Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CVEs (14,114)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-34199 1Ritlabs 1Tinyweb Jan 5, 2026 May 14, 2024 N/A· v4 8.6 HIGH· v3 N/A· v2 TinyWeb 1.94 and below allows unauthenticated remote attackers to cause a denial of service (Buffer Overflow) when sending excessively large elements in the request line.
CVE-2024-32672 - - Nov 21, 2024 May 14, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A Segmentation Fault issue discovered in Samsung Open Source Escargot JavaScript engine allows remote attackers to cause a denial of service via crafted input. This issue affects Escargot: 4.0.0.
CVE-2024-32669 - - Nov 21, 2024 May 14, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers. However, it occurs in the test code and does not include in the release. This issue affects escargot: 4...Show more Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers. However, it occurs in the test code and does not include in the release. This issue affects escargot: 4.0.0. Show less
CVE-2024-32615 1Hdfgroup 1Hdf5 Apr 18, 2025 May 14, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c, caused by the earlier use of an initialized pointer.
CVE-2024-30259 1Eprosima 1Fast Dds Jan 27, 2025 May 14, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed `RTPS` packet,...Show more FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed `RTPS` packet, heap buffer overflow occurs on the subscriber. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue. Show less
CVE-2024-0088 1Nvidia 1Triton Inference Server Sep 19, 2025 May 14, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 NVIDIA Triton Inference Server for Linux contains a vulnerability in shared memory APIs, where a user can cause an improper memory access issue by a network API. A successful exploit of this vulnerability might lead to d...Show more NVIDIA Triton Inference Server for Linux contains a vulnerability in shared memory APIs, where a user can cause an improper memory access issue by a network API. A successful exploit of this vulnerability might lead to denial of service and data tampering.Show less
CVE-2023-35757 1Dlink 1Dap 2622 Firmware May 19, 2025 May 7, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-...Show more D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-20085.Show less
CVE-2022-43653 1Bentley 1View Aug 11, 2025 May 7, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is r...Show more Bentley View SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. Crafted data in an SKP file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19084.Show less
CVE-2021-34982 1Netgear 52D6220 Firmware D6400 FirmwareD7000v2 Firmware+49 more Aug 14, 2025 May 7, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR...Show more NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709.Show less
CVE-2021-34947 1Netgear 41D7800 Firmware Ex2700 FirmwareEx6100 Firmware+38 more Aug 14, 2025 May 7, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentica...Show more NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13055.Show less
CVE-2024-23709 1Google 1Android Dec 17, 2024 May 7, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed fo...Show more In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Show less
CVE-2024-4559 2Fedoraproject Google 2Chrome Fedora Dec 19, 2024 May 7, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-3758 1Openatom 1Openharmony Jan 2, 2025 May 7, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through heap buffer overflow.
CVE-2024-20863 1Samsung 1Android Feb 10, 2025 May 7, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.
CVE-2024-20862 1Samsung 1Android Feb 10, 2025 May 7, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.
CVE-2024-21476 1Qualcomm 46Aqt1000 Firmware Ar8035 FirmwareFastconnect 6200 Firmware+43 more Jan 15, 2025 May 6, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption when the channel ID passed by user is not validated and further used.
CVE-2024-21474 1Qualcomm 24Ar8035 Firmware Fastconnect 6900 FirmwareFastconnect 7800 Firmware+21 more Jan 15, 2025 May 6, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption when size of buffer from previous call is used without validation or re-initialization.
CVE-2023-49675 - - Nov 21, 2024 May 6, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability.
CVE-2024-20064 1Google 1Android Mar 29, 2025 May 6, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed f...Show more In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08572601; Issue ID: MSV-1229.Show less
CVE-2024-20057 1Google 1Android Apr 30, 2025 May 6, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitat...Show more In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587881; Issue ID: ALPS08587881.Show less

Previous 1...160161162...706 Next