Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-20491

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-16 Apr, 2021 | 15:40
Updated At-16 Sep, 2024 | 19:15
Rejected At-
Credits

IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash. IBM X-Force ID: 197792.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:16 Apr, 2021 | 15:40
Updated At:16 Sep, 2024 | 19:15
Rejected At:
▼CVE Numbering Authority (CNA)

IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash. IBM X-Force ID: 197792.

Affected Products
Vendor
IBM CorporationIBM
Product
Spectrum Protect Server
Versions
Affected
  • 8.1
  • 7.1
Problem Types
TypeCWE IDDescription
textN/ADenial of Service
Type: text
CWE ID: N/A
Description: Denial of Service
Metrics
VersionBase scoreBase severityVector
3.04.4MEDIUM
CVSS:3.0/I:N/A:H/UI:N/C:N/S:U/AV:L/AC:L/PR:H/RL:O/E:U/RC:C
Version: 3.0
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.0/I:N/A:H/UI:N/C:N/S:U/AV:L/AC:L/PR:H/RL:O/E:U/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/6442993
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/197792
vdb-entry
x_refsource_XF
Hyperlink: https://www.ibm.com/support/pages/node/6442993
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/197792
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.ibm.com/support/pages/node/6442993
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/197792
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://www.ibm.com/support/pages/node/6442993
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/197792
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:16 Apr, 2021 | 16:15
Updated At:21 Apr, 2021 | 15:33

IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improper bounds checking during the parsing of commands. By issuing such a command with an improper parameter, an authorized administrator could overflow a buffer and cause the server to crash. IBM X-Force ID: 197792.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.4MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Secondary3.04.4MEDIUM
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.0
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
IBM Corporation
ibm
>>spectrum_protect>>Versions from 7.1.0.000(inclusive) to 7.1.13(exclusive)
cpe:2.3:a:ibm:spectrum_protect:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>spectrum_protect>>Versions from 8.1.0.000(inclusive) to 8.1.10.100(inclusive)
cpe:2.3:a:ibm:spectrum_protect:*:*:*:*:*:*:*:*
IBM Corporation
ibm
>>spectrum_protect>>8.1.11.000
cpe:2.3:a:ibm:spectrum_protect:8.1.11.000:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/197792psirt@us.ibm.com
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6442993psirt@us.ibm.com
Patch
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/197792
Source: psirt@us.ibm.com
Resource:
VDB Entry
Vendor Advisory
Hyperlink: https://www.ibm.com/support/pages/node/6442993
Source: psirt@us.ibm.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

241Records found
CVE-2024-25947
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 6.00%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 07:04
Updated-02 Aug, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.

Action-Not Available
Vendor-Dell Inc.
Product-emc_idrac_service_moduleiDRAC Service Module (iSM)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-25948
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 6.00%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 07:09
Updated-02 Aug, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.

Action-Not Available
Vendor-Dell Inc.
Product-emc_idrac_service_moduleiDRAC Service Module (iSM)emc_idrac_service_module
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-11833
Matching Score-4
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Matching Score-4
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.20%
||
7 Day CHG~0.00%
Published-31 Dec, 2020 | 17:59
Updated-04 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c, the function mp2650_data_log_write in mp2650_data_log_write does not check the parameter len which causes a vulnerability.

