Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-36216

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-22 Jan, 2021 | 09:04
Updated At-04 Aug, 2024 | 17:23
Rejected At-
Credits

An issue was discovered in Input<R> in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:22 Jan, 2021 | 09:04
Updated At:04 Aug, 2024 | 17:23
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in Input<R> in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://rustsec.org/advisories/RUSTSEC-2020-0108.html
x_refsource_MISC
Hyperlink: https://rustsec.org/advisories/RUSTSEC-2020-0108.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://rustsec.org/advisories/RUSTSEC-2020-0108.html
x_refsource_MISC
x_transferred
Hyperlink: https://rustsec.org/advisories/RUSTSEC-2020-0108.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:26 Jan, 2021 | 18:15
Updated At:21 Jul, 2021 | 11:39

An issue was discovered in Input<R> in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
petabi
petabi
>>eventio>>Versions before 0.5.1(exclusive)
cpe:2.3:a:petabi:eventio:*:*:*:*:*:rust:*:*
Weaknesses
CWE IDTypeSource
CWE-662Primarynvd@nist.gov
CWE-787Primarynvd@nist.gov
CWE ID: CWE-662
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://rustsec.org/advisories/RUSTSEC-2020-0108.htmlcve@mitre.org
Exploit
Vendor Advisory
Hyperlink: https://rustsec.org/advisories/RUSTSEC-2020-0108.html
Source: cve@mitre.org
Resource:
Exploit
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

382Records found
CVE-2020-23901
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.05%
||
7 Day CHG~0.00%
Published-10 Nov, 2021 | 21:26
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A User Mode Write AV in Editor+0x5d15 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.

Action-Not Available
Vendor-wildbit-softn/a
Product-wildbit_viewern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-5268
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.34% / 55.74%
||
7 Day CHG~0.00%
Published-08 Jan, 2018 | 05:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.

Action-Not Available
Vendor-opencvn/aDebian GNU/Linux
Product-debian_linuxopencvn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-7877
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.54% / 66.72%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 18:00
Updated-16 Sep, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for DOUBLE data. A Crafted input will lead to a denial of service attack.

Action-Not Available
Vendor-libmingn/aDebian GNU/Linux
Product-libmingdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20081
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 31.25%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 00:00
Updated-25 Oct, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IPv6 DHCP (DHCPv6) Client Denial of Service Vulnerability

