Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CVEs (14,114)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-52386 1Huawei 2Emui Harmonyos Mar 27, 2025 Apr 8, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52385 1Huawei 2Emui Harmonyos Mar 13, 2025 Apr 8, 2024 N/A· v4 6.2 MEDIUM· v3 N/A· v2 Out-of-bounds write vulnerability in the RSMC module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2023-52364 1Huawei 2Emui Harmonyos Mar 13, 2025 Apr 8, 2024 N/A· v4 6.3 MEDIUM· v3 N/A· v2 Vulnerability of input parameters being not strictly verified in the RSMC module. Impact: Successful exploitation of this vulnerability may cause out-of-bounds write.
CVE-2023-52351 1Google 1Android May 6, 2025 Apr 8, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
CVE-2023-52350 1Google 1Android Mar 27, 2025 Apr 8, 2024 N/A· v4 4.4 MEDIUM· v3 N/A· v2 In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
CVE-2023-52349 1Google 1Android Mar 28, 2025 Apr 8, 2024 N/A· v4 4.4 MEDIUM· v3 N/A· v2 In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
CVE-2023-52348 1Google 1Android May 6, 2025 Apr 8, 2024 N/A· v4 4.4 MEDIUM· v3 N/A· v2 In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
CVE-2023-52347 1Google 1Android May 6, 2025 Apr 8, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
CVE-2023-5912 - - Nov 21, 2024 Apr 5, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 A potential memory leakage vulnerability was reported in some Lenovo Notebook products that may allow a local attacker with elevated privileges to write to NVRAM variables.
CVE-2024-29753 1Google 1Android Jun 17, 2025 Apr 5, 2024 N/A· v4 7.7 HIGH· v3 N/A· v2 In tmu_set_control_temp_step of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interact...Show more In tmu_set_control_temp_step of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-29752 1Google 1Android Jun 17, 2025 Apr 5, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In tmu_set_tr_num_thresholds of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interact...Show more In tmu_set_tr_num_thresholds of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-29749 1Google 1Android Jun 17, 2025 Apr 5, 2024 N/A· v4 8.4 HIGH· v3 N/A· v2 In tmu_set_tr_thresholds of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...Show more In tmu_set_tr_thresholds of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-29746 1Google 1Android Jun 17, 2025 Apr 5, 2024 N/A· v4 8.4 HIGH· v3 N/A· v2 In lpm_req_handler of lpm.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...Show more In lpm_req_handler of lpm.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-29743 1Google 1Android Jun 17, 2025 Apr 5, 2024 N/A· v4 7.7 HIGH· v3 N/A· v2 In tmu_set_temp_lut of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no...Show more In tmu_set_temp_lut of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-29740 1Google 1Android Jun 17, 2025 Apr 5, 2024 N/A· v4 7.4 HIGH· v3 N/A· v2 In tmu_set_table of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not n...Show more In tmu_set_table of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-21894 1Ivanti 2Connect Secure Policy Secure Nov 21, 2024 Apr 4, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service the...Show more A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code Show less
CVE-2024-22053 1Ivanti 2Connect Secure Policy Secure Nov 21, 2024 Apr 4, 2024 N/A· v4 8.2 HIGH· v3 N/A· v2 A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service the...Show more A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack or in certain conditions read contents from memory. Show less
CVE-2024-3299 - - Nov 21, 2024 Apr 4, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities c...Show more Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted SLDDRW or SLDPRT file. NOTE: this vulnerability was SPLIT from CVE-2024-1847.Show less
CVE-2024-3298 - - Nov 21, 2024 Apr 4, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execu...Show more Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF. NOTE: this vulnerability was SPLIT from CVE-2024-1847.Show less
CVE-2024-26807 1Linux 1Linux Kernel Nov 3, 2025 Apr 4, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In the Linux kernel, the following vulnerability has been resolved: Both cadence-quadspi ->runtime_suspend() and ->runtime_resume() implementations start with: struct cqspi_st cqspi = dev_get_drvdata(dev); struct sp...Show more In the Linux kernel, the following vulnerability has been resolved: Both cadence-quadspi ->runtime_suspend() and ->runtime_resume() implementations start with: struct cqspi_st cqspi = dev_get_drvdata(dev); struct spi_controller host = dev_get_drvdata(dev); This obviously cannot be correct, unless "struct cqspi_st" is the first member of " struct spi_controller", or the other way around, but it is not the case. "struct spi_controller" is allocated by devm_spi_alloc_host(), which allocates an extra amount of memory for private data, used to store "struct cqspi_st". The ->probe() function of the cadence-quadspi driver then sets the device drvdata to store the address of the "struct cqspi_st" structure. Therefore: struct cqspi_st cqspi = dev_get_drvdata(dev); is correct, but: struct spi_controller *host = dev_get_drvdata(dev); is not, as it makes "host" point not to a "struct spi_controller" but to the same "struct cqspi_st" structure as above. This obviously leads to bad things (memory corruption, kernel crashes) directly during ->probe(), as ->probe() enables the device using PM runtime, leading the ->runtime_resume() hook being called, which in turns calls spi_controller_resume() with the wrong pointer. This has at least been reported [0] to cause a kernel crash, but the exact behavior will depend on the memory contents. [0] https://lore.kernel.org/all/20240226121803.5a7r5wkpbbowcxgx@dhruva/ This issue potentially affects all platforms that are currently using the cadence-quadspi driver.Show less

Previous 1...178179180...706 Next