on Availability of the system.
CVE-2024-32639 - - Nov 21, 2024 May 14, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0011). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially...Show more A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0011). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22974)Show less
CVE-2024-31980 1Siemens 1Parasolid Oct 3, 2025 May 14, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.210), Parasolid V36.1 (All versions < V36.1.185). The affected application contains an out of bound...Show more A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.210), Parasolid V36.1 (All versions < V36.1.185). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T part file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-23468)Show less
CVE-2024-22268 1Vmware 2Fusion Workstation Mar 27, 2025 May 14, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploi...Show more VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service condition. Show less
CVE-2024-1913 1Abb 1Robotware Dec 19, 2025 May 14, 2024 N/A· v4 7.6 HIGH· v3 N/A· v2 An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code. The vulnerability could potentially be exploited to perfor...Show more An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code. The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5- RobotWare 6 < 6.15.06 except 6.10.10, and 6.13.07 * OmniCore- RobotWare 7 < 7.14 Show less
CVE-2024-4853 2Fedoraproject Wireshark 2Fedora Wireshark Nov 3, 2025 May 14, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Memory handling issue in editcap could cause denial of service via crafted capture file

Previous 1...159160161...706 Next