Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-27242

Summary
Assigner-zdi
Assigner Org ID-99f1926a-a320-47d8-bbb5-42feb611262e
Published At-29 Mar, 2021 | 21:05
Updated At-03 Aug, 2024 | 20:48
Rejected At-
Credits

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11926.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:zdi
Assigner Org ID:99f1926a-a320-47d8-bbb5-42feb611262e
Published At:29 Mar, 2021 | 21:05
Updated At:03 Aug, 2024 | 20:48
Rejected At:
▼CVE Numbering Authority (CNA)

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11926.

Affected Products
Vendor
Parallels International GmbhParallels
Product
Desktop
Versions
Affected
  • 16.0.1-48919
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787: Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787: Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.08.8HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Ezrak1e
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.parallels.com/en/125013
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-209/
x_refsource_MISC
Hyperlink: https://kb.parallels.com/en/125013
Resource:
x_refsource_MISC
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-21-209/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.parallels.com/en/125013
x_refsource_MISC
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-21-209/
x_refsource_MISC
x_transferred
Hyperlink: https://kb.parallels.com/en/125013
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-21-209/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:zdi-disclosures@trendmicro.com
Published At:29 Mar, 2021 | 21:15
Updated At:27 Sep, 2022 | 17:53

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11926.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Secondary3.08.8HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Parallels International Gmbh
parallels
>>parallels_desktop>>16.0.1
cpe:2.3:a:parallels:parallels_desktop:16.0.1:*:*:*:*:macos:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primaryzdi-disclosures@trendmicro.com
CWE-787Secondarynvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: zdi-disclosures@trendmicro.com
CWE ID: CWE-787
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://kb.parallels.com/en/125013zdi-disclosures@trendmicro.com
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-209/zdi-disclosures@trendmicro.com
Third Party Advisory
VDB Entry
Hyperlink: https://kb.parallels.com/en/125013
Source: zdi-disclosures@trendmicro.com
Resource:
Vendor Advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-21-209/
Source: zdi-disclosures@trendmicro.com
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

486Records found
CVE-2024-23497
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.04% / 10.73%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 13:45
Updated-12 Sep, 2024 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ethernet_800_series_controllers_driverIntel(R) Ethernet Network Controllers and Adaptersethernet_complete_driver_pack
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-13166
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.37%
||
7 Day CHG~0.00%
Published-06 Dec, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-17259
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.84%
||
7 Day CHG~0.00%
Published-08 Oct, 2019 | 11:14
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_new+0x000000000014d6ee.

Action-Not Available
Vendor-n/aPandora TV Co., Ltd.
Product-kmplayern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21813
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.90%
||
7 Day CHG~0.00%
Published-13 Aug, 2021 | 22:40
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflow.

Action-Not Available
Vendor-attn/a
Product-xmillAT&T
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-20194
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 29.21%
||
7 Day CHG~0.00%
Published-23 Feb, 2021 | 22:33
Updated-03 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.
Product-openshift_container_platformenterprise_linuxlinux_kernelkernel
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1099
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7||HIGH
EPSS-0.18% / 39.34%
||
7 Day CHG~0.00%
Published-21 Jul, 2021 | 02:55
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) that could allow an attacker to cause stack-based buffer overflow and put a customized ROP gadget on the stack. Such an attack may lead to information disclosure, data tampering, or denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).

Action-Not Available
Vendor-NVIDIA Corporation
Product-virtual_gpuNVIDIA Virtual GPU Software
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1028
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.78%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 18:06
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193034683

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0464
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.25%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 16:18
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In sound_trigger_event_alloc of platform.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-167663878

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0540
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.83%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 11:02
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In halWrapperDataCallback of hal_wrapper.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169328517

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0658
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.08%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 14:57
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672107.

Action-Not Available
Vendor-n/aGoogle LLCMediaTek Inc.
Product-mt6873mt6893androidmt6885mt6875mt8797mt6889mt8791mt6877mt8195mt6891mt6883MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0896
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.08%
||
7 Day CHG~0.00%
Published-17 Dec, 2021 | 16:10
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05671206.

Action-Not Available
Vendor-n/aGoogle LLCMediaTek Inc.
Product-mt6873mt6893androidmt6885mt6875mt8797mt6889mt8791mt6877mt8195mt6891mt6883MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-1106
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.37%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 21:32
Updated-03 Aug, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where writes may be allowed to read-only buffers, which may result in escalation of privileges, complete denial of service, unconstrained information disclosure, and serious data tampering of all processes on the system.

Action-Not Available
Vendor-NVIDIA Corporation
Product-jetson_agx_xaviershield_experiencejetson_tx2_nxjetson_tx2jetson_linuxjetson_tx1shield_tvjetson_nano_2gbjetson_nanojetson_xavier_nxJetson AGX Xavier series, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX, Jetson Nano, Jetson Nano 2GB, Jetson TX1Shield TV
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0427
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.25%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 18:23
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174488848

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2867
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-8.2||HIGH
EPSS-0.08% / 25.25%
||
7 Day CHG~0.00%
Published-23 Jul, 2019 | 22:31
Updated-15 Oct, 2024 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-openSUSEOracle Corporation
Product-vm_virtualboxleapVM VirtualBox
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0359
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 3.38%
||
7 Day CHG~0.00%
Published-02 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In netdiag, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05442011.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0573
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.67%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 18:28
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187231635

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0457
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.07%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 16:15
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the FingerTipS touch screen driver, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157155375

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0576
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.67%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 18:28
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In flv extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187236084

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0353
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.75%
||
7 Day CHG~0.00%
Published-02 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In kisd, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05425247.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0439
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.93%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 18:22
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In setPowerModeWithHandle of com_android_server_power_PowerManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174243830

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0574
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.67%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 18:28
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187234876

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0903
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.08%
||
7 Day CHG~0.00%
Published-17 Dec, 2021 | 16:10
Updated-03 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656488.

Action-Not Available
Vendor-n/aGoogle LLCMediaTek Inc.
Product-mt6873mt6893androidmt6885mt6875mt8797mt6889mt8791mt6877mt8195mt6891mt6883MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8791, MT8797
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0370
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.83%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 15:54
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Write of NxpMfcReader.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169259605

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0456
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.40%
||
7 Day CHG~0.00%
Published-10 Mar, 2021 | 16:15
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174769927

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0301
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 2.08%
||
7 Day CHG~0.00%
Published-11 Jan, 2021 | 21:48
Updated-03 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android SoC; Android ID: A-172514667.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0116
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.15%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 22:04
Updated-05 May, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.

