Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-29177

Summary
Assigner-fortinet
Assigner Org ID-6abe59d8-c742-4dff-8ce8-9b0ca1073da8
Published At-14 Nov, 2023 | 18:07
Updated At-30 Aug, 2024 | 18:09
Rejected At-
Credits

Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:fortinet
Assigner Org ID:6abe59d8-c742-4dff-8ce8-9b0ca1073da8
Published At:14 Nov, 2023 | 18:07
Updated At:30 Aug, 2024 | 18:09
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests.

Affected Products
Vendor
Fortinet, Inc.Fortinet
Product
FortiDDoS-F
Default Status
unaffected
Versions
Affected
  • 6.5.0
  • From 6.4.0 through 6.4.1 (semver)
  • From 6.3.0 through 6.3.4 (semver)
  • From 6.2.0 through 6.2.3 (semver)
  • From 6.1.0 through 6.1.4 (semver)
Vendor
Fortinet, Inc.Fortinet
Product
FortiADC
Default Status
unaffected
Versions
Affected
  • 7.2.0
  • From 7.1.0 through 7.1.2 (semver)
  • From 7.0.0 through 7.0.5 (semver)
  • From 6.2.0 through 6.2.6 (semver)
  • From 6.1.0 through 6.1.6 (semver)
  • From 6.0.0 through 6.0.4 (semver)
  • From 5.4.0 through 5.4.5 (semver)
  • From 5.3.0 through 5.3.7 (semver)
  • From 5.2.0 through 5.2.8 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-120Execute unauthorized code or commands
Type: CWE
CWE ID: CWE-120
Description: Execute unauthorized code or commands
Metrics
VersionBase scoreBase severityVector
3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Please upgrade to FortiDDoS-F version 6.5.1 or above Please upgrade to FortiDDoS-F version 6.4.2 or above Please upgrade to FortiADC version 7.2.1 or above Please upgrade to FortiADC version 7.1.3 or above

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://fortiguard.com/psirt/FG-IR-23-064
N/A
Hyperlink: https://fortiguard.com/psirt/FG-IR-23-064
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://fortiguard.com/psirt/FG-IR-23-064
x_transferred
Hyperlink: https://fortiguard.com/psirt/FG-IR-23-064
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@fortinet.com
Published At:14 Nov, 2023 | 19:15
Updated At:21 Nov, 2023 | 18:47

Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Fortinet, Inc.
fortinet
>>fortiadc>>Versions from 7.1.0(inclusive) to 7.1.2(inclusive)
cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortiadc>>5.2.0
cpe:2.3:a:fortinet:fortiadc:5.2.0:-:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortiadc>>5.3.0
cpe:2.3:a:fortinet:fortiadc:5.3.0:-:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortiadc>>5.4.0
cpe:2.3:a:fortinet:fortiadc:5.4.0:-:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortiadc>>6.0.0
cpe:2.3:a:fortinet:fortiadc:6.0.0:-:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortiadc>>6.1.0
cpe:2.3:a:fortinet:fortiadc:6.1.0:-:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortiadc>>6.2.0
cpe:2.3:a:fortinet:fortiadc:6.2.0:-:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortiadc>>7.0.0
cpe:2.3:a:fortinet:fortiadc:7.0.0:-:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortiadc>>7.2.0
cpe:2.3:a:fortinet:fortiadc:7.2.0:*:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortiddos-f>>Versions from 6.1.0(inclusive) to 6.1.4(inclusive)
cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortiddos-f>>Versions from 6.4.0(inclusive) to 6.4.1(inclusive)
cpe:2.3:a:fortinet:fortiddos-f:*:*:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortiddos-f>>6.2.0
cpe:2.3:a:fortinet:fortiddos-f:6.2.0:-:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortiddos-f>>6.3.0
cpe:2.3:a:fortinet:fortiddos-f:6.3.0:-:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortiddos-f>>6.5.0
cpe:2.3:a:fortinet:fortiddos-f:6.5.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-120Primarypsirt@fortinet.com
CWE ID: CWE-120
Type: Primary
Source: psirt@fortinet.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://fortiguard.com/psirt/FG-IR-23-064psirt@fortinet.com
Third Party Advisory
Hyperlink: https://fortiguard.com/psirt/FG-IR-23-064
Source: psirt@fortinet.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

158Records found
CVE-2023-40716
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 15.81%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 06:44
Updated-02 Aug, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command vulnerability [CWE-78]  in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup .

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortitesterFortiTester
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-40721
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.23% / 14.20%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 16:09
Updated-14 Jan, 2026 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiosfortiswitchmanagerfortipamfortiproxyFortiPAMFortiProxyFortiSwitchManagerFortiOS
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2021-22126
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 5.15%
||
7 Day CHG~0.00%
Published-17 Mar, 2025 | 13:05
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and FortiAP-U) as root using the default hard-coded username and password.

Action-Not Available
Vendor-Fortinet, Inc.
Product-FortiWLC
CWE ID-CWE-284
Improper Access Control
CVE-2023-36640
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 19.32%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 16:19
Updated-12 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0.0 through 6.0.16, FortiPAM 1.1.0, FortiPAM 1.0 all versions, FortiProxy 7.2.0 through 7.2.5, FortiProxy 7.0.0 through 7.0.11, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions allows attacker to execute unauthorized code or commands via specially crafted commands

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortipamfortiosfortiproxyFortiOSFortiProxyFortiPAMfortipamfortiswitchmanagerfortiosfortiproxy
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2023-36642
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 9.58%
||
7 Day CHG~0.00%
Published-13 Sep, 2023 | 12:29
Updated-25 Sep, 2024 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortitesterFortiTesterfortitester
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-56497
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.58% / 43.10%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 14:09
Updated-03 Feb, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or commands via the CLI.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortirecorderfortimailFortiMailFortiRecorder
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-54025
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 34.95%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 14:02
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator CLI before version 2.4.6 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiisolatorFortiIsolator
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-52968
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.22% / 12.63%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 16:09
Updated-16 Jul, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper authentication in Fortinet FortiClientMac 7.0.11 through 7.2.4 allows attacker to gain improper access to MacOS via empty password.

Action-Not Available
Vendor-Fortinet, Inc.
Product-forticlientFortiClientMac
CWE ID-CWE-287
Improper Authentication
CVE-2025-67862
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6||MEDIUM
EPSS-0.14% / 3.99%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 14:27
Updated-11 Jun, 2026 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiosfortiproxyFortiProxyFortiOS
CWE ID-CWE-1244
Internal Asset Exposed to Unsafe Debug Access Level or State
CVE-2021-44170
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.20% / 9.79%
||
7 Day CHG~0.00%
Published-18 Jul, 2022 | 16:35
Updated-25 Oct, 2024 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiproxyfortiosFortinet FortiProxy, FortiOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-42759
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.26% / 17.66%
||
7 Day CHG~0.00%
Published-09 Dec, 2021 | 09:22
Updated-25 Oct, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 and below allows attacker to execute unauthorized code or commands via crafted cli commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-meru_firmwaremeruFortinet Meru AP
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-41021
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-7.8||HIGH
EPSS-0.25% / 16.24%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 17:48
Updated-25 Oct, 2024 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortinacFortinet FortiNAC
CVE-2021-26116
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.60% / 44.11%
||
7 Day CHG+0.02%
Published-06 Apr, 2022 | 16:00
Updated-25 Oct, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiauthenticatorFortinet FortiAuthenticator
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-22130
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.7||MEDIUM
EPSS-1.11% / 61.66%
||
7 Day CHG~0.00%
Published-03 Jun, 2021 | 10:27
Updated-25 Oct, 2024 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the `diagnose sys cpuset` with a large cpuset mask value. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiproxyFortinet FortiProxy
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-46776
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.14% / 3.60%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 17:01
Updated-14 Jan, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to execute arbitrary code or commands via crafted CLI commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiextender_firmwarefortiextenderFortiExtender
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-22627
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.7||HIGH
EPSS-0.29% / 20.26%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 16:44
Updated-09 Apr, 2026 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP packet.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiswitchaxfixedFortiSwitchAXFixed
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-33302
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-4.5||MEDIUM
EPSS-0.31% / 22.66%
||
7 Day CHG+0.02%
Published-31 Mar, 2025 | 14:58
Updated-23 Jul, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortimailfortindrFortiNDRFortiMail
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-22129
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-8.8||HIGH
EPSS-1.09% / 61.32%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 18:26
Updated-25 Oct, 2024 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortimailFortinet FortiMail
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-32859
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 1.75%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:46
Updated-17 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In meta, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08000473; Issue ID: ALPS08000473.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt8175mt6873mt6893mt8675mt6886mt8395mt8788mt6983mt8188tmt8666mt8167mt6765mt6883mt8390mt6835mt8768mt8789mt6761mt8797mt6889mt8321mt6768mt8362amt8786mt8766mt6985mt8167smt8188mt6833mt6885mt6877mt6781mt8365mt8195mt6853mt6895mt8168mt6789androidmt8185mt6779mt6785mt6879mt8173MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8188T, MT8195, MT8321, MT8362A, MT8365, MT8390, MT8395, MT8666, MT8675, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797mt8797
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-28736
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.23% / 13.79%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:36
Updated-01 Oct, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-mdadm_projectn/a
Product-mdadmIntel(R) SSD Tools software
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-28579
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.16% / 5.13%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 03:03
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in WLAN Host

Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sw5100pqcs410_firmwaresa6150p_firmwaresa6155p_firmwareqam8295p_firmwareqcs610_firmwarewcd9370qca6696wcd9341_firmwarewsa8815_firmwaresa8195p_firmwarewcd9370_firmwarewcn3660bqca6574au_firmwaresa8195pqca6595auqam8295pwcd9341qca6574auwcn3950wsa8810_firmwarewcn3988wcn3980_firmwarewcn3660b_firmwarewsa8835qca6595au_firmwareqca6391_firmwaresw5100p_firmwaresa8295p_firmwareqca6696_firmwarewcd9380_firmwaresa6150pqcs410sa8155p_firmwarewcn3680b_firmwarewsa8815video_collaboration_vc1_platform_firmwaresa8155pwsa8830sa6145psw5100_firmwarefastconnect_7800_firmwarefastconnect_6900qca6391video_collaboration_vc1_platformwcn3950_firmwarefastconnect_6900_firmwaresa8295psnapdragon_8_gen_1_mobile_platformwcd9380sa6145p_firmwarefastconnect_7800sa8145p_firmwarewcn3680bsa8150psnapdragon_8_gen_1_mobile_platform_firmwaresw5100sa8150p_firmwarewcn3988_firmwaresa6155pvideo_collaboration_vc3_platform_firmwaresa8145pwsa8835_firmwarewsa8810wcn3980wsa8830_firmwarevideo_collaboration_vc3_platformqcs610Snapdragonsnapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-26318
Matching Score-4
Assigner-Xiaomi Technology Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Xiaomi Technology Co., Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.52% / 39.97%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 06:42
Updated-18 Sep, 2024 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xiaomi router web interface post-authorization stack overflow

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers.

Action-Not Available
Vendor-Xiaomi
Product-xiaomi_router_ax3200_firmwarexiaomi_router_ax3200Xiaomi Routerxiaomi_router
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-26319
Matching Score-4
Assigner-Xiaomi Technology Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Xiaomi Technology Co., Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.88% / 54.44%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 06:45
Updated-08 Oct, 2024 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xiaomi Router administration interface vulnerability leads command injection and stack overflow

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection.

