Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CVEs (14,114)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-20844 1Samsung 1Android Feb 7, 2025 Apr 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Out-of-bounds write vulnerability while parsing remaining codewords in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code.
CVE-2024-20843 1Samsung 1Android Feb 7, 2025 Apr 2, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Out-of-bound write vulnerability in command parsing implementation of libIfaaCa prior to SMR Apr-2024 Release 1 allows local privileged attackers to execute arbitrary code.
CVE-2024-20842 1Samsung 1Android Feb 7, 2025 Apr 2, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Improper Input Validation vulnerability in handling apdu of libsec-ril prior to SMR Apr-2024 Release 1 allows local privileged attackers to write out-of-bounds memory.
CVE-2024-27327 1Pdf Xchange 2Pdf Tools Pdf Xchange Editor Dec 4, 2024 Apr 1, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User inte...Show more PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22277.Show less
CVE-2024-1179 1Tp Link 1Omada Er605 Firmware Aug 8, 2025 Apr 1, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Li...Show more TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DHCP options. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22420.Show less
CVE-2024-21473 1Qualcomm 127Ar8035 Firmware Ar9380 FirmwareCsr8811 Firmware+124 more Jan 13, 2025 Apr 1, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Memory corruption while redirecting log file to any file location with any file name.
CVE-2023-28547 1Qualcomm 295215 Mobile Firmware 315 5g Iot Firmware9205 Lte Firmware+292 more Aug 11, 2025 Apr 1, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in SPS Application while requesting for public key in sorter TA.
CVE-2024-20054 4Google LinuxfoundationOpenwrt+1 more 4Android OpenwrtRdk B+1 more Apr 23, 2025 Apr 1, 2024 N/A· v4 6.6 MEDIUM· v3 N/A· v2 In gnss, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitatio...Show more In gnss, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580200; Issue ID: ALPS08580200.Show less
CVE-2024-20053 4Google LinuxfoundationOpenwrt+1 more 4Android OpenwrtRdk B+1 more Apr 23, 2025 Apr 1, 2024 N/A· v4 8.4 HIGH· v3 N/A· v2 In flashc, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation....Show more In flashc, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541764.Show less
CVE-2024-20044 1Google 1Android Apr 23, 2025 Apr 1, 2024 N/A· v4 6.6 MEDIUM· v3 N/A· v2 In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Pat...Show more In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541784; Issue ID: ALPS08541784.Show less
CVE-2024-20043 1Google 1Android Apr 23, 2025 Apr 1, 2024 N/A· v4 6.6 MEDIUM· v3 N/A· v2 In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Pat...Show more In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541781; Issue ID: ALPS08541781.Show less
CVE-2024-20042 1Google 1Android Apr 23, 2025 Apr 1, 2024 N/A· v4 6.6 MEDIUM· v3 N/A· v2 In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Pat...Show more In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541780; Issue ID: ALPS08541780.Show less
CVE-2024-20040 5Google LinuxLinuxfoundation+2 more 5Android Linux KernelOpenwrt+2 more Apr 23, 2025 Apr 1, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed...Show more In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) / WCNCR00363530 (for MT79XX chipsets); Issue ID: MSV-979.Show less
CVE-2024-20039 1Mediatek 5Lr12a Lr13Nr15+2 more Apr 23, 2025 Apr 1, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In modem protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploi...Show more In modem protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01240012; Issue ID: MSV-1215.Show less
CVE-2024-30613 1Tenda 1Ac15 Firmware Apr 8, 2025 Mar 29, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Tenda AC15 v15.03.05.18 has a stack overflow vulnerability in the time parameter from the setSmartPowerManagement function.
CVE-2023-52628 1Linux 1Linux Kernel Nov 4, 2025 Mar 28, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which...Show more In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to clean the remainder of the register in case ->len is NOT a multiple of the register size, so make it conditional just like nft_payload.c does. The bug was added in 4.1 cycle and then copied/inherited when tcp/sctp and ip option support was added. Bug reported by Zero Day Initiative project (ZDI-CAN-21950, ZDI-CAN-21951, ZDI-CAN-21961).Show less
CVE-2024-3024 1Broadcom 1Tcpreplay Apr 16, 2025 Mar 28, 2024 N/A· v4 7.8 HIGH· v3 4.3 MEDIUM· v2 A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buf...Show more A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-258333 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-3012 1Tenda 1Fh1205 Firmware Jan 15, 2025 Mar 28, 2024 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been declared as critical. This vulnerability affects the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the arg...Show more A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been declared as critical. This vulnerability affects the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258298 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-3011 1Tenda 1Fh1205 Firmware Jan 15, 2025 Mar 28, 2024 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to...Show more A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258297 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-3010 1Tenda 1Fh1205 Firmware Jan 15, 2025 Mar 28, 2024 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this issue is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-b...Show more A vulnerability was found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this issue is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258296. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less

Previous 1...181182183...706 Next