Action-Not Available
Vendor-n/aNetApp, Inc.Intel Corporation
Product-xeon_e-2286gcore_i7-7700t_firmwarecore_i3-10100core_i7-8850h_firmwarecore_i5-1038ng7core_i9-7900xcore_i5-11400core_i7-10710u_firmwarexeon_e-2174g_firmwarexeon_d-1633ncore_i9-11900_firmwarexeon_w-1270p_firmwarexeon_d-2173it_firmwarexeon_d-2145nt_firmwarexeon_platinum_8153xeon_e-2246gcore_i9-9960xcore_i5-6350hqcore_i3-6300txeon_w-2123core_i7-9700k_firmwarecore_i5-8500t_firmwarecore_i3-9300t_firmwarecore_i5-11260hxeon_e-2236xeon_platinum_8280_firmwarexeon_e-2374g_firmwarexeon_w-1270exeon_silver_4209t_firmwarecore_i5-6500tcore_i5-7500core_i5-6260uxeon_bronze_3104_firmwarecore_i9-9900kf_firmwarecore_i5-7440hqxeon_gold_6142fatom_c3758core_i7-8709gcore_i9-11900kfxeon_gold_6230txeon_silver_4210rxeon_w-1270xeon_e-2254me_firmwarecore_i5-8200ycore_i5-10500t_firmwarecore_i5-9400t_firmwarecore_i7-8809g_firmwarecore_i5-8260ucore_i5-11400fxeon_gold_6226r_firmwarexeon_silver_4116_firmwarecore_i5-7287u_firmwarecore_i9-10900xxeon_gold_6256_firmwarecore_m7-6y75xeon_w-3335xeon_w-11555mrecore_i5-10500hcore_i7-6800k_firmwarecore_i5-10600kfcore_i5-1035g1_firmwarexeon_w-2123_firmwarexeon_e-2146gxeon_silver_4112xeon_gold_6140core_i5-11500he_firmwarecore_i5-8210y_firmwarecore_i7-6650u_firmwarecore_i3-10100exeon_w-3365_firmwarexeon_platinum_8168_firmwarecore_i7-10700kf_firmwarexeon_e-2286g_firmwareatom_c3538core_i7-9700txeon_gold_6238core_i5-7600tcore_i7-4820katom_c3508xeon_w-2195_firmwarexeon_platinum_8256xeon_w-2275_firmwarexeon_gold_6130fxeon_e-2276mxeon_d-2163itcore_i3-1120g4core_i7-3930kcore_i5-11400hxeon_w-2235_firmwarexeon_d-1623nxeon_gold_6230n_firmwarecore_i7-10810ucore_i3-10300tcore_i3-8100xeon_gold_6140_firmwarecore_i5-1130g7core_i7-6560u_firmwarexeon_e-2378g_firmwarecore_i9-11900core_i5-6585rxeon_gold_6144xeon_platinum_8160f_firmwarecore_i5-9600kxeon_gold_5218r_firmwarecore_i3-7100core_m5-6y54core_i7-7600u_firmwarexeon_gold_5118core_i7-9700kf_firmwarecore_i5-1145g7core_i5-9300hcore_i5-10500exeon_silver_4214y_firmwarecore_i9-10850kcore_i5-6600t_firmwarecore_i5-8500bcore_i3-7100e_firmwarexeon_d-2143itxeon_silver_4209txeon_e-2226gecore_i5-8250u_firmwarecore_i7-7820hk_firmwarexeon_w-1390_firmwarexeon_gold_6212uxeon_w-2175_firmwarecore_i5-6600core_i3-8100hcore_i3-7300t_firmwarecore_i9-11900fcore_i7-9700f_firmwarexeon_d-2177nt_firmwarecore_i7-3930k_firmwarecore_i9-10920xcore_i9-11950hxeon_gold_6138pcore_i7-6500u_firmwarecore_i3-8130u_firmwarecore_i5-10310ucore_i7-6950x_firmwarecore_i7-8557ucore_i3-6320core_i3-8350k_firmwarecore_i9-9820x_firmwarecore_i3-1115gre_firmwarecore_i5-6440eqcore_i5-1030g7xeon_d-1602_firmwarecore_i9-10980hkxeon_w-11155mlexeon_d-1559_firmwarecore_i7-10700k_firmwarecore_i3-10305_firmwarexeon_e-2274gcore_i3-7100u_firmwarecore_i3-10325_firmwarexeon_gold_6138t_firmwarecore_i7-10510y_firmwarecore_i7-11800h_firmwarecore_i7-1060g7_firmwarecore_i5-6287uxeon_w-3323core_i7-8500yxeon_platinum_8276_firmwarecore_i7-1068ng7_firmwarecore_i5-7400_firmwarecore_i3-1110g4_firmwarexeon_w-2133_firmwarecore_i7-6700te_firmwareatom_c3808core_i5-9600xeon_gold_6134xeon_w-3375core_i5-8600tcore_i5-7200u_firmwarexeon_gold_6258r_firmwarecore_i3-10320_firmwarexeon_gold_5218bxeon_e-2288gxeon_w-1370pcore_i7-7500uxeon_e-2274g_firmwarexeon_gold_6148f_firmwarexeon_gold_5218rxeon_e-2124g_firmwarexeon_w-2235xeon_w-3175xxeon_w-3225core_i3-7101tecore_i7-7700xeon_d-1540core_i3-11100hexeon_gold_6246r_firmwarecore_i5-6440eq_firmwarexeon_gold_6246rcore_i5-7300hqxeon_d-1513ncore_i5-10505_firmwareatom_c3558_firmwarecore_i9-9900xcore_i9-9900t_firmwarecore_i5-9600_firmwarecore_i7-9700ecore_i9-11900kf_firmwarexeon_e-2254mexeon_platinum_8260l_firmwarecore_i7-8500y_firmwarecore_i7-6700t_firmwarecore_i7-6700tcore_i5-6442eq_firmwarexeon_w-3235_firmwarexeon_platinum_9222atom_c3336_firmwarecore_i3-10105tcore_i3-8100h_firmwarecore_i7-10510u_firmwarecore_i7-6820hk_firmwarecore_i7-7700_firmwarecore_i3-1000g4core_i3-7100t_firmwarecore_i9-10900kfcore_i3-9100hlcore_i7-11390h_firmwarecore_i9-9980hk_firmwareatom_c3858xeon_e-2144gxeon_gold_5119t_firmwarecore_i5-8300h_firmwarexeon_w-11555mlecore_i5-8279u_firmwarecore_i5-8500b_firmwarecore_i3-6102exeon_w-1390txeon_silver_4216core_i5-1140g7core_i7-11700kfcore_i7-10610ucore_i7-6770hqxeon_platinum_8276lxeon_gold_6138tcore_i7-7740xcore_i7-7y75xeon_e-2124gatom_c3850core_i5-11500txeon_platinum_9221_firmwarecore_i7-4930kcore_i7-11600h_firmwarecore_i5-9400core_i5-11400h_firmwarecore_i7-6600uatom_c3508_firmwarexeon_gold_6138core_i7-1185grexeon_gold_6146_firmwarecore_i5-8500_firmwarexeon_d-1557core_i5-1145gre_firmwareatom_c3436lcore_i3-10105f_firmwarexeon_w-3245mxeon_d-1637_firmwarexeon_w-11555mle_firmwarecore_i5-7300hq_firmwarexeon_w-1350atom_c3708core_i7-6500ucore_i5-1035g1xeon_w-3345_firmwarecore_i7-11850hxeon_w-1290xeon_e-2314_firmwarecore_i3-10110ucore_i7-8665u_firmwarecore_i7-8086k_firmwarexeon_w-2223_firmwarexeon_gold_6234atom_c3336xeon_gold_6142f_firmwarecore_i3-10100y_firmwarecore_i7-7567u_firmwarecore_i3-9100e_firmwarexeon_gold_6130_firmwarecore_i5-7442eq_firmwarexeon_gold_6136_firmwarexeon_gold_6252n_firmwarecore_i7-4930mxxeon_w-1250core_i9-10900core_i7-1065g7_firmwarexeon_silver_4116t_firmwarecore_i5-7360ucore_i5-1145g7_firmwarecore_i5-7300ucore_i7-11375h_firmwarexeon_silver_4109t_firmwarecore_i5-6600tcore_i5-6500t_firmwarecore_i3-7100h_firmwarecore_i7-8565ucore_i9-10940x_firmwarecore_i7-6600u_firmwarexeon_silver_4110xeon_bronze_3206r_firmwarexeon_w-3323_firmwarecore_i7-7700kxeon_platinum_8176core_i5-11500h_firmwarecore_i3-10100fcore_i9-9900_firmwarexeon_gold_5217core_i7-6850kcore_i7-9750hf_firmwarexeon_gold_5120tcore_i7-6870hq_firmwarexeon_gold_6210ucore_i5-7200uxeon_gold_5115xeon_d-1548_firmwarecore_i7-9700fcore_i5-8265u_firmwarecore_i7-6820hqcore_i5-10210ucore_i3-7300_firmwarexeon_w-11155mre_firmwarecore_i7-7740x_firmwarecore_i5-8400bcore_i3-7100hxeon_gold_5215core_i3-6100uxeon_bronze_3106_firmwarecore_i5-10400t_firmwarecore_i9-9900kscore_i5-6350hq_firmwarexeon_d-1531_firmwarexeon_d-1527_firmwarecore_i9-7920xxeon_d-1633n_firmwarecore_i9-7960x_firmwarecore_i5-11600kxeon_d-1513n_firmwarecore_i9-8950hkcore_i5-6360uxeon_gold_6126_firmwarecore_i5-10600tcore_i5-10600kf_firmwarexeon_w-1290_firmwarecore_i5-7640xxeon_w-3275mcore_i5-9500te_firmwarecore_i7-7700k_firmwarexeon_e-2386g_firmwarexeon_e-2176m_firmwarexeon_gold_6250lxeon_gold_6209ucore_i9-10900e_firmwarexeon_e-2278g_firmwarecore_i9-9920xxeon_d-2146nt_firmwarecore_i7-7660uxeon_e-2278gel_firmwarexeon_platinum_8158xeon_d-1518_firmwarecore_i7-7700hqcore_i7-6820hq_firmwarexeon_e-2244g_firmwarecore_i3-1120g4_firmwarecore_i7-6900k_firmwarexeon_e-2236_firmwarexeon_gold_6238l_firmwarecore_i5-6402pcore_m3-7y30core_i5-8269u_firmwarexeon_w-11155mrecore_i3-6100t_firmwarexeon_w-2135xeon_gold_6252core_i5-1140g7_firmwarecore_i7-11700kxeon_e-2276mlxeon_silver_4214rcore_i9-10920x_firmwarecore_i3-7101e_firmwarecore_i9-9880h_firmwarexeon_silver_4210r_firmwarecore_i7-6700hqcore_i7-5820k_firmwarecore_i3-8300core_i5-6500_firmwarecore_i3-7102e_firmwarexeon_e-2334_firmwarexeon_gold_6230rxeon_e-2276me_firmwarecore_i5-8400txeon_gold_6132_firmwarexeon_silver_4116txeon_w-1370p_firmwarecore_i5-11600kf_firmwarecore_i7-1065g7core_i7-9800xxeon_silver_4208xeon_e-2136_firmwarexeon_w-1270_firmwarexeon_gold_6210u_firmwarecore_i5-1130g7_firmwarecore_i7-6660u_firmwarexeon_gold_6126txeon_silver_4116fas\/aff_biosxeon_w-1250ecore_i5-8257u_firmwarecore_i5-1038ng7_firmwarexeon_platinum_8160fcore_i3-6100te_firmwarecore_i9-11900h_firmwarecore_i7-6567ucore_i5-9400f_firmwarecore_i7-8706g_firmwarexeon_gold_5215lcore_i5-7287uxeon_gold_6154_firmwarexeon_e-2146g_firmwarecore_i7-3970xxeon_gold_6126f_firmwarecore_i7-3960xxeon_platinum_8253_firmwarecore_i5-6600_firmwarexeon_e-2126g_firmwarecore_i5-1135g7_firmwarecore_i5-9600t_firmwarexeon_w-1350p_firmwarecore_i7-10610u_firmwarecore_i5-10500e_firmwarecore_i5-1145grexeon_w-3265mxeon_gold_6240lxeon_d-1529_firmwarexeon_gold_6248core_i5-11600k_firmwarexeon_e-2378_firmwarexeon_gold_6240l_firmwarexeon_platinum_8176f_firmwarecore_i3-8145ucore_i3-9300xeon_d-2173itcore_i7-7567ucore_i7-10870h_firmwarecore_i3-6098p_firmwarecore_i5-1155g7core_i3-9300tcore_i7-7820hqcore_i7-7820eqcore_i7-9700kxeon_platinum_8160tcore_i7-6920hq_firmwarexeon_gold_6252_firmwarecore_i7-3820xeon_e-2144g_firmwarecore_i7-10700te_firmwarecore_i7-10700ecore_i3-7320core_i7-3940xmxeon_gold_6126fcore_i5-6200u_firmwarecore_m5-6y57xeon_e-2388gcore_i7-9700te_firmwarexeon_platinum_8268xeon_e-2226gcore_i7-6700texeon_gold_6240rcore_i3-10100te_firmwarexeon_gold_6238_firmwarexeon_gold_6152_firmwarexeon_silver_4215rxeon_e-2278gcore_i9-10900ecore_i3-9100core_i5-8600core_i5-8250ucore_i9-11980hkxeon_w-3265core_m3-8100y_firmwarecore_i7-3940xm_firmwarecore_i5-10500tecore_i7-6700_firmwarecore_i7-7500u_firmwarecore_i5-10210y_firmwarecore_i7-8700k_firmwarecore_i3-6100texeon_gold_5119tcore_i7-8700bcore_i5-10500txeon_w-1250texeon_gold_6208ucore_i3-9100texeon_gold_6130f_firmwarecore_i5-9300hf_firmwarecore_m5-6y57_firmwareatom_c3338core_i5-11500t_firmwarecore_i3-6006u_firmwarexeon_gold_6242core_i7-10700kxeon_d-1627xeon_e-2186mcore_i3-8109u_firmwareatom_c3708_firmwarexeon_gold_6250_firmwarexeon_d-1623n_firmwarecore_i3-9350k_firmwarecore_i7-11370hcore_i5-7442eqcore_i7-8665uecore_i3-8130ucore_i3-7167ucore_i3-8300txeon_d-1528_firmwarecore_i5-11500hcore_i5-11600tatom_c3308_firmwarecore_i9-9900kxeon_gold_6240_firmwarecore_i7-5930kcore_i5-10400fcore_i7-1160g7core_i3-6157u_firmwarexeon_w-2265_firmwarexeon_e-2278ge_firmwarecore_i5-9400_firmwarexeon_gold_6226rxeon_bronze_3204xeon_w-1270e_firmwarexeon_e-2276m_firmwarecore_i3-7350k_firmwarexeon_d-1567core_i5-8400t_firmwarexeon_w-3365xeon_w-2135_firmwarexeon_gold_6142_firmwarecore_i7-9850hlatom_c3538_firmwarexeon_e-2286m_firmwarecore_i5-6300ucore_i5-8400hcore_m3-6y30core_i7-11850he_firmwarexeon_w-2175xeon_d-2141i_firmwarexeon_silver_4214r_firmwarexeon_silver_4108xeon_w-3335_firmwarecore_i3-10110ycore_i7-7820hkcore_i5-9300h_firmwarexeon_w-11855mxeon_gold_6240ycore_i3-6100xeon_gold_6238lxeon_w-1390xeon_gold_5218n_firmwarecore_i7-11700t_firmwarecloud_backupcore_i7-11700fcore_i7-8665ucore_m7-6y75_firmwarecore_i3-10305tcore_i3-9350kf_firmwarexeon_gold_6130t_firmwarecore_i7-5960x_firmwarexeon_w-1370_firmwarecore_i5-7440eq_firmwarexeon_d-1649n_firmwarecore_i3-8140ucore_i7-8086kcore_i5-7360u_firmwarecore_i3-8350kcore_i5-10600kxeon_gold_5222core_i7-10850hxeon_gold_6256core_i5-6360u_firmwarexeon_d-1523ncore_i3-1005g1_firmwarecore_i9-9900x_firmwarecore_i3-9100hl_firmwarecore_i5-10500te_firmwareatom_c3338rcore_i3-10300t_firmwarecore_i3-8100bcore_i3-6167ucore_i5-8279ucore_i3-10100f_firmwarexeon_gold_5118_firmwarecore_i5-8600kcore_i7-8700tcore_i3-7100_firmwarecore_i3-9320_firmwarexeon_d-1541xeon_d-1543n_firmwarexeon_d-1622xeon_gold_5222_firmwarecore_i5-6685r_firmwarecore_i7-8700t_firmwarecore_i5-6500te_firmwarecore_i5-1030g7_firmwarecore_i5-8600t_firmwarexeon_w-2223core_i7-6970hqcore_i7-1185g7e_firmwarexeon_gold_6238tatom_c3955core_i5-8500core_i5-11260h_firmwarecore_i5-9400h_firmwareatom_c3758r_firmwarecore_i5-10400f_firmwarecore_i7-6560ucore_i9-10980xe_firmwarexeon_gold_6240r_firmwarecore_i5-8257uxeon_gold_6212u_firmwarexeon_gold_6208u_firmwarecore_i7-8569ucore_i9-9900tcore_i7-10700t_firmwarecore_i5-6685ratom_c3558xeon_w-2133xeon_platinum_8260lxeon_e-2336_firmwarecore_i5-6287u_firmwarexeon_platinum_8270xeon_gold_6248r_firmwarecore_i5-8500txeon_gold_6132core_i7-4930k_firmwarexeon_w-11555mre_firmwarecore_i5-6400txeon_d-2166ntcore_i3-10305core_i7-9850he_firmwarecore_i3-6100h_firmwarexeon_w-1390pcore_i3-9100_firmwarecore_i7-6700core_i7-6820hkcore_i7-7560u_firmwarexeon_gold_6262vcore_i7-10710ucore_i5-10300hcore_i5-10210ycore_i7-1165g7_firmwarexeon_silver_4210_firmwarexeon_w-1270texeon_e-2224core_i9-9900ks_firmwarexeon_e-2124_firmwarexeon_gold_6238rxeon_silver_4110_firmwarexeon_platinum_8170core_i3-1125g4_firmwarexeon_e-2278gelxeon_d-1553ncore_i5-1030g4xeon_gold_6222v_firmwarecore_i9-10980hk_firmwarexeon_d-2166nt_firmwarecore_i5-10400_firmwarexeon_gold_6242r_firmwarexeon_w-2155core_i5-6600k_firmwarecore_i7-6700hq_firmwarexeon_platinum_8153_firmwarecore_i3-7102exeon_w-11155mle_firmwarexeon_silver_4216_firmwarecore_i3-1115g4e_firmwarexeon_gold_5122core_i9-10900k_firmwarexeon_gold_5215l_firmwareatom_c3758rxeon_w-2225_firmwarexeon_gold_6230core_i7-6870hqatom_c3950core_i3-9100exeon_silver_4109tcore_i3-7300xeon_d-1548core_i7-10510yxeon_bronze_3106core_i5-7y57_firmwarecore_i7-7820x_firmwarexeon_platinum_8260yxeon_e-2276ml