Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-20115

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-21 Aug, 2025 | 20:15
Updated At-21 Aug, 2025 | 20:53
Rejected At-
Credits

Vermillion FTP <= 1.31 Daemon PORT Command Memory Corruption

Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing, allowing an attacker to manipulate stack memory and potentially execute arbitrary code. Exploitation requires direct access to the FTP service and is constrained by a single execution attempt if the daemon is installed as a Windows service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:21 Aug, 2025 | 20:15
Updated At:21 Aug, 2025 | 20:53
Rejected At:
▼CVE Numbering Authority (CNA)
Vermillion FTP <= 1.31 Daemon PORT Command Memory Corruption

Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing, allowing an attacker to manipulate stack memory and potentially execute arbitrary code. Exploitation requires direct access to the FTP service and is constrained by a single execution attempt if the daemon is installed as a Windows service.

Affected Products
Vendor
Arcane Software
Product
Vermillion FTP Daemon
Modules
  • FTP PORT command parser
Default Status
unaffected
Versions
Affected
  • From * through 1.31 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
CWECWE-704CWE-704 Incorrect Type Conversion or Cast
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-704
Description: CWE-704 Incorrect Type Conversion or Cast
Metrics
VersionBase scoreBase severityVector
4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-100CAPEC-100 Overflow Buffers
CAPEC-137CAPEC-137 Parameter Injection
CAPEC ID: CAPEC-100
Description: CAPEC-100 Overflow Buffers
CAPEC ID: CAPEC-137
Description: CAPEC-137 Parameter Injection
Solutions
Configurations
Workarounds
Exploits
Credits
finder
x4lt of Global-Evolution Security Group
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/vermillion_ftpd_port.rb
exploit
https://www.exploit-db.com/exploits/11293
exploit
https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=23681
third-party-advisory
https://www.juniper.net/us/en/threatlabs/ips-signatures/detail.FTP:EXPLOIT:VERMILLION-PORT-OF.html
third-party-advisory
https://web.archive.org/web/20100416140657/http://www.global-evolution.info/news/files/vftpd/vftpd.txt
technical-description
exploit
https://web.archive.org/web/20100213162028/http://www.softsea.com/review/Vermillion-FTP-Daemon.html
product
https://www.vulncheck.com/advisories/vermillion-ftp-daemon-port-command-memory-corruption
third-party-advisory
Hyperlink: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/vermillion_ftpd_port.rb
Resource:
exploit
Hyperlink: https://www.exploit-db.com/exploits/11293
Resource:
exploit
Hyperlink: https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=23681
Resource:
third-party-advisory
Hyperlink: https://www.juniper.net/us/en/threatlabs/ips-signatures/detail.FTP:EXPLOIT:VERMILLION-PORT-OF.html
Resource:
third-party-advisory
Hyperlink: https://web.archive.org/web/20100416140657/http://www.global-evolution.info/news/files/vftpd/vftpd.txt
Resource:
technical-description
exploit
Hyperlink: https://web.archive.org/web/20100213162028/http://www.softsea.com/review/Vermillion-FTP-Daemon.html
Resource:
product
Hyperlink: https://www.vulncheck.com/advisories/vermillion-ftp-daemon-port-command-memory-corruption
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/11293
exploit
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/vermillion_ftpd_port.rb
exploit
Hyperlink: https://www.exploit-db.com/exploits/11293
Resource:
exploit
Hyperlink: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/vermillion_ftpd_port.rb
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:21 Aug, 2025 | 21:15
Updated At:22 Aug, 2025 | 18:08

Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing, allowing an attacker to manipulate stack memory and potentially execute arbitrary code. Exploitation requires direct access to the FTP service and is constrained by a single execution attempt if the daemon is installed as a Windows service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-704Secondarydisclosure@vulncheck.com
CWE-787Secondarydisclosure@vulncheck.com
CWE ID: CWE-704
Type: Secondary
Source: disclosure@vulncheck.com
CWE ID: CWE-787
Type: Secondary
Source: disclosure@vulncheck.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/vermillion_ftpd_port.rbdisclosure@vulncheck.com
N/A
https://web.archive.org/web/20100213162028/http://www.softsea.com/review/Vermillion-FTP-Daemon.htmldisclosure@vulncheck.com
N/A
https://web.archive.org/web/20100416140657/http://www.global-evolution.info/news/files/vftpd/vftpd.txtdisclosure@vulncheck.com
N/A
https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=23681disclosure@vulncheck.com
N/A
https://www.exploit-db.com/exploits/11293disclosure@vulncheck.com
N/A
https://www.juniper.net/us/en/threatlabs/ips-signatures/detail.FTP:EXPLOIT:VERMILLION-PORT-OF.htmldisclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/vermillion-ftp-daemon-port-command-memory-corruptiondisclosure@vulncheck.com
N/A
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/vermillion_ftpd_port.rb134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
https://www.exploit-db.com/exploits/11293134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/vermillion_ftpd_port.rb
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://web.archive.org/web/20100213162028/http://www.softsea.com/review/Vermillion-FTP-Daemon.html
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://web.archive.org/web/20100416140657/http://www.global-evolution.info/news/files/vftpd/vftpd.txt
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=23681
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/11293
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.juniper.net/us/en/threatlabs/ips-signatures/detail.FTP:EXPLOIT:VERMILLION-PORT-OF.html
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/vermillion-ftp-daemon-port-command-memory-corruption
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/ftp/vermillion_ftpd_port.rb
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/11293
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

23Records found
CVE-2023-54329
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.36% / 57.71%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:52
Updated-30 Jan, 2026 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inbit Messenger 4.9.0 - Unauthenticated Remote Command Execution (RCE)

Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by exploiting a stack overflow in the messenger's protocol. Attackers can send specially crafted XML packets to port 10883 with a malicious payload to trigger the vulnerability and execute commands with system privileges.

Action-Not Available
Vendor-inbitInbit
Product-inbit_messengerInbit Messenger
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-54330
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.24% / 47.45%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:52
Updated-30 Jan, 2026 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inbit Messenger 4.9.0 - Unauthenticated Remote SEH Overflow

Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer overflow vulnerability that allows unauthenticated attackers to execute arbitrary code by sending malformed network packets. Attackers can craft a specially designed payload targeting the messenger's network handler to overwrite the Structured Exception Handler (SEH) and execute shellcode on vulnerable Windows systems.