Action-Not Available
Vendor-oppon/a
Product-find_x2_proreno3_proreno3_pro_firmwarefind_x2_pro_firmwareOPPO Find X2
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-22448
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-4.7||MEDIUM
EPSS-0.04% / 11.20%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 07:30
Updated-04 Feb, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-g5_5500latitude_5511_firmwarelatitude_9510_2in1_firmwareprecision_7750_firmwarexps_9315_2-in-1latitude_5411_firmwareprecision_3450latitude_9410_firmwarelatitude_5420precision_3460_small_form_factorinspiron_5502inspiron_15_3511latitude_5430_rugged_laptop_firmwareoptiplex_5080_firmwarechengming_3990_firmwareinspiron_5406_2-in-1optiplex_3280_all-in-oneprecision_5550latitude_5340_firmwareoptiplex_7000_micro_firmwarevostro_14_3420latitude_3410xps_17_9730_firmwareinspiron_16_7640_2-in-1inspiron_14_5410_firmwareprecision_3550latitude_9420precision_3460_xe_small_form_factor_firmwareinspiron_13_5330latitude_5521optiplex_small_form_factor_7010precision_5570_firmwarexps_13_9310latitude_7430latitude_5531_firmwarealienware_x16_r2_firmwarexps_15_9500_firmwarelatitude_3140latitude_9510_2in1precision_5770_firmwareinspiron_3891_firmwarevostro_15_3520precision_3660_firmwarelatitude_3530optiplex_3000_toweroptiplex_3000_tower_firmwareinspiron_14_plus_7420_firmwareprecision_5570latitude_5530latitude_5430_rugged_laptopprecision_5470latitude_3320_firmwareoptiplex_5080latitude_7410_firmwareprecision_7780vostro_3400_firmwarealienware_m18_r1optiplex_3090_ultra_firmwareinspiron_7306_2-in-1_firmwareinspiron_7506_2-in-1_firmwarevostro_3400alienware_m18_r2_firmwarexps_13_9310_firmwareoptiplex_3090xps_15_9520_firmwareprecision_3551_firmwarelatitude_9520vostro_15_5510latitude_5520_firmwarelatitude_7440_firmwareg16_7630vostro_15_7510_firmwarevostro_3910_firmwarelatitude_7340xps_15_9510_firmwareinspiron_15_3511_firmwareoptiplex_5090_towerlatitude_7030_rugged_extremevostro_3888inspiron_5402_firmwareprecision_3440xps_17_9720inspiron_3881_firmwareinspiron_27_7710_all-in-oneoptiplex_micro_7010precision_7670vostro_7500_firmwareinspiron_7300xps_13_9310_2-in-1optiplex_7490_all-in-oneprecision_3460_xe_small_form_factorinspiron_5502_firmwareg15_5530_firmwarevostro_5502_firmwarelatitude_7310_firmwareprecision_7760precision_7760_firmwareinspiron_13_5320_firmwarealienware_m16_r1optiplex_micro_7010_firmwareoptiplex_tower_7010_firmwareinspiron_3020_desktop_firmwarevostro_7620_firmwareinspiron_5400latitude_5421_firmwareinspiron_5409g15_5520_firmwarexps_13_9340_firmwareinspiron_5401_aio_firmwarealienware_m18_r1_firmwareinspiron_5401latitude_7420inspiron_15_5518latitude_9440_2-in-1_firmwarexps_15_9510optiplex_7400_all-in-one_firmwarelatitude_5330chengming_3900precision_3640latitude_7330_firmwareinspiron_3020_desktopinspiron_15_5518_firmwareprecision_3240_compactoptiplex_7490_all-in-one_firmwareinspiron_13_5320vostro_3881g15_5511_firmwareprecision_7670_firmwarevostro_3710_firmwareoptiplex_3000_small_form_factorprecision_7560optiplex_3090_ultraalienware_m18_r2latitude_9330_firmwareinspiron_16_7610_firmwarelatitude_7310xps_17_9700_firmwareinspiron_7400latitude_7320_detachableinspiron_16_7620_2-in-1inspiron_5410_firmwarelatitude_7330inspiron_5509_firmwareinspiron_7300_firmwarevostro_5402latitude_3550_firmwarelatitude_7030_rugged_extreme_firmwareprecision_7550_firmwarelatitude_7530vostro_14_5410g16_7620latitude_3550chengming_3911_firmwarealienware_m15_r7_firmwareg7_7700chengming_3900_firmwareinspiron_5410inspiron_5402latitude_5421inspiron_14_5418_firmwareinspiron_14_plus_7440_firmwareinspiron_3891precision_3480latitude_7520inspiron_14_7420_2-in-1_firmwarelatitude_5320precision_7550inspiron_5301vostro_5890inspiron_3910vostro_3500_firmwarevostro_5320latitude_7340_firmwarevostro_14_3430optiplex_5090_small_form_factorinspiron_3030slatitude_9330vostro_14_3440g7_7500latitude_3510_firmwarelatitude_3510inspiron_27_7720_all-in-one_firmwarelatitude_9440_2-in-1optiplex_all-in-one_7410vostro_3690vostro_14_5410_firmwarexps_15_9500inspiron_3020_small_desktop_firmwareoptiplex_micro_plus_7010_firmwareprecision_3581latitude_3140_firmwareg3_3500inspiron_3030s_firmwareprecision_3470_firmwareoptiplex_7000_towervostro_14_3430_firmwarealienware_m15_r7vostro_3888_firmwareoptiplex_7000_tower_firmwarexps_13_9315_firmwarexps_14_9440_firmwareinspiron_7500_firmwareoptiplex_5400_all-in-one_firmwarechengming_3911vostro_15_5510_firmwarevostro_3710inspiron_7306_2-in-1latitude_5540_firmwareprecision_5480_firmwareoptiplex_tower_plus_7010g15_5510latitude_7440latitude_9420_firmwareinspiron_14_5410precision_3470precision_7770_firmwareinspiron_14_7430_2-in-1precision_3551inspiron_14_5420precision_7680precision_5560_firmwareoptiplex_5490_all-in-onelatitude_7330_rugged_laptop_firmwarevostro_3020_tower_desktopoptiplex_5000_tower_firmwareinspiron_15_3530inspiron_16_7610latitude_5410_firmwarealienware_x16_r1inspiron_7700_all-in-one_firmwareoptiplex_7000_xe_microinspiron_27_7710_all-in-one_firmwareprecision_5470_firmwareprecision_7960_towerlatitude_9410inspiron_16_5620_firmwareg7_7700_firmwarevostro_16_5630g7_7500_firmwarelatitude_3340_firmwareinspiron_13_5330_firmwarevostro_15_7510inspiron_7501_firmwareoptiplex_5090_tower_firmwareinspiron_14_5440inspiron_14_plus_7430_firmwareprecision_5860_tower_firmwareoptiplex_3280_all-in-one_firmwarelatitude_5521_firmwareoptiplex_3000_microinspiron_7500optiplex_all-in-one_7410_firmwarexps_17_9720_firmwarevostro_13_5310_firmwarelatitude_3450_firmwareprecision_5760_firmwarealienware_m15_r6_firmwarechengming_3910_firmwareinspiron_16_plus_7620_firmwareoptiplex_5090_small_form_factor_firmwareoptiplex_7080latitude_3120precision_7865_tower_firmwareprecision_3550_firmwarelatitude_3430_firmwareinspiron_14_5418inspiron_15_5510vostro_5301_firmwarevostro_15_3530inspiron_14_7440_2-in-1optiplex_micro_plus_7010precision_5560precision_5680vostro_7500g16_7630_firmwareoptiplex_5000_towerinspiron_24_5420_all-in-oneoptiplex_7000_xe_micro_firmwareprecision_5770inspiron_15_3530_firmwareinspiron_14_7430_2-in-1_firmwareoptiplex_5090_micro_firmwareprecision_5860_towerinspiron_14_5430_firmwareoptiplex_small_form_factor_plus_7010_firmwareinspiron_3910_firmwarelatitude_5330_firmwareoptiplex_5480_all-in-one_firmwareg15_5530optiplex_xe4_tower_firmwarelatitude_7320alienware_m15_r6xps_13_plus_9320inspiron_13_5310_firmwareprecision_3560_firmwareprecision_3581_firmwarexps_15_9520latitude_3450xps_17_9710_firmwarexps_15_9530_firmwareprecision_7960_tower_firmwareprecision_3561_firmwareprecision_3440_firmwareprecision_7875_towerprecision_3450_firmwareprecision_3260_xe_compactvostro_3020_tower_desktop_firmwarelatitude_3120_firmwareinspiron_5509xps_13_plus_9320_firmwareoptiplex_3000_micro_firmwareoptiplex_7090_ultra_firmwarevostro_5620_firmwareinspiron_15_7510alienware_x14_r2vostro_3030sxps_13_9310_2-in-1_firmwareprecision_3650_toweroptiplex_3000_thin_clientprecision_3260_compactprecision_7875_tower_firmwarelatitude_5340precision_3260_compact_firmwarevostro_5880optiplex_5000_micro_firmwareinspiron_27_7720_all-in-oneinspiron_7700_all-in-oneinspiron_3020_small_desktopinspiron_14_7440_2-in-1_firmwareinspiron_5401_firmwarevostro_5320_firmwarelatitude_5310_2-in-1inspiron_16_5640_firmwareprecision_3640_firmwarevostro_3890chengming_3991optiplex_3080_firmwareinspiron_3501optiplex_xe4_towerinspiron_3880_firmwareinspiron_5401_aioinspiron_16_5640latitude_5411latitude_5430latitude_7210_2-in-1inspiron_14_5430latitude_7320_detachable_firmwarexps_17_9730optiplex_5490_all-in-one_firmwarelatitude_7420_firmwarelatitude_5510_firmwareinspiron_24_5420_all-in-one_firmwarexps_13_9340inspiron_16_7620_2-in-1_firmwareinspiron_16_5630g16_7620_firmwareprecision_5480latitude_7230_rugged_extreme_firmwarevostro_3690_firmwareprecision_3571precision_7865_towerprecision_7560_firmwareprecision_5750_firmwarelatitude_3530_firmwareoptiplex_7000_microxps_13_9305latitude_7530_firmwarevostro_15_3530_firmwareinspiron_14_7420_2-in-1latitude_5510latitude_5310_2-in-1_firmwareoptiplex_7400_all-in-oneinspiron_15_7510_firmwareinspiron_16_plus_7640latitude_5320_firmwareprecision_5750inspiron_14_5440_firmwarelatitude_3520_firmwareinspiron_14_plus_7430vostro_3881_firmwareinspiron_7706_2-in-1optiplex_3000_small_form_factor_firmwareprecision_3561latitude_5530_firmwarelatitude_5511precision_3260_xe_compact_firmwareprecision_7780_firmwarevostro_5301precision_5680_firmwarevostro_15_3510_firmwarevostro_5880_firmwareprecision_5550_firmwareoptiplex_7780_all-in-one_firmwareinspiron_16_plus_7630_firmwarealienware_x16_r1_firmwareoptiplex_5000_small_form_factor_firmwareoptiplex_7090_tower_firmwareoptiplex_7480_all-in-onelatitude_9430_firmwarelatitude_3540_firmwareprecision_3571_firmwarexps_14_9440latitude_9430inspiron_7706_2-in-1_firmwareg5_5500_firmwarevostro_15_3520_firmwarechengming_3910inspiron_16_7630_2-in-1optiplex_5000_microlatitude_3440_firmwareoptiplex_7000_small_form_factorinspiron_5409_firmwarevostro_14_3440_firmwareinspiron_7400_firmwareinspiron_14_5420_firmwarelatitude_7320_firmwareprecision_3240_compact_firmwareoptiplex_3080optiplex_small_form_factor_7010_firmwarevostro