_firmwarexeon_d-1653natom_c3338_firmwarecore_i9-10900_firmwarecore_i5-6300u_firmwarecore_i5-1155g7_firmwarexeon_gold_5218txeon_e-2374gxeon_e-2254ml_firmwarexeon_d-1557_firmwarecore_i5-9500t_firmwarexeon_gold_5218ncore_i7-8709g_firmwarexeon_d-2163it_firmwarexeon_w-2295_firmwarexeon_d-1531core_i7-10875h_firmwarexeon_e-2278gexeon_d-1533n_firmwarexeon_silver_4214yxeon_platinum_8156xeon_w-10855mxeon_d-2177ntcore_i7-6785r_firmwarexeon_w-3275_firmwarecore_i5-10600t_firmwarexeon_platinum_8270_firmwarecore_i7-11700k_firmwarecore_i5-10300h_firmwarexeon_w-3235core_i9-10900txeon_d-1571_firmwarexeon_e-2126gcore_i7-10700tecore_i9-10900kcore_i5-10600_firmwarexeon_gold_5220rxeon_w-11955mxeon_w-1290ecore_i5-10400tcore_i7-6820eq_firmwarecore_i7-1185g7core_i7-9700kfxeon_d-1541_firmwarexeon_w-1290te_firmwarexeon_platinum_9221xeon_d-2142itcore_i5-7600k_firmwarecore_i9-11980hk_firmwarexeon_platinum_9222_firmwarecore_i5-8305g_firmwarecore_i3-8100b_firmwarecore_i9-10900te_firmwarecore_i9-11900kcore_i3-8300t_firmwarexeon_gold_6150_firmwarecore_i3-7167u_firmwarecore_i7-10700_firmwarecore_i3-1005g1core_i7-1068ng7core_m3-6y30_firmwarecore_i7-1185gre_firmwarecore_i7-7820eq_firmwarexeon_d-1637core_i5-9400fcore_i5-11320h_firmwarexeon_d-1539_firmwarecore_i5-9500f_firmwarecore_i7-6800kcore_i7-7560uxeon_gold_5120core_i7-8550u_firmwarecore_i5-11600kfxeon_d-1602core_i5-8365uxeon_w-2245xeon_d-2145ntcore_i5-9600kfxeon_e-2288g_firmwarecore_i5-6267u_firmwarexeon_w-1250te_firmwarexeon_e-2224gcore_i5-8600_firmwarecore_i3-8100_firmwarecore_i5-8269ucore_i3-11100he_firmwarexeon_gold_6254_firmwarexeon_gold_5220_firmwarecore_i5-7600t_firmwarecore_i9-11900hcore_i7-9700t_firmwarecore_i7-1185g7ecore_i7-8665ue_firmwarecore_i7-4820k_firmwarecore_i7-7820hq_firmwarexeon_silver_4208_firmwarexeon_d-1521core_i3-8145uexeon_w-2155_firmwarecore_i5-8265ucore_i7-10700txeon_e-2246g_firmwarexeon_platinum_8170_firmwarecore_i9-9900kfcore_i5-6300hqcore_i5-6402p_firmwarexeon_silver_4114tcore_i7-10750hxeon_e-2226ge_firmwarexeon_gold_6134_firmwarecore_i7-1160g7_firmwarecore_i5-8400b_firmwarecore_i7-8706gcore_i7-5930k_firmwarecore_i7-11850h_firmwarecore_i3-6300core_i5-7400t_firmwarexeon_silver_4215xeon_gold_6230ncore_i5-8365u_firmwareatom_c3750xeon_platinum_8280l_firmwarecore_i7-1195g7core_i9-10885hcore_i5-7440eqcore_i5-9500_firmwarexeon_e-2386gcore_i3-9100t_firmwarecore_i7-1165g7core_i5-11400_firmwarexeon_gold_6242_firmwarecore_m3-7y32core_i7-11850hexeon_e-2134core_i7-10750h_firmwarexeon_w-1290tecore_i5-1145g7exeon_w-3265_firmwarexeon_d-2142it_firmwarecore_i7-8557u_firmwarecore_m3-7y32_firmwarexeon_w-11865mre_firmwarexeon_e-2176mxeon_gold_6230t_firmwarecore_i3-1000g1_firmwarexeon_gold_6130xeon_gold_5218_firmwarecore_i9-10900t_firmwarexeon_silver_4210txeon_w-3275m_firmwarecore_i5-11400f_firmwarexeon_gold_6138_firmwarecore_i9-11900k_firmwarexeon_e-2134_firmwarecore_i7-1185g7_firmwarexeon_gold_6136core_i7-1180g7_firmwarecore_i5-7267u_firmwarecore_i5-7640x_firmwarexeon_w-3245m_firmwarecore_i5-9600tcore_i9-11900t_firmwarexeon_e-2226g_firmwareatom_c3558rcore_i9-7960xxeon_w-1370xeon_d-1559xeon_platinum_9242_firmwarexeon_e-2174gatom_c3436l_firmwarecore_i7-7y75_firmwarexeon_d-1537xeon_gold_6230_firmwarexeon_gold_6128core_i7-1180g7xeon_e-2176gxeon_gold_6146core_i3-6100hxeon_gold_6254core_i3-10320core_i3-10105fxeon_w-1390t_firmwarexeon_e-2224_firmwarexeon_platinum_8160t_firmwarecore_i3-6098pcore_i5-6400xeon_d-1649nxeon_gold_6148_firmwarecore_i7-10875hcore_i5-6300hq_firmwarexeon_platinum_8156_firmwarecore_i7-1195g7_firmwarecore_i5-10400hcore_i5-9600kf_firmwarecore_i7-9800x_firmwarexeon_w-10885mxeon_gold_6234_firmwarexeon_e-2224g_firmwarexeon_silver_4114_firmwarexeon_gold_6126xeon_d-1527core_i9-9940xcore_i9-9980xe_firmwarecore_i5-6600kcore_i9-7940xxeon_gold_5220r_firmwarecore_i7-9700tecore_i7-6822eq_firmwarexeon_gold_6248rxeon_silver_4214core_i3-6102e_firmwarexeon_w-2125core_i5-6260u_firmwarecore_i9-9900k_firmwarecore_i5-6500tecore_i5-11300hxeon_gold_5220sxeon_platinum_8260core_i7-7800x_firmwarecore_i3-10105t_firmwarecore_i5-6500core_i5-10400h_firmwarexeon_gold_6138f_firmwarexeon_d-2146ntcore_i3-10100txeon_gold_6128_firmwarecore_i3-9100f_firmwarecore_i7-7700hq_firmwarecore_i9-9980hkxeon_e-2244gcore_i5-11500hecore_i3-7100txeon_w-2125_firmwarecore_i5-1035g4_firmwarexeon_platinum_8180core_i7-9850h_firmwarecore_i7-11700_firmwarecore_m5-6y54_firmwarecore_i7-11375hcore_i7-8559ucore_i5-9500ecore_i9-9920x_firmwarexeon_w-1250e_firmwarecore_i7-4960xcore_i7-5960xxeon_d-1521_firmwarecore_i3-6320_firmwarecore_i3-6100e_firmwarexeon_w-1290t_firmwarecore_i7-9750h_firmwarexeon_gold_6209u_firmwarexeon_gold_6138fcore_i3-10325xeon_e-2356gcore_i9-7920x_firmwarecore_i7-8700core_i3-7130ucore_i5-8400xeon_platinum_8276l_firmwarexeon_gold_6262v_firmwarexeon_e-2334core_i7\+8700core_i5-7440hq_firmwarecore_i7-9850hcore_i3-10110u_firmwarecore_i5-7600core_i9-10980xexeon_w-11865mlecore_i9-11900f_firmwarexeon_e-2186gxeon_gold_6226_firmwarecore_i5-8310y_firmwarexeon_silver_4210core_i9-10885h_firmwarexeon_gold_6250l_firmwarexeon_silver_4114t_firmwarecore_i5-11500_firmwarecore_i3-7320_firmwarecore_i7-6770hq_firmwarecore_i7-8569u_firmwarexeon_gold_6240y_firmwareatom_c3955_firmwarexeon_w-1350pxeon_d-2143it_firmwarecore_i5-9400txeon_w-3245_firmwarecore_i7-11800hcore_i7-11370h_firmwarecore_i3-10300xeon_w-1290p_firmwarexeon_w-1250p_firmwarexeon_bronze_3204_firmwarecore_i3-8100t_firmwarecore_i5-7600_firmwarecore_i9-9960x_firmwarecore_i5-10310u_firmwarexeon_gold_6154core_i5-8400_firmwarecore_i7-6567u_firmwarexeon_e-2234_firmwareatom_c3830core_i7-10870hxeon_silver_4215r_firmwarecore_i7-10510ucore_i3-6300t_firmwarexeon_bronze_3104xeon_w-1290pcore_i7-7920hq_firmwarecore_i5-8310ycore_i5-10500h_firmwarexeon_d-1523n_firmwarecore_i3-10300_firmwarexeon_d-2183it_firmwarecore_i5-6440hqxeon_w-3245xeon_e-2324gcore_i7-6660ucore_i9-7980xecore_i3-6100ecore_i7-6970hq_firmwarexeon_w-3345xeon_e-2186m_firmwarexeon_d-1528xeon_w-2295xeon_e-2234core_i3-9100tcore_i5-11300h_firmwarecore_i5-10500core_i7-8850hcore_i9-8950hk_firmwarecore_i5-8400h_firmwarecore_i5-11600_firmwarexeon_d-1622_firmwarexeon_w-11865mrecore_i3-10100_firmwarexeon_silver_4108_firmwarecore_i9-10900texeon_platinum_8260y_firmwarecore_i5-1030g4_firmwarecore_i3-6157ucore_i5-9500fcore_i3-10100yxeon_e-2378core_i7-7820xcore_i7-3970x_firmwarecore_i3-1115g4ecore_i7-7800xcore_i5-9400hxeon_platinum_8253xeon_gold_6252ncore_i3-9320atom_c3308xeon_platinum_8280xeon_platinum_8180_firmwarecore_i7-10700f_firmwarecore_i3-10100t_firmwarexeon_w-2255_firmwarexeon_gold_5220t_firmwarecore_i3-10105core_i5-11400tcore_i7-4940mxxeon_gold_6246core_i9-10900kf_firmwarecore_i7-8550uxeon_w-1350_firmwarecore_i7-10810u_firmwarecore_i9-10940xcore_i7-9700xeon_w-3265m_firmwarexeon_d-1577_firmwarexeon_gold_5122_firmwarecore_i7-9850hecore_i7-10700kfcore_i7-9850hl_firmwarecore_i5-8260u_firmwareatom_c3830_firmwarecore_i5-7500tcore_i5-6440hq_firmwarexeon_d-2187ntxeon_d-1518core_i5-6267ucore_i3-1000g1xeon_w-2225xeon_e-2276mecore_i7-3820_firmwarexeon_silver_4210t_firmwarecore_i5-7y54xeon_gold_5218t_firmwarecore_i7-6950xcore_i5-7400xeon_platinum_8164core_i7-8700b_firmwarexeon_e-2356g_firmwarexeon_platinum_8176fcore_i3-10305t_firmwarexeon_w-10855m_firmwarexeon_gold_5115_firmwarexeon_platinum_8168core_i9-10850k_firmwarecore_i7-7660u_firmwarecore_i5-8365ue_firmwarecore_i3-6167u_firmwarexeon_gold_5217_firmwarecore_i7-11600hcore_i7-7920hqcore_i7-10700core_i9-11950h_firmwarecore_i3-1115g4_firmwarexeon_d-1533ncore_i3-7020ucore_i5-1135g7xeon_w-2195core_i3-8145u_firmwarexeon_e-2136xeon_w-1270pcore_i5-9300hfcore_i5-8600k_firmwarecore_i9-9940x_firmwarexeon_gold_6258rcore_i3-1115g4xeon_platinum_9282core_i5-10400core_i3-7020u_firmwarexeon_d-2161ixeon_w-1250pcore_i7-8700kcore_i3-7130u_firmwarexeon_silver_4215_firmwarexeon_platinum_8160_firmwarexeon_d-2123itcore_i7-11700kf_firmwarecore_i5-8365uecore_i3-8109uxeon_gold_6142core_i3-1110g4atom_c3558r_firmwarecore_i7-4960x_firmwarexeon_bronze_3206rxeon_gold_6148xeon_w-3275xeon_gold_6240xeon_d-2161i_firmwarecore_i5-8200y_firmwarexeon_gold_5220core_i5-8350uxeon_platinum_8256_firmwarecore_i7-8750h_firmwarecore_i3-10100texeon_platinum_8176_firmwareatom_c3758_firmwarecore_i5-10210u_firmwarecore_i7-11390hcore_i3-8140u_firmwarexeon_d-1537_firmwarecore_i5-7y57xeon_w-3375_firmwarecore_i3-9300_firmwarecore_i7-3920xmcore_i5-7260uxeon_d-1540_firmwarecore_i5-10600k_firmwarecore_i5-8259u_firmwarexeon_e-2124core_i7-9750hcore_i3-6100u_firmwareatom_c3808_firmwarecore_i3-10110y_firmwarexeon_e-2186g_firmwarexeon_d-1553n_firmwarecore_i9-7980xe_firmwarexeon_w-1270te_firmwarecore_i7-8559u_firmwarecore_i5-7500_firmwarexeon_gold_6126t_firmwarecore_i5-11500core_i7-11700xeon_platinum_8160xeon_gold_6148fcore_i5-10600xeon_w-2245_firmwarecore_i5-10500_firmwarecore_i5-10310ycore_i5-10310y_firmwareatom_c3858_firmwarexeon_d-1567_firmwarecore_i5-8259uxeon_e-2388g_firmwarexeon_gold_6230r_firmwarexeon_e-2336xeon_gold_6246_firmwarexeon_platinum_8260_firmwarexeon_e-2286mcore_i5-11600t_firmwarecore_i7-6650ucore_i9-9880hcore_i7-4930mx_firmwarecore_i7-8705g_firmwarexeon_platinum_8158_firmwarexeon_gold_6244_firmwarecore_i5-6400_firmwarecore_i5-1035g4core_i7-8650ucore_i5-10200hcore_i7-8705gxeon_platinum_8276xeon_d-1529xeon_gold_5220txeon_e-2324g_firmwarecore_i7-7600uxeon_gold_6244xeon_w-3223_firmwarexeon_gold_6242rcore_i5-1035g7_firmwarecore_i3-7100exeon_w-2275xeon_w-3175x_firmwarecore_i7\+8700_firmwarexeon_w-2265core_i5-9500core_i3-7101ecore_i9-9900xeon_w-10885m_firmwarecore_i3-8145ue_firmwarecore_i9-9820xxeon_gold_5218b_firmwarexeon_gold_6248_firmwarecore_i7-9750hfxeon_d-2141icore_i7-3920xm_firmwarecore_i7-6850k_firmwarecore_i7-3960x_firmwarexeon_e-2176g_firmwarecore_i5-1035g7xeon_gold_6138p_firmwarexeon_e-2254mlcore_i5-8305gcore_i3-9350kcore_i3-1115grecore_i5-11600core_i5-7400tcore_i7-8750hcore_i3-6100txeon_w-2145_firmwarecore_i3-10100e_firmwarexeon_d-2183itxeon_d-2123it_firmwarecore_i5-8300hcore_i9-7940x_firmwarecore_i3-7101te_firmwarecore_i5-9500e_firmwarecore_i9-7900x_firmwarecore_i7-9700e_firmwarecore_i5-9500teatom_c3958xeon_gold_6130txeon_w-1290e_firmwarexeon_d-1520core_i5-1145g7e_firmwarecore_i5-7y54_firmwarexeon_d-2187nt_firmwarexeon_w-1390p_firmwarexeon_w-11955m_firmwarecore_i9-10900f_firmwarexeon_platinum_8280lcore_m3-8100yxeon_gold_5120t_firmwarexeon_silver_4114core_i5-7267ucore_i3-7100uxeon_d-1543ncore_i5-6442eqcore_i7-6700k_firmwarecore_i5-7260u_firmwareatom_c3750_firmwarecore_i7-11700tcore_i5-7300u_firmwarexeon_d-1520_firmwarexeon_platinum_9242core_i7-10700e_firmwarecore_i3-9100te_firmwarecore_i7-6700kcore_i7-6822eqcore_i3-7300tcore_i9-11900tcore_i5-8210ycore_i7-6785rcore_i7-1060g7core_i7-8565u_firmwarexeon_w-11855m_firmwarecore_i5-11400t_firmwarecore_i7-5820kcore_i7-9700_firmwarecore_i7-7700tcore_i7-6900kcore_i9-9980xexeon_platinum_9282_firmwarexeon_gold_5120_firmwarexeon_gold_6250core_i3-9350kfxeon_w-1290tcore_i7-8809gxeon_gold_6226core_i3-10105_firmwarecore_i5-11320hcore_i7-8650u_firmwarexeon_d-1577atom_c3958_firmwarecore_i5-6400t_firmwarecore_i3-6300_firmwarexeon_silver_4214_firmwarecore_i7-10850h_firmwarexeon_platinum_8268_firmwarexeon_e-2314core_i7-8700_firmwarecore_i3-7350kcore_i3-8300_firmwarecore_i5-10505xeon_d-1539core_i7-6820eqcore_i7-6920hqcore_i5-6585r_firmwarexeon_w-2255core_i9-10900x_firmwarecore_i5-7600kcore_m3-7y30_firmwarecore_i3-6006uxeon_gold_5215_firmwarexeon_gold_5220s_firmwarexeon_w-11865mle_firmwarecore_i3-1000g4_firmwarexeon_gold_6144_firmwarecore_i5-8350u_firmwarexeon_e-2276g_firmwarexeon_d-1627_firmwarexeon_gold_5218xeon_w-2145core_i7-4940mx_firmwarecore_i7-11700f_firmwarecore_i3-9100fatom_c3850_firmwarexeon_w-1250_firmwarecore_i5-7500t_firmwarexeon_d-1653n_firmwarecore_i9-10900fcore_i3-1125g4atom_c3950_firmwarexeon_w-3225_firmwarexeon_e-2378gcore_i5-10200h_firmwarecore_i3-8100tcore_i3-6100_firmwarexeon_gold_6238r_firmwarecore_i5-9500txeon_platinum_8164_firmwarexeon_w-3223xeon_gold_6152xeon_gold_6150xeon_e-2276gcore_i5-6200uxeon_gold_6222vcore_i7-10700fxeon_d-1571core_i5-9600k_firmwarexeon_gold_6238t_firmwareatom_c3338r_firmwarexeon_silver_4112_firmwareIntel(R) Processors
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-8935
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 2.70%
||
7 Day CHG~0.00%
Published-15 Dec, 2020 | 14:55
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allow an attacker to make an Ecall_restore function call to reallocate untrusted code and overwrite sections of the Enclave memory address. We recommend updating your library.