A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of DHCPv6 messages. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: To successfully exploit this vulnerability, the attacker would need to either control the DHCPv6 server or be in a man-in-the-middle position.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_3650-24ps-scatalyst_3850catalyst_3650asr_907catalyst_9500hcatalyst_3650-12x48urcatalyst_3850-16xs-scatalyst_3850-48pw-sasr_1000-esp200-xcatalyst_9300l-24t-4x-acatalyst_9300-48un-e4331_integrated_services_routercg522-easr_90064461_integrated_services_routercatalyst_9300-48p-acatalyst_9300-24s-aasr_1000-esp100-xcatalyst_9300l-48t-4x-acatalyst_3650-24pdmcatalyst_3650-8x24pd-scatalyst_3850-48u-lcatalyst_8500-4qccatalyst_3650-48ts-lcatalyst_9800-80_wireless_controllercatalyst_3650-8x24uq-less-3300-ncp-acatalyst_8300-1n1s-6t8101-32fhcatalyst_3650-24pd-lcatalyst_3650-24pd-scatalyst_3650-24td-lcatalyst_3650-24ts-lcatalyst_9300l-24t-4g-ecatalyst_3850-48xscatalyst_3650-12x48uqcatalyst_9800-clcatalyst_9300-48p-ecatalyst_3650-8x24pd-e1131_integrated_services_routercatalyst_9300-48t-ecatalyst_9600xcatalyst_3850-24xu-ecatalyst_3650-12x48uq-eess-3300-24t-con-ecatalyst_3650-8x24uqie-9320-26s2ccatalyst_9600catalyst_3850-48u-scatalyst_3850-16xs-ecatalyst_8510msrcatalyst_9200lcatalyst_3650-24pdm-scatalyst_3850-24xucatalyst_9300-48uxm-ecatalyst_3650-12x48ur-e1109_integrated_services_routercatalyst_9400catalyst_3650-48fqm-sfirepower_threat_defensecatalyst_3850-48t-l1100-4g_integrated_services_router1111x_integrated_services_routercatalyst_3650-12x48fd-scatalyst_9600_supervisor_engine-1catalyst_3650-12x48uq-lcatalyst_9800-40ess-3300-24t-con-acatalyst_9300l-48p-4x-acatalyst_9800catalyst_3650-8x24uq-scatalyst_3650-48tq-lcatalyst_9300-48u-aasr_902uie-3400-8t2s-a1100-4p_integrated_services_routercatalyst_3650-48fq-sasr_903catalyst_3850-48t-ecg418-ecatalyst_3650-48pq-s1101_integrated_services_routercatalyst_3650-48fqm-l8101-32hess-3300-24t-ncp-acatalyst_3850-12s-sasr_9010ie-9310-26s2ccatalyst_3850-24u-sie-3400-8t2s-ecatalyst_9300l-24t-4x-ecatalyst_9800-40_wireless_controllerasr_1002-hx_rcatalyst_3650-12x48uz-sasr_1006-xcatalyst_9300l-24p-4g-aess-3300-24t-ncp-ecatalyst_9300l-24p-4x-ecatalyst_9300-24ux-acatalyst_3850-32xs-scatalyst_9500cloud_services_router_1000vasr_9001catalyst_3650-12x48fd-e4221_integrated_services_routercatalyst_3850-48f-lcatalyst_3850-24xu-lcatalyst_3850-24s-scatalyst_3650-24td-ecatalyst_9300-48s-ecatalyst_3650-48td-easr_1002-xcatalyst_9300l8800_18-slotie-3300-8t2x-acatalyst_3650-12x48uq-scatalyst_3650-12x48uz-e4451-x_integrated_services_routercatalyst_3650-12x48ur-scatalyst_3850-48p-scatalyst_8510csrasr_1002-hx1109-2p_integrated_services_routercatalyst_9200cxcatalyst_8200cbr8_converged_broadband_routerasr_1000-esp100catalyst_9300-48t-acatalyst_3850-12s-eie-3300-8p2s-a8831catalyst_3850-24t-ecatalyst_3650-24ts-scatalyst_3650-24ps-easr_9004321_integrated_services_routercatalyst_3850-24xs-scatalyst_8300-1n1s-4t2x8804catalyst_3650-48fqm-ecatalyst_3650-48pd-ecatalyst_3650-24pdm-easr_1000catalyst_3650-48ts-ecatalyst_3850-48p-lcatalyst_8300-2n2s-4t2xesr-6300-ncp-k988081100-8p_integrated_services