Action-Not Available
Vendor-inbitInbit
Product-inbit_messengerInbit Messenger
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-14232
Matching Score-4
Assigner-Canon Inc.
ShareView Details
Matching Score-4
Assigner-Canon Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.10% / 28.51%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:36
Updated-26 Jan, 2026 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in XML processing of XPS file in Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-mf451dwmf1643i_iimf452dw_firmwarelbp236dwmf654cdw_firmwaremf453dw_firmwaremf452dwmf656cdw_firmwaremf455dwlbp633cdwlbp632cdwlbp237dw_firmwaremf653cdwmf652cw_firmwaremf455dw_firmwarelbp236dw_firmwaremf1643if_iimf653cdw_firmwarelbp632cdw_firmwaremf656cdwmf1643i_ii_firmwaremf453dwmf451dw_firmwaremf654cdwmf1238_ii_firmwaremf1238_iilbp237dwlbp633cdw_firmwarelbp1238_iimf652cdwlbp1238_ii_firmwaremf1643if_ii_firmwareSatera LBP670C SeriesimageCLASS X LBP1238 IIimageCLASS X MF1643iF IIi-SENSYS LBP230 Seriesi-SENSYS MF550 Series1238Pr IIi-SENSYS LBP630C Seriesi-SENSYS MF450 SeriesSatera MF750C SeriesColor imageCLASS MF650C Seriesi-SENSYS MF650C SeriesimageCLASS X MF1643i IIimageRUNNER 1643i IIColor imageCLASS LBP630C1238iF IIimageCLASS X MF1238 IIimageRUNNER 1643iF II1238i II1238P IIimageCLASS MF450 SeriesimageCLASS LBP230 Series
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-14237
Matching Score-4
Assigner-Canon Inc.
ShareView Details
Matching Score-4
Assigner-Canon Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.10% / 28.51%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:40
Updated-26 Jan, 2026 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-mf451dwmf1643i_iimf452dw_firmwarelbp236dwmf654cdw_firmwaremf453dw_firmwaremf452dwmf656cdw_firmwaremf455dwlbp633cdwlbp632cdwlbp237dw_firmwaremf653cdwmf652cw_firmwaremf455dw_firmwarelbp236dw_firmwaremf1643if_iimf653cdw_firmwarelbp632cdw_firmwaremf656cdwmf1643i_ii_firmwaremf453dwmf451dw_firmwaremf654cdwmf1238_ii_firmwaremf1238_iilbp237dwlbp633cdw_firmwarelbp1238_iimf652cdwlbp1238_ii_firmwaremf1643if_ii_firmwareSatera LBP670C SeriesimageCLASS X LBP1238 IIimageCLASS X MF1643iF IIi-SENSYS LBP230 Seriesi-SENSYS MF550 Series1238Pr IIi-SENSYS LBP630C Seriesi-SENSYS MF450 SeriesSatera MF750C SeriesColor imageCLASS MF650C Seriesi-SENSYS MF650C SeriesimageCLASS X MF1643i IIimageRUNNER 1643i IIColor imageCLASS LBP630C1238iF IIimageCLASS X MF1238 IIimageRUNNER 1643iF II1238i II1238P IIimageCLASS MF450 SeriesimageCLASS LBP230 Series
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-26011
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-Not Assigned
Published-12 Feb, 2026 | 20:42
Updated-12 Feb, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Critical Heap Out-of-bounds Access in `pf_cluster_stats()` via Malicious /initialpose Covariance -- Potential Remote Code Execution

navigation2 is a ROS 2 Navigation Framework and System. In 1.3.11 and earlier, a critical heap out-of-bounds write vulnerability exists in Nav2 AMCL's particle filter clustering logic. By publishing a single crafted geometry_msgs/PoseWithCovarianceStamped message with extreme covariance values to the /initialpose topic, an unauthenticated attacker on the same ROS 2 DDS domain can trigger a negative index write (set->clusters[-1]) into heap memory preceding the allocated buffer. In Release builds, the sole boundary check (assert) is compiled out, leaving zero runtime protection. This primitive allows controlled corruption of the heap chunk metadata(at least the size of the heap chunk where the set->clusters is in is controllable by the attacker), potentially leading to further exploitation. At minimum, it provides a reliable single-packet denial of service that kills localization and halts all navigation.