_3890_firmwareprecision_5760latitude_3420optiplex_7000_small_form_factor_firmwarechengming_3991_firmwareoptiplex_7090_ultraprecision_3560latitude_3330_firmwareoptiplex_7080_firmwareg15_5520latitude_3440latitude_5440_firmwarevostro_3910vostro_5620inspiron_16_plus_7620inspiron_3880inspiron_7506_2-in-1inspiron_5400_firmwareinspiron_16_5630_firmwarexps_13_9315inspiron_15_5510_firmwareprecision_3580_firmwareprecision_3660latitude_3330latitude_7640_firmwarelatitude_3340latitude_5430_firmwarexps_13_9305_firmwarelatitude_3320inspiron_14_plus_7440vostro_5402_firmwareprecision_7680_firmwarevostro_13_5310latitude_5420_firmwareinspiron_7501alienware_x16_r2optiplex_tower_plus_7010_firmwarevostro_3500precision_7750latitude_7330_rugged_laptopvostro_16_5640vostro_7620precision_3480_firmwarelatitude_5531chengming_3990inspiron_14_plus_7420xps_9315_2-in-1_firmwareoptiplex_5400_all-in-oneinspiron_15_3520_firmwarelatitude_3410_firmwarevostro_14_3420_firmwareinspiron_5301_firmwareinspiron_16_plus_7640_firmwareinspiron_3881precision_3570inspiron_16_5620latitude_5410latitude_5440inspiron_24_5410_all-in-one_firmwareoptiplex_5000_small_form_factoralienware_x14_r2_firmwareoptiplex_3090_firmwarelatitude_9520_firmwarelatitude_3420_firmwareoptiplex_5090_microinspiron_5406_2-in-1_firmwarevostro_3681vostro_15_3510inspiron_16_plus_7630optiplex_5480_all-in-onevostro_16_5640_firmwarelatitude_5540vostro_5890_firmwarelatitude_7520_firmwarevostro_3030s_firmwarelatitude_7640precision_3580xps_17_9700precision_3650_tower_firmwareg15_5510_firmwarealienware_m16_r1_firmwarelatitude_3540latitude_5520latitude_5431_firmwarelatitude_7230_rugged_extremelatitude_7210_2-in-1_firmwarelatitude_5431g15_5511inspiron_13_5310inspiron_24_5411_all-in-onexps_15_9530latitude_5310precision_7770g3_3500_firmwarevostro_16_5630_firmwarelatitude_3520inspiron_24_5411_all-in-one_firmwarevostro_3681_firmwareoptiplex_7090_toweroptiplex_3000_thin_client_firmwarevostro_5502inspiron_16_7640_2-in-1_firmwareinspiron_3501_firmwarelatitude_7430_firmwareoptiplex_7480_all-in-one_firmwarexps_17_9710inspiron_24_5410_all-in-oneoptiplex_7780_all-in-oneoptiplex_small_form_factor_plus_7010latitude_3430latitude_7410latitude_5310_firmwareprecision_3460_small_form_factor_firmwareinspiron_15_3520inspiron_16_7630_2-in-1_firmwareoptiplex_tower_7010precision_3570_firmwareCPG BIOSlatitude_5340xps_17_9730latitude_9330precision_3660inspiron_5509vostro_15_3530g7_7700vostro_5502g5_5500latitude_9440_2in1inspiron_13_5330inspiron_5402inspiron_3030slatitude_5310latitude_9430inspiron_7700_aiolatitude_7420optiplex_micro_7010optiplex_tower_7010g7_7500inspiron_5409g16_7620inspiron_5400g15_5530alienware_15_r6precision_3580precision_5770latitude_7340optiplex_small_form_factor_7010latitude_9420vostro_5301alienware_16_r1latitude_5531alienware_18_r1precision_3440inspiron_5502precision_3581vostro_5402latitude_5540alienware_14_r2vostro_5880xps_17_9700inspiron_15_3530xps_9315_2in1inspiron_7400precision_5750latitude_5310_2_in_1inspiron_7300g3_3500latitude_7520precision_5570latitude_5330precision_3571inspiron_5401vostro_3030sg15_5511inspiron_5301latitude_7320vostro_14_3430
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-48356
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.73%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 02:44
Updated-20 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-t770t616androidt610t612s8000t310t760t820sc9832esc9863asc7731et606t618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-48357
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.73%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 02:44
Updated-20 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vsp driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-t770t616androidt610t612s8000t310t760t820sc9832esc9863asc7731et606t618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-48342
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.44%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 02:44
Updated-20 Jun, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In media service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-t770t616androidt610t612s8000t310t760t820sc9832esc9863asc7731et606t618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-48359
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.41%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 02:44
Updated-20 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In autotest driver, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with System execution privileges needed