_routercatalyst_9410rcatalyst_3850-nm-8-10gcatalyst_3850-12xs-ecatalyst_8540csrcatalyst_3850-32xs-e1100-6g_integrated_services_routercatalyst_3850-12xs-scatalyst_3850-24s-ecatalyst_9300l-48p-4g-ecatalyst_9300l-48t-4g-ecatalyst_3850-24p-s8202catalyst_3650-24pdm-lcatalyst_3850-24ucatalyst_9300l_stackie-3300-8u2x-easr_1000-xcatalyst_9300l-24p-4g-ecatalyst_3650-24ts-ecatalyst_3650-24ps-lcatalyst_3650-48td-s111x_integrated_services_routercatalyst_9800-l8201-32fhasr_1013catalyst_8540msrcatalyst_3650-48tq-ecatalyst_3850-nm-2-40gcatalyst_9300lmcatalyst_3650-48fd-lcatalyst_3650-48fs-lcatalyst_3650-48pq-ecatalyst_3650-48fs-eie-3200-8t2s-ecatalyst_9300-24t-easr_9000vcatalyst_3650-12x48uzie-3400-8p2s-ecatalyst_3650-48fd-scatalyst_3650-48fs-scatalyst_3850-48t-scatalyst_3650-48pq-lcatalyst_3850-24pw-scatalyst_3850-24t-scatalyst_9407rcatalyst_3850-24t-lcatalyst_3850-48u-ecatalyst_9800_embedded_wireless_controllercatalyst_9200catalyst_9300l-48p-4g-a1160_integrated_services_routercatalyst_3650-24td-scatalyst_3650-48pd-lcatalyst_9300l-48t-4g-aie-3300-8t2x-eintegrated_services_virtual_routercatalyst_3650-48tq-sie-3400-8p2s-acatalyst_3850-48p-ecatalyst_9800-80catalyst_8300-2n2s-6tcatalyst_9300l-48p-4x-eess-3300-con-acatalyst_3650-48fd-eess-3300-ncp-easr_9000catalyst_3650-48fq-ecatalyst_8500lcatalyst_9300-24s-ecatalyst_9300-48u-eie-3300-8t2s-e1101-4p_integrated_services_routercatalyst_9300-48s-acatalyst_3650-12x48fd-lcatalyst_3850-24p-easr_1006catalyst_3850-48xs-f-scatalyst_9300-24t-acatalyst_9300l-24p-4x-acatalyst_9300catalyst_3850-24xu-s4451_integrated_services_routercatalyst_3650-48fqmcatalyst_3650-48td-lcatalyst_3850-24xs-ecatalyst_9400_supervisor_engine-1ess-3300-con-ecatalyst_3650-8x24uq-ecatalyst_3850-24u-lcatalyst_9300l-24t-4g-acatalyst_3850-48f-scatalyst_3650-12x48ur-l8800_8-slotcatalyst_3650-24pdcatalyst_9800-l-ccatalyst_3850-48f-e4000_integrated_services_routercatalyst_9300-48uxm-aadaptive_security_appliance_softwareasr_102388128818catalyst_9300-24p-acatalyst_3650-48ps-lasr_1001catalyst_3850-48xs-ecatalyst_9300-24u-acatalyst_3850-48ucatalyst_3650-8x24pd-lasr_1001-hxcatalyst_3650-48fq8102-64hcatalyst_3650-48fq-lasr_1009-x8201catalyst_9300-24u-ecatalyst_3850-12x48ucatalyst_9300xcatalyst_3650-48pd-scatalyst_9300-48un-aasr_1001-x_rie-3300-8p2s-ecatalyst_3650-24pd-eie-3300-8u2x-aioscatalyst_3650-12x48uz-lcatalyst_9300-24p-easr_1002-x_rcatalyst_3850-48xs-f-easr_1002catalyst_9800-l-fasr_902asr_1004catalyst_9300l-48t-4x-ecatalyst_3850-24p-l1120_integrated_services_routeresr-6300-con-k9catalyst_3850-24xs8800_4-slotcatalyst_3650-48ps-sess9300-10x-e4431_integrated_services_routerie-3200-8p2s-ecatalyst_3850-24u-ecatalyst_3850-48xs-sios_xe1111x-8p_integrated_services_router1109-4p_integrated_services_routerie-3300-8t2s-a8800_12-slotasr_1001-xcatalyst_3650-48ts-scatalyst_3650-48ps-ecatalyst_9300-24ux-e4351_integrated_services_routerCisco IOS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-7873
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.38% / 79.52%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 18:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input will lead to a denial of service attack.