Action-Not Available
Vendor-ros-navigation
Product-navigation2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-14234
Matching Score-4
Assigner-Canon Inc.
ShareView Details
Matching Score-4
Assigner-Canon Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.10% / 28.51%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:38
Updated-26 Jan, 2026 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in CPCA list processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-mf451dwmf1643i_iimf452dw_firmwarelbp236dwmf654cdw_firmwaremf453dw_firmwaremf452dwmf656cdw_firmwaremf455dwlbp633cdwlbp632cdwlbp237dw_firmwaremf653cdwmf652cw_firmwaremf455dw_firmwarelbp236dw_firmwaremf1643if_iimf653cdw_firmwarelbp632cdw_firmwaremf656cdwmf1643i_ii_firmwaremf453dwmf451dw_firmwaremf654cdwmf1238_ii_firmwaremf1238_iilbp237dwlbp633cdw_firmwarelbp1238_iimf652cdwlbp1238_ii_firmwaremf1643if_ii_firmwareSatera LBP670C SeriesimageCLASS X LBP1238 IIimageCLASS X MF1643iF IIi-SENSYS LBP230 Seriesi-SENSYS MF550 Series1238Pr IIi-SENSYS LBP630C Seriesi-SENSYS MF450 SeriesSatera MF750C SeriesColor imageCLASS MF650C Seriesi-SENSYS MF650C SeriesimageCLASS X MF1643i IIimageRUNNER 1643i IIColor imageCLASS LBP630C1238iF IIimageCLASS X MF1238 IIimageRUNNER 1643iF II1238i II1238P IIimageCLASS MF450 SeriesimageCLASS LBP230 Series
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-14236
Matching Score-4
Assigner-Canon Inc.
ShareView Details
Matching Score-4
Assigner-Canon Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.10% / 28.51%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:39
Updated-26 Jan, 2026 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Address Book attribute tag processing on Small Office Multifunction Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-mf451dwmf1643i_iimf452dw_firmwarelbp236dwmf654cdw_firmwaremf453dw_firmwaremf452dwmf656cdw_firmwaremf455dwlbp633cdwlbp632cdwlbp237dw_firmwaremf653cdwmf652cw_firmwaremf455dw_firmwarelbp236dw_firmwaremf1643if_iimf653cdw_firmwarelbp632cdw_firmwaremf656cdwmf1643i_ii_firmwaremf453dwmf451dw_firmwaremf654cdwmf1238_ii_firmwaremf1238_iilbp237dwlbp633cdw_firmwarelbp1238_iimf652cdwlbp1238_ii_firmwaremf1643if_ii_firmwareSatera LBP670C SeriesimageCLASS X LBP1238 IIimageCLASS X MF1643iF IIi-SENSYS LBP230 Seriesi-SENSYS MF550 Series1238Pr IIi-SENSYS LBP630C Seriesi-SENSYS MF450 SeriesSatera MF750C SeriesColor imageCLASS MF650C Seriesi-SENSYS MF650C SeriesimageCLASS X MF1643i IIimageRUNNER 1643i IIColor imageCLASS LBP630C1238iF IIimageCLASS X MF1238 IIimageRUNNER 1643iF II1238i II1238P IIimageCLASS MF450 SeriesimageCLASS LBP230 Series
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-14235
Matching Score-4
Assigner-Canon Inc.
ShareView Details
Matching Score-4
Assigner-Canon Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.10% / 28.51%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:38
Updated-26 Jan, 2026 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-mf451dwmf1643i_iimf452dw_firmwarelbp236dwmf654cdw_firmwaremf453dw_firmwaremf452dwmf656cdw_firmwarelbp633cdwlbp632cdwmf455dwlbp237dw_firmwaremf653cdwmf652cw_firmwarelbp236dw_firmwaremf455dw_firmwaremf1643if_iimf653cdw_firmwarelbp632cdw_firmwaremf656cdwmf1643i_ii_firmwaremf453dwmf451dw_firmwaremf654cdwmf1238_ii_firmwaremf1238_iilbp237dwlbp633cdw_firmwarelbp1238_iimf652cdwlbp1238_ii_firmwaremf1643if_ii_firmwareSatera LBP670C SeriesimageCLASS X LBP1238 IIimageCLASS X MF1643iF IIi-SENSYS LBP230 Seriesi-SENSYS MF550 Series1238Pr IIi-SENSYS LBP630C Seriesi-SENSYS MF450 SeriesSatera MF750C SeriesColor imageCLASS MF650C Seriesi-SENSYS MF650C SeriesimageCLASS X MF1643i IIimageRUNNER 1643i IIColor imageCLASS LBP630C1238iF IIimageCLASS X MF1238 IIimageRUNNER 1643iF II1238i II1238P IIimageCLASS MF450 SeriesimageCLASS LBP230 Series
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-9242
Matching Score-4
Assigner-WatchGuard Technologies, Inc.
ShareView Details
Matching Score-4
Assigner-WatchGuard Technologies, Inc.
CVSS Score-9.3||CRITICAL
EPSS-66.53% / 98.49%
||
7 Day CHG-4.43%
Published-17 Sep, 2025 | 07:29
Updated-14 Nov, 2025 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-12-03||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
WatchGuard Firebox iked Out of Bounds Write Vulnerability

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.3 and 2025.1.