Action-Not Available
Vendor-Xiaomi
Product-xiaomi_router_ax3200_firmwarexiaomi_router_ax3200Xiaomi Routerxiaomi_router
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-28570
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.14% / 3.65%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 05:26
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy without Checking Size of Input in Audio

Memory corruption while processing audio effects.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429w_firmwareqcs410_firmwaresa6150p_firmwaresd865_5gsnapdragon_429_mobile_platform_firmwaresw5100pqca6595qcs610_firmwarewcd9335sxr2130_firmwarewcd9370qca8081_firmwarear8035_firmwareqca6696wcd9340_firmwarewcd9341_firmwaresnapdragon_w5\+_gen_1_wearable_platform_firmwareqca6320qcc710_firmwareqca6426qca6564auwcn3610qcn9074wsa8815_firmwaresa8195p_firmwareqca8337_firmwareqca8337qca6426_firmwareqca6574au_firmwareqam8295pwcd9341qca6574ausnapdragon_855_mobile_platformwcn3950wsa8810_firmwaresnapdragon_xr2_5g_platformsnapdragon_429_mobile_platformsnapdragon_835_mobile_pc_platform_firmwarewcn3660b_firmwareqca6554afastconnect_6800_firmwaresa8295p_firmwaresd835_firmwarevideo_collaboration_vc1_platform_firmwareqca6584auqca6320_firmwareqcn6274_firmwareqcc710sw5100_firmwareqca6310_firmwarefastconnect_6800qfw7114_firmwareqca6595_firmwarefastconnect_7800_firmwarefastconnect_6900video_collaboration_vc1_platformqfw7114snapdragon_x55_5g_modem-rf_systemfastconnect_6900_firmwareqca6310wcd9380sa6145p_firmwaresnapdragon_xr2_5g_platform_firmwaresa8150pmsm8996au_firmwaresa6155psnapdragon_835_mobile_pc_platformqca6564au_firmwarewsa8810snapdragon_865\+_5g_mobile_platformsw5100video_collaboration_vc3_platformqca6595auaqt1000snapdragon_865_5g_mobile_platform_firmwaresa6155p_firmwareqam8295p_firmwaresd855sd835wcn3990_firmwaresnapdragon_870_5g_mobile_platform_firmwareqfw7124_firmwareqca6564a_firmwareqca6436_firmwaresnapdragon_wear_4100\+_platform_firmwarewcn3610_firmwaresnapdragon_855\+\/860_mobile_platform_firmwareqca6420snapdragon_865\+_5g_mobile_platform_firmwareqca6430wcd9370_firmwaresdx55_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqca6554a_firmwarewcn3660bqca6574asxr2130wcn3620_firmwaresa8195pwcd9340snapdragon_820_automotive_platform_firmwaresnapdragon_855_mobile_platform_firmwareqca6420_firmwareaqt1000_firmwarewcn3988sdm429wqca6584au_firmwaresd855_firmwareqcn6274qca6436qca6574qfw7124snapdragon_x75_5g_modem-rf_systemqca6595au_firmwareqca6391_firmwarewcd9335_firmwarewsa8835qca6430_firmwaresnapdragon_870_5g_mobile_platformsw5100p_firmwareqca6696_firmwaresnapdragon_865_5g_mobile_platformwcd9380_firmwaresa6150pqca6574_firmwareqcs410sa8155p_firmwareqca8081qca6564awsa8815mdm9628sa8155pwcn3980_firmwarewsa8830mdm9628_firmwaresa6145pqcn9074_firmwarear8035qca6574a_firmwaresdx55msm8996auwcn3620qca6391qcn6224wcn3950_firmwaresa8295pfastconnect_6200fastconnect_7800sa8145p_firmwarewcn3680bsd865_5g_firmwaresa8150p_firmwaresnapdragon_855\+\/860_mobile_platformsnapdragon_w5\+_gen_1_wearable_platformwcn3988_firmwarevideo_collaboration_vc3_platform_firmwaresa8145pwcn3990snapdragon_wear_4100\+_platformwsa8835_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarewcn3980snapdragon_820_automotive_platformfastconnect_6200_firmwarewsa8830_firmwarewcn3680b_firmwareqcn6224_firmwareqcs610Snapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-28772
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.73% / 49.41%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 00:00
Updated-05 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kerneln/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-22384
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 1.50%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 05:00
Updated-27 Feb, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in VR Service

Memory Corruption in VR Service while sending data using Fast Message Queue (FMQ).