Action-Not Available
Vendor-libmingn/aDebian GNU/Linux
Product-libmingdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-7987
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.9||MEDIUM
EPSS-0.18% / 40.11%
||
7 Day CHG~0.00%
Published-04 Dec, 2018 | 18:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an out-of-bounds write vulnerability on Huawei P20 smartphones with versions before 8.1.0.171(C00). The software does not handle the response message properly when the user doing certain inquiry operation, an attacker could send crafted message to the device, successful exploit could cause a denial of service condition.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-p20p20_firmwareHuawei P20
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-2050
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.58% / 67.95%
||
7 Day CHG~0.00%
Published-31 Jan, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file.

Action-Not Available
Vendor-libdwarf_projectn/a
Product-libdwarfn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3875
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.60%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 13:40
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-Fedora ProjectVim
Product-fedoravimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-5201
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 37.73%
||
7 Day CHG~0.00%
Published-21 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial of service conditions.

Action-Not Available
Vendor-hancomHANCOM
Product-hancom_office_neohancom_office_2010hancom_office_2018hancom_office_2014Hancom Office
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-6187
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 56.62%
||
7 Day CHG~0.00%
Published-24 Jan, 2018 | 10:00
Updated-11 Sep, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow vulnerability in the do_pdf_save_document function in the pdf/pdf-write.c file. Remote attackers could leverage the vulnerability to cause a denial of service via a crafted pdf file.

Action-Not Available
Vendor-n/aDebian GNU/LinuxArtifex Software Inc.
Product-debian_linuxmupdfn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-5793
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.68% / 81.42%
||
7 Day CHG~0.00%
Published-05 Feb, 2018 | 04:00
Updated-05 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.

Action-Not Available
Vendor-extremewirelessn/a
Product-wingn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-5791
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.68% / 81.42%
||
7 Day CHG~0.00%
Published-05 Feb, 2018 | 04:00
Updated-05 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.

Action-Not Available
Vendor-extremewirelessn/a
Product-wingn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-5792
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-1.68% / 81.42%
||
7 Day CHG~0.00%
Published-05 Feb, 2018 | 04:00
Updated-05 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.

Action-Not Available
Vendor-extremewirelessn/a
Product-wingn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-6155
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 46.17%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 16:13
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect handling of frames in the VP8 parser in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-20662
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 46.78%
||
7 Day CHG~0.00%
Published-30 Sep, 2021 | 16:40
Updated-04 Aug, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component mms_client_example1.c.

Action-Not Available
Vendor-libiec_iccp_mod_projectn/a
Product-libiec_iccp_modn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-5800
Matching Score-4
Assigner-Flexera Software LLC
ShareView Details
Matching Score-4
Assigner-Flexera Software LLC
CVSS Score-6.5||MEDIUM
EPSS-2.26% / 83.96%
||
7 Day CHG~0.00%
Published-07 Dec, 2018 | 22:00
Updated-05 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

Action-Not Available
Vendor-librawn/aCanonical Ltd.Red Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxlibrawdebian_linuxenterprise_linux_workstationenterprise_linux_desktopLibRaw
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-193
Off-by-one Error
CVE-2018-6123
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-1.98% / 82.80%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 19:00
Updated-05 Aug, 2024 | 05:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free in Blink in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-7867
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.56% / 67.36%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 18:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A Crafted input will lead to a denial of service attack.

Action-Not Available
Vendor-libmingn/aDebian GNU/Linux
Product-libmingdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-10246
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 51.45%
||
7 Day CHG~0.00%
Published-16 Mar, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.

Action-Not Available
Vendor-n/aArtifex Software Inc.Debian GNU/Linux
Product-debian_linuxmupdfn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-10247
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.31% / 53.59%
||
7 Day CHG~0.00%
Published-16 Mar, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file.

Action-Not Available
Vendor-n/aArtifex Software Inc.Debian GNU/Linux
Product-debian_linuxmupdfn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-6342
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 58.18%
||
7 Day CHG~0.00%
Published-09 Sep, 2020 | 12:44
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

Action-Not Available
Vendor-SAP SE
Product-3d_visual_enterprise_viewerSAP 3D Visual Enterprise Viewer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-8782
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-6.5||MEDIUM
EPSS-1.56% / 80.71%
||
7 Day CHG~0.00%
Published-01 Feb, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.