Action-Not Available
Vendor-Google LLC
Product-asyloAsylo
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-8730
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-8.8||HIGH
EPSS-0.15% / 35.85%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 02:24
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based overflow for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-compute_module_hns2600bpblc24rserver_system_r1304wt2gsrserver_system_lsvrp_firmwarecompute_module_hns2600tpfrserver_system_r2208wt2ysrserver_board_s2600wftserver_system_r2312wftzsrserver_system_r1000sp_firmwareserver_board_s2600kprserver_system_r1304wf0ysserver_system_r1304wf0ysrserver_system_r1304sposhbnserver_board_s2600kpfserver_system_lsvrp4304es6xx1server_board_s2600cwtserver_board_s2600kpcompute_module_hns2600bpbserver_board_s2600stbcompute_module_hns2600kprserver_system_r1208wttgsrserver_board_s2600cw2rserver_board_s2600wfqrcompute_module_hns2600tp24rserver_system_r2308wftzsserver_system_r2308wttysserver_system_r1000wf_firmwareserver_board_s2600wftrserver_system_r1304wt2gscompute_module_hns2600tprserver_system_r2208wf0zsserver_board_s2600kptrserver_board_s2600st_firmwareserver_system_r1208sposhorrcompute_module_hns2600tp_firmwareserver_board_s1200splserver_board_s2600cw2srserver_system_r1208wt2gsserver_board_s2600tpserver_system_r2208wttyc1rserver_board_s2600stqrcompute_module_hns2600bpblc24server_board_s2600cw2scompute_module_hns2600kp_firmwareserver_system_vrn2208wfaf83server_board_s2600cwtrserver_board_s1200spsserver_board_s2600bpqserver_system_r2208wt2ysserver_system_r1208wttgsserver_system_r1304wttgsserver_system_r2208wttysrserver_system_r1304sposhbnrserver_system_r2208wfqzsrserver_board_s2600tpfserver_board_s2600cwtsserver_system_lr1304sp_firmwareserver_system_r2312wf0nprserver_board_s2600wttrserver_board_s2600wt2server_system_r1208wfqysrserver_system_vrn2208wfhy6server_board_s2600stqserver_system_r2224wftzsserver_board_s2600wf0rserver_system_r2208wfqzsserver_system_nb2208wfqnfviserver_system_r2208wftzsserver_system_r2224wftzsrcompute_module_hns2600bpq24rserver_system_r2224wttysserver_board_s1200sp_firmwareserver_system_lr1304spcfg1rserver_system_lr1304spcfg1server_system_mcb2208wfaf5compute_module_hns2600bps24server_board_s2600bpsserver_board_s2600wt_firmwareserver_board_s2600bpqrserver_system_r2000wt_firmwareserver_system_r1208wt2gsrserver_system_vrn2208wfaf82compute_module_hns2600bpb24rserver_system_r1208wftysserver_system_r2000wf_firmwareserver_board_s2600cwserver_system_r2308wftzsrserver_system_lnetcnt3ycompute_module_s2600tp_firmwarecompute_module_hns2600bps24rserver_system_r1304wftysrserver_system_lsvrp4304es6xxrcompute_module_hns2600bpsrserver_board_s2600wt2rserver_system_mcb2208wfhy2server_board_s2600tpfrcompute_module_hns2600bpblcrserver_board_s2600cwtsrserver_system_r2224wfqzsserver_system_r2308wttysrcompute_module_hns2600tpfserver_system_r2312wftzsserver_system_vrn2208wfaf81server_board_s2600stbrcompute_module_hns2600bpqrserver_system_r2224wttysrserver_system_r2312wttyscompute_module_hns2600bpbrserver_system_r1208sposhorserver_board_s2600bp_firmwareserver_board_s2600bpbrserver_system_r1000wt_firmwareserver_board_s2600wttserver_board_s2600wf0compute_module_hns2600kpserver_system_r2312wfqzsserver_system_mcb2208wfaf6server_system_r1304wftysserver_system_r2208wttysserver_system_r1304sposhorrserver_system_vrn2208waf6compute_module_hns2600bp_firmwareserver_system_r1304sposhorcompute_module_hns2600tpcompute_module_hns2600kpfrcompute_module_hns2600bpqserver_board_s1200sporserver_board_s2600bpbserver_system_mcb2208wfaf4server_board_s1200splrserver_system_lr1304spcfsgx1compute_module_hns2600kpfcompute_module_hns2600bpblcserver_system_r2208wttyc1server_board_s2600cw2server_board_s1200sposerver_board_s2600wfqserver_board_s2600bpsrserver_system_r2312wf0npserver_system_r1304wttgsrserver_system_r2312wttysrserver_board_s2600kp_firmwareserver_system_r1208wttgsbppserver_board_s1200spsrcompute_module_hns2600bpsserver_system_r2208wf0zsrserver_board_s2600kpfrcompute_module_hns2600bpb24server_system_r2208wftzsrserver_system_r1208wftysrserver_board_s2600tprcompute_module_hns2600tp24srserver_board_s2600wf_firmwarecompute_module_hns2600bpq24Intel(R) Server Boards, Server Systems and Compute Modules Advisory
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-11012
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.78%
||
7 Day CHG~0.00%
Published-16 Nov, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_ENCRYPTION_TEST cfg80211 vendor command a stack-based buffer overflow can occur.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0162
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 23.08%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 16:18
Updated-04 Feb, 2025 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_c6520_firmwarepoweredge_r660xs_firmwarepoweredge_xr11_firmwarepoweredge_r6615_firmwarepoweredge_t560_firmwarepoweredge_r760xd2_firmwarepoweredge_r6525_firmwarepoweredge_r960poweredge_hs5610emc_xc_core_xc7525xc_core_xc7625poweredge_mx750cpoweredge_xr11poweredge_c6520emc_xc_core_xc750_firmwarepoweredge_r350poweredge_r7515_firmwarepoweredge_xe9680poweredge_xe8640_firmwarepoweredge_xr8610t_firmwarepoweredge_t550poweredge_c6525poweredge_xe8545_firmwarepoweredge_r860poweredge_xr5610_firmwareemc_xc_core_xc750xa_firmwarepoweredge_r6515_firmwarepoweredge_r760xapoweredge_r860_firmwarepoweredge_r6625_firmwarepoweredge_t150_firmwarepoweredge_r250emc_xc_core_xc7525_firmwareemc_xc_core_xc750emc_xc_core_xc750xapoweredge_r760poweredge_xr12poweredge_r7615_firmwarepoweredge_xr8620temc_xc_core_xc450_firmwarepoweredge_xr8620t_firmwarepoweredge_r760xs_firmwarepoweredge_xr12_firmwarepoweredge_r6515emc_xc_core_xc650_firmwarepoweredge_t150poweredge_t560poweredge_xe8545poweredge_r650_firmwarepoweredge_xe9680_firmwarepoweredge_r760xd2poweredge_r760xspoweredge_xr8610tpoweredge_r350_firmwareemc_xc_core_xc650poweredge_r7625_firmwarexc_core_xc760poweredge_r7515emc_xc_core_xc450poweredge_r660xspoweredge_r550_firmwarepoweredge_c6620_firmwarepoweredge_xr7620_firmwarexc_core_xc660poweredge_c6525_firmwarexc_core_xc760_firmwarepoweredge_xe8640poweredge_r960_firmwarepoweredge_xe9640poweredge_r650xspoweredge_r6525emc_xc_core_xc6520_firmwarepoweredge_r750xapoweredge_t350poweredge_mx750c_firmwarepoweredge_r760_firmwarepoweredge_r250_firmwarepoweredge_c6620poweredge_r7525_firmwarepoweredge_xr4510c_firmwareemc_xc_core_xc6520poweredge_r750xa_firmwarepoweredge_r660poweredge_r450_firmwarepoweredge_xr7620poweredge_r7615poweredge_xe9640_firmwarepoweredge_r750xspoweredge_r650poweredge_xr4510cpoweredge_r7525poweredge_r760xa_firmwarepoweredge_r750xs_firmwarepoweredge_r660_firmwarepoweredge_t350_firmwarepoweredge_hs5610_firmwarepoweredge_r750poweredge_r650xs_firmwarepoweredge_xr4520c_firmwarepoweredge_r7625poweredge_c6615poweredge_r750_firmwarepoweredge_hs5620_firmwarexc_core_xc7625_firmwarepoweredge_mx760cpoweredge_mx760c_firmwarepoweredge_xr5610poweredge_r6625poweredge_r450xc_core_xc660_firmwarepoweredge_r6615poweredge_r550poweredge_t550_firmwarepoweredge_hs5620poweredge_xr4520cpoweredge_c6615_firmwarePowerEdge BIOS Intel 16G
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-7586
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.39%
||
7 Day CHG~0.00%
Published-10 Jun, 2020 | 16:23
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information.

