Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CVEs (14,079)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-30987 1Color 1Iccdev Mar 13, 2026 Mar 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in CIccTagNum<>::GetValues() causing stack memory corruption or crash. This...Show more iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in CIccTagNum<>::GetValues() causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5.Show less
CVE-2026-30985 1Color 1Iccdev Mar 13, 2026 Mar 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange() causing memory corruption or crash....Show more iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange() causing memory corruption or crash. This vulnerability is fixed in 2.3.1.5.Show less
CVE-2026-30983 1Color 1Iccdev Mar 13, 2026 Mar 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in icFixXml() (strcpy) causing stack memory corruption or crash. This vulner...Show more iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in icFixXml() (strcpy) causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5.Show less
CVE-2026-30981 1Color 1Iccdev Mar 13, 2026 Mar 10, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-buffer-overflow read in CIccXmlArrayType<>::DumpArray() causing out-of-bounds read and/or cra...Show more iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-buffer-overflow read in CIccXmlArrayType<>::DumpArray() causing out-of-bounds read and/or crash. This vulnerability is fixed in 2.3.1.5.Show less
CVE-2026-30979 1Color 1Iccdev Mar 13, 2026 Mar 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp() triggered with local user interac...Show more iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp() triggered with local user interaction causing memory corruption/crash. This vulnerability is fixed in 2.3.1.5.Show less
CVE-2026-26108 1Microsoft 5365 Apps ExcelOffice+2 more Mar 13, 2026 Mar 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-25569 1Siemens 1Sicam Siapp Sdk Mar 13, 2026 Mar 10, 2026 7.5 HIGH· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). An out-of-bounds write vulnerability exists in SICAM SIAPP SDK. This could allow an attacker to write data beyond the intended buffer, poten...Show more A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). An out-of-bounds write vulnerability exists in SICAM SIAPP SDK. This could allow an attacker to write data beyond the intended buffer, potentially leading to denial of service, or arbitrary code execution.Show less
CVE-2026-24640 1Fortinet 1Fortiweb Mar 12, 2026 Mar 10, 2026 N/A· v4 6.6 MEDIUM· v3 N/A· v2 A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0...Show more A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.Show less
CVE-2026-23665 2Microsof Microsoft 2Linux Diagnostic Extension Linux Diagnostic Extension Mar 20, 2026 Mar 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally.
CVE-2025-54820 1Fortinet 1Fortimanager Mar 12, 2026 Mar 10, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attack...Show more A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms.Show less
CVE-2026-30929 1Imagemagick 1Imagemagick Mar 13, 2026 Mar 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is poss...Show more ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.Show less
CVE-2026-28693 1Imagemagick 1Imagemagick Mar 11, 2026 Mar 10, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds read or write. This vu...Show more ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds read or write. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41.Show less
CVE-2026-3038 1Freebsd 1Freebsd Mar 17, 2026 Mar 9, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. It assumes that the source sockaddr length...Show more The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it's possible for a malicious userspace program to craft a request which triggers a 127-byte overflow. In practice, this overflow immediately overwrites the canary for the rtsock_msg_buffer() stack frame, resulting in a panic once the function returns. The bug allows an unprivileged user to crash the kernel by triggering a stack buffer overflow in rtsock_msg_buffer(). In particular, the overflow will corrupt a stack canary value that is verified when the function returns; this mitigates the impact of the stack overflow by triggering a kernel panic. Other kernel bugs may exist which allow userspace to find the canary value and thus defeat the mitigation, at which point local privilege escalation may be possible.Show less
CVE-2025-41766 1Mbs Solutions 1Universal Bacnet Router Firmware Mar 11, 2026 Mar 9, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise.
CVE-2026-3823 1Blackbeartechhive 2Atop Ehg2408 2sfp Firmware Atop Ehg2408 Firmware Mar 10, 2026 Mar 9, 2026 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.
CVE-2026-3630 1Deltaww 1Commgr2 Mar 10, 2026 Mar 9, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability.
CVE-2026-3703 1Wavlink 1Wl Nu516u1 Firmware Mar 10, 2026 Mar 8, 2026 8.9 HIGH· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be per...Show more A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. The attack may be performed from remote. The exploit has been published and may be used. Upgrading the affected component is recommended. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.Show less
CVE-2018-25198 - - Apr 15, 2026 Mar 6, 2026 6.9 MEDIUM· v4 6.2 MEDIUM· v3 N/A· v2 eToolz 3.4.8.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying oversized input buffers. Attackers can create a payload file containing 255 bytes of data that t...Show more eToolz 3.4.8.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying oversized input buffers. Attackers can create a payload file containing 255 bytes of data that triggers a buffer overflow condition when processed by the application.Show less
CVE-2026-3606 1Ettercap Project 1Ettercap Apr 29, 2026 Mar 5, 2026 1.9 LOW· v4 5.5 MEDIUM· v3 1.7 LOW· v2 A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segment of the file src/ettercap/utils/etterfilter/ef_output.c of the component etterfilter. The manipula...Show more A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segment of the file src/ettercap/utils/etterfilter/ef_output.c of the component etterfilter. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.Show less
CVE-2026-28552 1Huawei 2Emui Harmonyos Mar 5, 2026 Mar 5, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability.

Previous 1...293031...704 Next