Action-Not Available
Vendor-n/aLibTIFFDebian GNU/Linux
Product-libtiffdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-8784
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-6.5||MEDIUM
EPSS-1.52% / 80.51%
||
7 Day CHG~0.00%
Published-13 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif.

Action-Not Available
Vendor-n/aLibTIFFDebian GNU/Linux
Product-libtiffdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-8781
Matching Score-4
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-4
Assigner-Debian GNU/Linux
CVSS Score-6.5||MEDIUM
EPSS-2.09% / 83.32%
||
7 Day CHG~0.00%
Published-01 Feb, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.

Action-Not Available
Vendor-n/aLibTIFFDebian GNU/Linux
Product-libtiffdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-20365
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.04% / 76.50%
||
7 Day CHG~0.00%
Published-22 Dec, 2018 | 17:00
Updated-05 Aug, 2024 | 11:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.

Action-Not Available
Vendor-librawn/a
Product-librawn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-20673
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.50%
||
7 Day CHG~0.00%
Published-04 Jan, 2019 | 17:00
Updated-05 Aug, 2024 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.

Action-Not Available
Vendor-n/aGNU
Product-binutilsn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-36977
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.34%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 06:48
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

matio (aka MAT File I/O Library) 1.5.20 and 1.5.21 has a heap-based buffer overflow in H5MM_memcpy (called from H5MM_malloc and H5C_load_entry), related to use of HDF5 1.12.0.

Action-Not Available
Vendor-matio_projectn/a
Product-mation/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-37530
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.39% / 59.18%
||
7 Day CHG~0.00%
Published-12 Jan, 2022 | 20:18
Updated-04 Aug, 2024 | 01:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.

Action-Not Available
Vendor-fig2dev_projectn/aDebian GNU/Linux
Product-fig2devdebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-20184
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 50.21%
||
7 Day CHG~0.00%
Published-17 Dec, 2018 | 17:00
Updated-05 Aug, 2024 | 11:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagick
Product-debian_linuxgraphicsmagickn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20068
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-5.9||MEDIUM
EPSS-2.31% / 84.10%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 02:04
Updated-25 Apr, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01270721; Issue ID: MSV-1479.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6986dmt6815mt6990mt8673mt8792mt6991mt6896mt8771mt6983mt6895mt6835mt6980dmt8675mt6897mt8791tmt6298mt6879mt6980mt6878mt8797mt6895tmt8798mt6899nr16nr17mt6986mt6813MT6298, MT6813, MT6815, MT6835, MT6878, MT6879, MT6895, MT6895T, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6986, MT6986D, MT6990, MT6991, MT8673, MT8675, MT8771, MT8791T, MT8792, MT8797, MT8798
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-20593
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 50.44%
||
7 Day CHG~0.00%
Published-30 Dec, 2018 | 18:00
Updated-05 Aug, 2024 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.

Action-Not Available
Vendor-msweetn/aFedora Project
Product-mini-xmlfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-37231
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.34% / 56.20%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 00:00
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499f through APar_readX() in src/util.cpp while parsing a crafted mp4 file because of the missing boundary check.

Action-Not Available
Vendor-atomicparsley_projectn/a
Product-atomicparsleyn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-37220
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 30.88%
||
7 Day CHG~0.00%
Published-21 Jul, 2021 | 21:02
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.

Action-Not Available
Vendor-n/aFedora ProjectArtifex Software Inc.
Product-fedoramupdfn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-20375
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.05%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 18:00
Updated-05 Aug, 2024 | 11:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the sym_pop function in tccgen.c.

Action-Not Available
Vendor-tinyccn/a
Product-tinyccn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-20374
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.05%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 18:00
Updated-05 Aug, 2024 | 11:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the use_section1 function in tccasm.c.