Action-Not Available
Vendor-Siemens AG
Product-simatic_step_7simatic_pcs_7sinamics_startersimatic_process_device_managerSIMATIC STEP 7 V5.XSIMATIC PCS 7 V8.2 and earlierSINAMICS STARTER (containing STEP 7 OEM version)SIMATIC PCS 7 V9.0SIMATIC PDM
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2319
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.66%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 08:30
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HLOS could corrupt CPZ page table memory for S1 managed VMs in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwaresdm670_firmwareqcs404sm8150_firmwaresxr2130_firmwaresda845_firmwaresdm845mdm9205_firmwaremdm9205qcs404_firmwareqcs605sm7150_firmwaresm6150_firmwaresdm710sm6150sm8150sdm850sdm710_firmwaresxr1130_firmwaresm7150sxr1130sdm670sxr2130qcs605_firmwaresda845sdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2292
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.79%
||
7 Day CHG~0.00%
Published-22 Jul, 2019 | 13:47
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound access can occur due to buffer copy without checking size of input received from WLAN firmware in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9650, MSM8996AU, QCA6574AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 665, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_427_firmwaresd_712sd_850mdm9150_firmwaresd_855sd_730_firmwaresd_820amsm8996au_firmwaresdx20sd_670_firmwaresd_425sdm660sdx24sd_430_firmwaresd_710_firmwaresd_435mdm9650sd_636sdm630qcs405sd_625qca6574ausd_210msm8996ausd_636_firmwaresd_450_firmwaresd_845_firmwaresd_820a_firmwaremdm9150qcs605_firmwaresd_425_firmwaresd_730sd_212_firmwaresd_665sd_850_firmwaresdx24_firmwaresd_625_firmwaresd_450qcs405_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_845qcs605sd_427sd_430sd_670sd_435_firmwaresd_835_firmwaremdm9650_firmwaresd_710sdx20_firmwaresd_835sd_205qca6574au_firmwaresda660sd_210_firmwaresd_665_firmwaresd_205_firmwaresdm660_firmwaresd_212sd_855_firmwareSnapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2238
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.98%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 16:33
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of check of data type can lead to subsequent loop-expression potentially go negative and the condition will still evaluate to true leading to buffer underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 8CX, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_712sd_730_firmwaresd_412sd_675sd_670_firmwaremdm9607_firmwaresd_710_firmwaremdm9655_firmwaremdm9650sd_210mdm9607sd_410qcs605_firmwaresd_675_firmwaremdm9206sd_730sd_212_firmwaremdm9655sd_412_firmwaresd_712_firmwaresd_8cx_firmwaremdm9206_firmwareqcs605sd_8cxsd_670mdm9650_firmwaresd_710sd_410_firmwaresd_205sxr1130_firmwaresd_210_firmwaresxr1130sd_205_firmwaresd_212Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-25051
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.24%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 06:46
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).