Action-Not Available
Vendor-WatchGuard Technologies, Inc.
Product-firebox_t145-wfirebox_m370firebox_m440firebox_t145firebox_m4600firebox_m570firebox_t80firebox_t185firebox_t25firebox_t125firebox_t70firebox_t125-wfirebox_t20fireboxvfireboxcloudfirebox_t85firebox_t15firebox_m690firebox_t45firebox_t40firewarefirebox_m670firebox_t115-wfirebox_m5800firebox_m270firebox_m590firebox_m290firebox_nv5firebox_m4800firebox_m390firebox_m470firebox_t35firebox_t55firebox_m5600Fireware OSFirebox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-36885
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.42% / 61.25%
||
7 Day CHG~0.00%
Published-10 Dec, 2025 | 20:48
Updated-02 Jan, 2026 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sony IPELA Network Camera 1.82.01 Remote Stack Buffer Overflow via ftpclient.cgi

Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP client functionality, potentially causing remote code execution or denial of service.

Action-Not Available
Vendor-Sony Electronics Inc.Sony Group Corporation
Product-snc-dh120t_firmwaresnc-dh120tIPELA Network Camera
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-66216
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.09% / 25.19%
||
7 Day CHG~0.00%
Published-29 Nov, 2025 | 01:57
Updated-23 Dec, 2025 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AIS-catcher has a Buffer Overflow vulnerability in `AIS::Message` leading to DoS/RCE

AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, a heap buffer overflow vulnerability has been identified in the AIS::Message class of AIS-catcher. This vulnerability allows an attacker to write approximately 1KB of arbitrary data into a 128-byte buffer. This issue has been patched in version 0.64.

Action-Not Available
Vendor-aiscatcherjvde-github
Product-ais-catcherAIS-catcher
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2620
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-35.61% / 96.95%
||
7 Day CHG~0.00%
Published-22 Mar, 2025 | 14:31
Updated-26 Mar, 2025 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1620 Authentication storage mod_graph_auth_uri_handler stack-based overflow

A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1620dap-1620_firmwareDAP-1620
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-5623
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-0.49% / 65.14%
||
7 Day CHG~0.00%
Published-05 Jun, 2025 | 00:00
Updated-06 Jun, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-816 qosClassifier stack-based overflow

A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-816dir-816_firmwareDIR-816
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-5624
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-0.45% / 63.17%
||
7 Day CHG~0.00%
Published-05 Jun, 2025 | 00:31
Updated-06 Jun, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-816 QoSPortSetup stack-based overflow

A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_remarker leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-816dir-816_firmwareDIR-816
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-5622
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-0.49% / 65.14%
||
7 Day CHG~0.00%
Published-05 Jun, 2025 | 00:00
Updated-06 Jun, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-816 wirelessApcli_5g stack-based overflow

A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5g leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-816dir-816_firmwareDIR-816
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-5630
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-0.45% / 63.17%
||
7 Day CHG~0.00%
Published-05 Jun, 2025 | 02:00
Updated-06 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DIR-816 form2lansetup.cgi stack-based overflow

A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-816dir-816_firmwareDIR-816
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-5600
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-0.36% / 57.64%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 17:31
Updated-10 Jun, 2025 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TOTOLINK EX1200T cstecgi.cgi setLanguageCfg stack-based overflow

A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument LangType leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-TOTOLINK
Product-ex1200tex1200t_firmwareEX1200T
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12248
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.88% / 74.88%
||
7 Day CHG~0.00%
Published-30 Jan, 2025 | 18:17
Updated-12 Feb, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds Write vulnerability in Contec Health CMS8000 Patient Monitor

Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution.