Action-Not Available
Vendor-tinyccn/a
Product-tinyccn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-20460
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 41.25%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 19:00
Updated-17 Sep, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-36410
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 24.12%
||
7 Day CHG~0.00%
Published-10 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.

Action-Not Available
Vendor-strukturn/aDebian GNU/Linux
Product-debian_linuxlibde265n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-20671
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 30.37%
||
7 Day CHG~0.00%
Published-04 Jan, 2019 | 16:00
Updated-05 Aug, 2024 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.

Action-Not Available
Vendor-n/aGNU
Product-binutilsn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-36054
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-0.24% / 47.63%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 14:33
Updated-17 Sep, 2024 | 04:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XMP Toolkit SDK Heap-based Buffer Overflow in the PSD_MetaHandler::CacheFileData Could Lead To Application Denial Of Service

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.

Action-Not Available
Vendor-Debian GNU/LinuxAdobe Inc.
Product-xmp_toolkit_software_development_kitdebian_linuxXMP Toolkit
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-36584
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 32.04%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 19:08
Updated-04 Aug, 2024 | 01:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GPAC 1.0.1. There is a heap-based buffer overflow in the function gp_rtp_builder_do_tx3g function in ietf/rtp_pck_3gpp.c, as demonstrated by MP4Box. This can cause a denial of service (DOS).

Action-Not Available
Vendor-n/aGPAC
Product-gpacn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-20455
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.65%
||
7 Day CHG~0.00%
Published-25 Dec, 2018 | 19:00
Updated-16 Sep, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash via a stack-based buffer overflow) by crafting an input file, a related issue to CVE-2018-20456.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3630
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-5.5||MEDIUM
EPSS-0.11% / 30.46%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 13:27
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28.

Action-Not Available
Vendor-djvulibre_projectn/aDebian GNU/LinuxFedora Project
Product-djvulibredebian_linuxfedoradjvulibre
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-20376
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.05%
||
7 Day CHG~0.00%
Published-23 Dec, 2018 | 18:00
Updated-05 Aug, 2024 | 11:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the asm_parse_directive function in tccasm.c.

Action-Not Available
Vendor-tinyccn/a
Product-tinyccn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-36083
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 45.64%
||
7 Day CHG~0.00%
Published-01 Jul, 2021 | 02:48
Updated-04 Aug, 2024 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE.

Action-Not Available
Vendor-n/aKDE
Product-kimageformatsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34068
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 51.81%
||
7 Day CHG~0.00%
Published-23 Jun, 2021 | 21:56
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.

Action-Not Available
Vendor-tsmuxer_projectn/a
Product-tsmuxern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3405
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.25% / 78.52%
||
7 Day CHG~0.00%
Published-23 Feb, 2021 | 19:05
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml.

Action-Not Available
Vendor-matroskan/aDebian GNU/LinuxFedora Project
Product-debian_linuxlibebmlfedoralibebml
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-18826
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 48.37%
||
7 Day CHG~0.00%
Published-30 Oct, 2018 | 06:00
Updated-05 Aug, 2024 | 11:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file.

Action-Not Available
Vendor-libavn/a
Product-libavn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34338
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.24%
||
7 Day CHG~0.00%
Published-07 Mar, 2022 | 22:26
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.

Action-Not Available
Vendor-libmingn/aFedora Project
Product-mingfedoraming
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34071
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.29% / 51.81%
||
7 Day CHG~0.00%
Published-23 Jun, 2021 | 21:56
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.

Action-Not Available
Vendor-tsmuxer_projectn/a
Product-tsmuxern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34340
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.24%
||
7 Day CHG~0.00%
Published-07 Mar, 2022 | 22:02
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.

Action-Not Available
Vendor-libmingn/aFedora Project
Product-mingfedoraming
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 7
  • 8
  • Next
Details not found