Action-Not Available
Vendor-n/aDebian GNU/LinuxGNUFedora Project
Product-debian_linuxfedoraaspelln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2299
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.79%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 16:33
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bound write can be triggered by a specially-crafted command supplied by a userspace application. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresd_850mdm9150_firmwaremdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_670_firmwaresdx24mdm9650sd_636msm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwareipq4019_firmwaremdm9206sd_425_firmwareqca9379_firmwareqca6174asdx24_firmwaresd_625_firmwareipq8074sd_450qca9377sd_845mdm9206_firmwareqcs605sd_835_firmwaremdm9650_firmwaresd_835qca6574au_firmwareipq8064sd_210_firmwaresd_600qca8081_firmwaresd_205_firmwareipq8064_firmwaresd_212sd_427_firmwaresd_712sd_855sd_730_firmwaresdx20sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_710_firmwaresd_625ipq8074_firmwareqca6574ausd_820_firmwaresd_210mdm9607sd_636_firmwareqca8081mdm9150qca6174a_firmwaresd_730sd_212_firmwaresd_850_firmwaresd_855_firmwaresd_712_firmwaresd_430ipq4019sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_600_firmwaresd_205qca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-25050
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.16%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 06:46
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).

Action-Not Available
Vendor-osgeon/a
Product-gdaln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2123
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.99%
||
7 Day CHG~0.00%
Published-05 Sep, 2019 | 21:31
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible local execution of arbitrary code in a privileged process due to a memory overwrite. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20733
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.6||MEDIUM
EPSS-0.27% / 50.23%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 19:12
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.44, D6400 before 1.0.0.78, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.110, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.26, R6300v2 before 1.0.4.28, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.28, R6900P before 1.3.1.64, R7000P before 1.3.1.64, R7100LG before 1.0.0.46, R7300DST before 1.0.0.68, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.122, R8500 before 1.0.2.122, WN2500RPv2 before 1.0.1.54, WNDR3400v3 before 1.0.1.22, and WNR3500Lv2 before 1.2.0.54.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6400_firmwareex6200r7100lgex3700r6900p_firmwared6220r8300r7100lg_firmwarer7300dst_firmwarer8500_firmwarer7000_firmwarer7300dstd6220_firmwarer6300_firmwared8500_firmwareex6130r7900pex6000_firmwaredgnd2200b_firmwared7000d8500r6700r7000wnr3500l_firmwareex6200_firmwareex6150d6400r6900_firmwareex3800r7900_firmwareex3700_firmwareex6000ex7000_firmwareex6120r6700_firmwarer7900p_firmwareex6150_firmwarer8000_firmwarer6250r8000ex3800_firmwareex7000r6900pr7900r8000pwndr3400dgn2200r8000p_firmwared6400_firmwarewn2500rpwn2500rp_firmwarer6250_firmwareex6100r7000p_firmwarer8500ex6130_firmwarewndr3400_firmwared7000_firmwarer8300_firmwarer6900r7000pwnr3500ldgnd2200bdgn2200_firmwareex6100_firmwarer6300r6400ex6120_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2032
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.99%
||
7 Day CHG~0.00%
Published-19 Apr, 2019 | 19:45
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SetScanResponseData of ble_advertiser_hci_interface.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-121145627.