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-t770t616androidt610t612s8000t310t760t820sc9832esc9863asc7731et606t618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-48358
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.73%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 02:44
Updated-20 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In drm driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-t770t616androidt610t612s8000t310t760t820sc9832esc9863asc7731et606t618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-48355
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.73%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 02:44
Updated-20 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-t770t616androidt610t612s8000t310t760t820sc9832esc9863asc7731et606t618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-42751
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 2.08%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 00:54
Updated-11 Oct, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616androidt610t770t612t606s8000sc9832et760sc7731esc9863at618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-42750
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 2.83%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 09:08
Updated-05 Sep, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616androidt610t770t612t606s8000sc9832et760sc7731esc9863at618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-42682
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.40%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 00:54
Updated-28 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In gsp driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616t770t610androidt612t606s8000sc9832et760sc7731esc9863at618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-42729
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 2.08%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 00:54
Updated-11 Oct, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616androidt610t770t612t606s8000sc9832et760sc7731esc9863at618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-42727
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 3.20%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 00:54
Updated-02 Aug, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In gpu driver, there is a possible out of bounds write due to a incorrect bounds check. This could lead to local denial of service with System execution privileges needed

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616androidt610t770t612t606s8000t760sc9863at618SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-42679
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.31%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 00:54
Updated-02 Aug, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616androidt610t770t612t606s8000t760sc9863at618SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-38467
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.32%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 01:16
Updated-01 Oct, 2024 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In urild service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616androidt610t770t612t606s8000sc9832et760sc7731esc9863at618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-40652
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.35%
||
7 Day CHG~0.00%
Published-08 Oct, 2023 | 03:36
Updated-19 Sep, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In jpg driver, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with System execution privileges needed