Action-Not Available
Vendor-Contec Medical Systems Co., Ltd.
Product-CMS8000 Patient Monitor
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-30356
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.50% / 65.32%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 22:06
Updated-29 Apr, 2025 | 14:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap Buffer Overflow via Incomplete Length Check in `Crypto_TC_ApplySecurity`

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In 1.3.3 and earlier, a heap buffer overflow vulnerability persists in the Crypto_TC_ApplySecurity function due to an incomplete validation check on the fl (frame length) field. Although CVE-2025-29912 addressed an underflow issue involving fl, the patch fails to fully prevent unsafe calculations. As a result, an attacker can still craft malicious frames that cause a negative tf_payload_len, which is then interpreted as a large unsigned value, leading to a heap buffer overflow in a memcpy call.

Action-Not Available
Vendor-nasanasa
Product-cryptolibCryptoLib
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2619
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-0.73% / 72.35%
||
7 Day CHG~0.00%
Published-22 Mar, 2025 | 14:00
Updated-26 Mar, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1620 Cookie storage check_dws_cookie stack-based overflow

A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function check_dws_cookie of the file /storage of the component Cookie Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1620dap-1620_firmwareDAP-1620
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2618
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-0.73% / 72.35%
||
7 Day CHG~0.00%
Published-22 Mar, 2025 | 13:31
Updated-26 Mar, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1620 Path api set_ws_action heap-based overflow

A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1620dap-1620_firmwareDAP-1620
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2621
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-0.73% / 72.35%
||
7 Day CHG~0.00%
Published-22 Mar, 2025 | 16:31
Updated-26 Mar, 2025 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link DAP-1620 storage check_dws_cookie stack-based overflow

A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function check_dws_cookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-D-Link Corporation
Product-dap-1620dap-1620_firmwareDAP-1620
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-14231
Matching Score-4
Assigner-Canon Inc.
ShareView Details
Matching Score-4
Assigner-Canon Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.10% / 28.51%
||
7 Day CHG~0.00%
Published-15 Jan, 2026 | 23:35
Updated-26 Jan, 2026 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in print job processing by WSD on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Action-Not Available
Vendor-Canon Inc.
Product-mf451dwmf1643i_iimf452dw_firmwarelbp236dwmf654cdw_firmwaremf453dw_firmwaremf452dwmf656cdw_firmwaremf455dwlbp633cdwlbp632cdwlbp237dw_firmwaremf653cdwmf652cw_firmwaremf455dw_firmwarelbp236dw_firmwaremf1643if_iimf653cdw_firmwarelbp632cdw_firmwaremf656cdwmf1643i_ii_firmwaremf453dwmf451dw_firmwaremf654cdwmf1238_ii_firmwaremf1238_iilbp237dwlbp633cdw_firmwarelbp1238_iimf652cdwlbp1238_ii_firmwaremf1643if_ii_firmwareSatera LBP670C SeriesimageCLASS X LBP1238 IIimageCLASS X MF1643iF IIi-SENSYS LBP230 Seriesi-SENSYS MF550 Series1238Pr IIi-SENSYS LBP630C Seriesi-SENSYS MF450 SeriesSatera MF750C SeriesColor imageCLASS MF650C Seriesi-SENSYS MF650C SeriesimageCLASS X MF1643i IIimageRUNNER 1643i IIColor imageCLASS LBP630C1238iF IIimageCLASS X MF1238 IIimageRUNNER 1643iF II1238i II1238P IIimageCLASS MF450 SeriesimageCLASS LBP230 Series
CWE ID-CWE-787
Out-of-bounds Write
Details not found