Action-Not Available
Vendor-AndroidGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20542
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.87%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 17:54
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (Exynos chipsets) software. There is a stack overflow in the kernel driver. The Samsung ID is SVE-2019-15034 (November 2019).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20737
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.6||MEDIUM
EPSS-0.27% / 50.23%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 19:16
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.44, D6400 before 1.0.0.78, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v4 before 1.0.0.106, DGND2200Bv4 before 1.0.0.106, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6400 before 1.0.1.42, R6700 before 1.0.1.46, R6700v3 before 1.0.2.52, R6900 before 1.0.1.46, R7000 before 1.0.9.28, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.122, R8500 before 1.0.2.122, WN2500RPv2 before 1.0.1.54, WNDR3400v3 before 1.0.1.24, and WNR3500Lv2 before 1.2.0.54.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6400_firmwareex3800_firmwareex6200ex7000r8000pex3700wndr3400d6220r8300r8500_firmwaredgn2200r7000_firmwarer8000p_firmwared6400_firmwarewn2500rpwn2500rp_firmwared6220_firmwared8500_firmwareex6130r7900pex6000_firmwareex6100dgnd2200b_firmwarer8500d7000ex6130_firmwared8500wndr3400_firmwared7000_firmwarer6700r8300_firmwarer7000wnr3500l_firmwareex6200_firmwareex6150d6400r6900wnr3500ldgnd2200bdgn2200_firmwarer6900_firmwareex3800ex6100_firmwareex3700_firmwareex6000ex7000_firmwareex6120r6400r6700_firmwarer7900p_firmwareex6120_firmwareex6150_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-11046
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.16%
||
7 Day CHG~0.00%
Published-10 Oct, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when an audio driver ioctl handler is called, a kernel out-of-bounds write can potentially occur.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20700
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.6||MEDIUM
EPSS-0.39% / 59.42%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:37
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.44, D6400 before 1.0.0.78, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.110, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.26, R6300v2 before 1.0.4.28, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.28, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R8300 before 1.0.2.122, R8500 before 1.0.2.122, R6900P before 1.3.1.64, R7000P before 1.3.1.64, R7100LG before 1.0.0.46, R7300DST before 1.0.0.68, R7900P before 1.3.0.10, R8000P before 1.3.0.10, WN2500RPv2 before 1.0.1.54, WNDR3400v3 before 1.0.1.22, and WNR3500Lv2 before 1.2.0.54.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6400_firmwareex6200r7100lgex3700r6900p_firmwared6220r8300r8500_firmwarer7100lg_firmwarer7300dst_firmwarer7000_firmwarer7300dstd6220_firmwarer6300_firmwared8500_firmwareex6130r7900pex6000_firmwaredgnd2200b_firmwared7000d8500r6700r7000wnr3500l_firmwareex6200_firmwareex6150d6400r6900_firmwareex3800r7900_firmwareex3700_firmwareex6000ex7000_firmwareex6120r6700_firmwarer7900p_firmwareex6150_firmwarer8000_firmwarer6250r8000ex3800_firmwareex7000r6900pr7900r8000pwndr3400dgn2200r8000p_firmwared6400_firmwarewn2500rpwn2500rp_firmwarer6250_firmwareex6100r7000p_firmwarer8500ex6130_firmwarewndr3400_firmwared7000_firmwarer8300_firmwarer6900r7000pwnr3500ldgnd2200bdgn2200_firmwareex6100_firmwarer6300r6400ex6120_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20541
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.87%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 17:53
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The Wi-Fi kernel drivers have a stack overflow. The Samsung IDs are SVE-2019-14965, SVE-2019-14966, SVE-2019-14968, SVE-2019-14969, SVE-2019-14970, SVE-2019-14980, SVE-2019-14981, SVE-2019-14982, SVE-2019-14983, SVE-2019-14984, SVE-2019-15122, SVE-2019-15123 (November 2019).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20594
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.02% / 3.00%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 19:04
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (Exynos chipsets) software. A heap overflow exists in the bootloader. The Samsung ID is SVE-2019-14371 (July 2019).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2031
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.99%
||
7 Day CHG~0.00%
Published-19 Apr, 2019 | 19:26
Updated-04 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-120502559.