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-androidt612t616t606T606/T612/T616
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3611
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 1.95%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 15:23
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.

Action-Not Available
Vendor-n/aQEMURed Hat, Inc.
Product-qemuenterprise_linuxQEMU
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-38468
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.34%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 01:16
Updated-30 Sep, 2024 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In urild service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616androidt610t770t612t606s8000sc9832et760sc7731esc9863at618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-40651
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.65%
||
7 Day CHG~0.00%
Published-08 Oct, 2023 | 03:36
Updated-19 Sep, 2024 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In urild service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616androidt610t770t612t606s8000sc9832et760sc7731esc9863at618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3638
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 0.83%
||
7 Day CHG~0.00%
Published-03 Mar, 2022 | 00:00
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

Action-Not Available
Vendor-n/aQEMUFedora Project
Product-qemufedoraQEMU
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3569
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 32.98%
||
7 Day CHG~0.00%
Published-03 Jun, 2021 | 11:05
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS (bad memory access) and termination of swtpm. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-libtpms_projectn/aRed Hat, Inc.
Product-enterprise_linuxlibtpmslibtpms
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-11835
Matching Score-4
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Matching Score-4
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.20%
||
7 Day CHG~0.00%
Published-31 Dec, 2020 | 17:59
Updated-04 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_da9313.c, failure to check the parameter buf in the function proc_work_mode_write in proc_work_mode_write causes a vulnerability.

Action-Not Available
Vendor-oppon/a
Product-find_x2_proreno3_proreno3_pro_firmwarefind_x2_pro_firmwareOPPO Find X2
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-33897
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.70%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 08:32
Updated-06 Jan, 2025 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libimpl-ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616androidt610t770t612t606s8006sc9832et760sc7731esc9863at618SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8006
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-33896
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.89%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 08:32
Updated-08 Nov, 2024 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libimpl-ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616androids8005t610t612t606t770sc9832et760sc7731esc9863at618SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8005
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-33905
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 0.89%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 08:32
Updated-27 Nov, 2024 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In iwnpi server, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616androidt610t770t612t606s8000sc9832et760sc7731esc9863at618SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-6501
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 32.70%
||
7 Day CHG~0.00%
Published-17 Mar, 2019 | 16:51
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.

Action-Not Available
Vendor-n/aQEMUFedora Project
Product-qemufedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-5176
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.61%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 23:24
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x40 is overflowed with the call to sprintf() for any gateway values that are greater than 512-len(‘/etc/config-tools/config_default_gateway number=0 state=enabled value=‘) in length. A gateway value of length 0x7e2 will cause the service to crash.

Action-Not Available
Vendor-wagoWago
Product-pfc200pfc200_firmwareWAGO PFC200
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5177
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 38.83%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 23:25
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). The destination buffer sp+0x440 is overflowed with the call to sprintf() for any domainname values that are greater than 1024-len(‘/etc/config-tools/edit_dns_server domain-name=‘) in length. A domainname value of length 0x3fa will cause the service to crash.

Action-Not Available
Vendor-wagoWago
Product-pfc200pfc200_firmwareWAGO PFC200
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5182
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.61%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 22:09
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x440 is overflowed with the call to sprintf() for any type values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled config-type=‘) in length. A type value of length 0x3d9 will cause the service to crash.

Action-Not Available
Vendor-wagoWago
Product-pfc200pfc200_firmwareWAGO PFC200
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-3701
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.08% / 24.16%
||
7 Day CHG-0.01%
Published-03 Jan, 2019 | 16:00
Updated-04 Aug, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxlinux_kerneln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18391
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 5.52%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 00:00
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.

Action-Not Available
Vendor-virglrenderer_projectn/aDebian GNU/LinuxRed Hat, Inc.openSUSE
Product-virglrendererdebian_linuxleapenterprise_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18820
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 33.38%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 20:43
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eximious Logo Designer 3.82 has Heap Corruption starting at ntdll!RtlpNtMakeTemporaryKey+0x0000000000001a78.

Action-Not Available
Vendor-eximioussoftn/a
Product-logo_designern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18819
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 33.38%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 20:43
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eximious Logo Designer 3.82 has a User Mode Write AV starting at ExiVectorRender!StrokeText_Blend+0x00000000000003a7.

Action-Not Available
Vendor-eximioussoftn/a
Product-logo_designern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-0161
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 28.83%
||
7 Day CHG~0.00%
Published-27 Mar, 2019 | 19:23
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.

Action-Not Available
Vendor-tianocoreExtensible Firmware Interface Development Kit (EDK II)
Product-edk_iiExtensible Firmware Interface Development Kit (EDK II)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34397
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-1.9||LOW
EPSS-0.06% / 18.71%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 21:25
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xavier_32gbjetson_tx2_4gbjetson_tx2_nxjetson_tx2jetson_tx2ijetson_agx_xavier_16gbjetson_linuxjetson_agx_xavier_8gbjetson_xavier_nxNVIDIA Jetson TX2 series, TX2 NX, AGX Xavier series, Xavier NX
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-28686
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.47%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 10:19
Updated-03 Aug, 2024 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to trigger a stack-based buffer overflow. This could enable low-privileged users to achieve Denial of Service via a DeviceIoControl.

Action-Not Available
Vendor-n/aASUS (ASUSTeK Computer Inc.)
Product-gputweak_iin/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-39427
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.1||MEDIUM
EPSS-0.02% / 2.82%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 08:40
Updated-27 Aug, 2024 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616androidt610t770t612t606s8000sc9832et760sc7731esc9863at618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-3989
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-3.3||LOW
EPSS-0.04% / 9.69%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 16:17
Updated-04 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-workstation_playerhorizon_clientworkstation_proVMware Workstation and Horizon Client for Windows
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-36429
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.86%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 06:47
Updated-04 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Variant_encodeJson in open62541 1.x before 1.0.4 has an out-of-bounds write for a large recursion depth.

Action-Not Available
Vendor-open62541n/a
Product-open62541n/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found