Action-Not Available
Vendor-AndroidGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-19532
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.02% / 4.67%
||
7 Day CHG~0.00%
Published-03 Dec, 2019 | 15:39
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18389
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.77%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 00:00
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands.

Action-Not Available
Vendor-virglrenderer_projectn/aDebian GNU/LinuxRed Hat, Inc.openSUSE
Product-virglrendererdebian_linuxleapenterprise_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18614
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.47%
||
7 Day CHG~0.00%
Published-16 Jun, 2020 | 13:42
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On the Cypress CYW20735 evaluation board, any data that exceeds 384 bytes is copied and causes an overflow. This is because the maximum BLOC buffer size for sending and receiving data is set to 384 bytes, but everything else is still configured to the usual size of 1092 (which was used for everything in the previous CYW20719 and later CYW20819 evaluation board). To trigger the overflow, an attacker can either send packets over the air or as unprivileged local user. Over the air, the minimal PoC is sending "l2ping -s 600" to the target address prior to any pairing. Locally, the buffer overflow is immediately triggered by opening an ACL or SCO connection to a headset. This occurs because, in WICED Studio 6.2 and 6.4, BT_ACL_HOST_TO_DEVICE_DEFAULT_SIZE and BT_ACL_DEVICE_TO_HOST_DEFAULT_SIZE are set to 384.

Action-Not Available
Vendor-cypressn/a
Product-cyw20735cyw20735_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 9
  • 10
  • Next
Details not found