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6145psa6155p_firmwaresa6150p_firmwaresa8145p_firmwareqca6696_firmwaresa8145pqca6696sa8150psa6150pqca6574ausa8155psa6145p_firmwaresa8155p_firmwaresa8195pqca6574au_firmwaresa8150p_firmwaresa8195p_firmwaresa6155pSnapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21640
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 1.49%
||
7 Day CHG~0.00%
Published-04 Jul, 2023 | 04:46
Updated-26 Nov, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in Linux

Memory corruption in Linux when the file upload API is called with parameters having large buffer.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800wsa8830_firmwarewcd9380_firmwarewsa8830wsa8835snapdragon_8_gen_1wsa8835_firmwarewcd9380fastconnect_7800_firmwarefastconnect_6900fastconnect_6900_firmwaresnapdragon_8_gen_1_firmwareSnapdragonsnapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21639
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 1.50%
||
7 Day CHG~0.00%
Published-04 Jul, 2023 | 04:46
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking the Size of Input in Audio

Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-aqt1000_firmwaresnapdragon_w5\+_gen_1sa6155p_firmwarewsa8830sw5100psa4155p_firmwaresnapdragon_855\+\/860_firmwarewcn3988_firmwareqca6430snapdragon_855sa8155p_firmwarewsa8835sa8195pwsa8810_firmwarewcd9341_firmwareqca6420_firmwaresw5100wsa8810sa6155psw5100p_firmwaresnapdragon_855_firmwarewcd9341snapdragon_855\+\/860qca6430_firmwarewcn3980sa4150p_firmwarefastconnect_6200aqt1000sd855wsa8815sa8155pwsa8830_firmwaresd855_firmwarewcn3988wsa8815_firmwarewsa8835_firmwarefastconnect_6200_firmwaresa8195p_firmwaresw5100_firmwarewcn3980_firmwaresa4155pqca6420sa4150psnapdragon_w5\+_gen_1_firmwareSnapdragonaqt1000_firmwaresa6155p_firmwareqca6430_firmwaresa4155p_firmwaresa4150p_firmwaresnapdragon_855_mobile_platform_firmwarewcn3988_firmwarewsa8830_firmwaresa8155p_firmwaresd855_firmwarewsa8815_firmwarewsa8835_firmwarewsa8810_firmwarefastconnect_6200_firmwarewcd9341_firmwaresa8195p_firmwareqca6420_firmwaresw5100_firmwarewcn3980_firmwaresw5100p_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21649
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 1.50%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:14
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN

Memory corruption in WLAN while running doDriverCmd for an unspecific command.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewsa8830sa6150p_firmwaresa8145p_firmwareqcs610qca8337qca6431_firmwaremdm9628_firmwaremdm9650wcn3950_firmwaresa8150p_firmwareqca6420_firmwareqca6595au_firmwareqca6390_firmwarewcd9370qca6426qca6584au_firmwaresm4375wcn3998qca6554a_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcn3950mdm9628wcn3660bqca6574au_firmwaresdx55_firmwarewcn3680b_firmwareqca6595auwcd9375_firmwarewcn3998_firmwarewcn3610_firmwareqca6420qca6436_firmwareqca6564au_firmwareqca6584ausa6155p_firmwaresdxr2_5gwcn3988_firmwareqca6430qcn9074sa6145p_firmwareqca6421sa8195pwsa8810_firmwaresm4375_firmwaresw5100qca6436wcn6851sa6155pwcd9385wcd9341qca6431qca6696_firmwaresd870_firmwareqca6390wcd9375aqt1000sa8150pwsa8830_firmwaresda429wsd855_firmwaresd865_5g_firmwarewcn3988wcn6850_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwareqca6564awcn3610wcn3991qca8337_firmwaresda429w_firmwarewcd9380_firmwaresw5100pqca6554asd865_5gqca6595qca6564auqcc5100sdx55m_firmwarewsa8835qca6574wcd9380qcs410qca6574aqca6430_firmwarewcn3980qca6574_firmwaresd855wsa8815wcn6850mdm9650_firmwareqca6426_firmwarewcn3660b_firmwareqca6574a_firmwaresd695wcn3980_firmwareqca6391sdx55mqcc5100_firmwareqca6421_firmwareaqt1000_firmwaresd480_firmwarewcn6851_firmwareqca6574ausa8155p_firmwareqca6564a_firmwarewcd9341_firmwaresd480sd870wsa8810sw5100p_firmwareqcs610_firmwaresa6145pwcn3680bsd695_firmwareapq8096auqca6595_firmwaresa8145pqca6696qca6391_firmwarewcd9370_firmwaresa6150psdx55apq8096au_firmwaresa8155psw5100_firmwareqcn9074_firmwareqcs410_firmwareSnapdragonwcn3991_firmwareqca8337_firmwaresda429w_firmwaresa6150p_firmwarewcd9380_firmwaresa8145p_firmwareqca6431_firmwaresdx55m_firmwaremdm9628_firmwarewcn3950_firmwaresa8150p_firmwareqca6420_firmwareqca6595au_firmwareqca6390_firmwareqca6584au_firmwareqca6430_firmwareqca6554a_firmwarewcd9385_firmwaresdxr2_5g_firmwareqca6574_firmwaremdm9650_firmwareqca6426_firmwarewcn3660b_firmwareqca6574a_firmwareqca6574au_firmwaresdx55_firmwarewcn3680b_firmwarewcd9375_firmwarewcn3998_firmwarewcn3980_firmwarewcn3610_firmwareqca6436_firmwareqcc5100_firmwareqca6421_firmwareaqt1000_firmwareqca6564au_firmwaresa6155p_firmwaresd480_firmwarewcn6851_firmwarewcn3988_firmwaresa6145p_firmwaresa8155p_firmwareqca6564a_firmwarewsa8810_firmwarewcd9341_firmwaresm4375_firmwaresw5100p_firmwareqcs610_firmwaresd695_firmwareqca6696_firmwareqca6595_firmwaresd870_firmwareqca6391_firmwarewcd9370_firmwareapq8096au_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwarewsa8815_firmwarewcn6850_firmwarewsa8835_firmwaresa8195p_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20624
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.10% / 0.81%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628530; Issue ID: ALPS07628530.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6853androidmt6855mt8781mt6983mt6833mt6873mt6883mt8797mt6885mt6789mt8791mt6875mt6877mt6879mt8791tMT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6983, MT8781, MT8791, MT8791T, MT8797
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-12374
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.25% / 16.38%
||
7 Day CHG~0.00%
Published-19 Feb, 2021 | 15:17
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-hns2600bpb24rr1304wftysrr2208wf0zsrr1208wftysr2208wftzsrr1304wf0ysr2312wf0nprhns2600bpbr1304wftyshns2600bpqr2224wfqzsr1000wfhns2600bpblc24rs2600bpqrhns2600bpbrs2600stqhns2600bpblcr2308wftzshns2600bpsrr1208wftysrr2208wf0zsr2208wftzsr2312wf0npr1208wfqysrr2224wftzsrr2208wfqzsrs2600stbr2224wftzsr2312wftzsrr2308wftzsrs2600wf0bmc_firmwarehns2600bps24rhns2600bpqrs2600wfqr2208wfqzshns2600bpshns2600bpq24rhns2600bpb24hns2600bps24r1304wf0ysrhns2600bpq24s2600wfts2600bpbrhns2600bpblc24s2600bpsrr2312wfqzsr2312wftzsIntel(R) Server Boards, Server Systems and Compute Modules
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-12465
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.38% / 30.04%
||
7 Day CHG~0.00%
Published-29 Apr, 2020 | 18:52
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages.

Action-Not Available
Vendor-n/aNetApp, Inc.Linux Kernel Organization, Inc
Product-linux_kernelcloud_backupsolidfire_\&_hci_management_nodeactive_iq_unified_managerhci_baseboard_management_controllerhci_compute_nodesolidfire_baseboard_management_controlleraff_baseboard_management_controllersteelstore_cloud_integrated_storagen/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-11183
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.21% / 10.99%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 09:41
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A process can potentially cause a buffer overflow in the display service allowing privilege escalation by executing code as that service in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfe3100pm8909qfe2550qfe4465fcsdr051pm660pmi8996qbt1500pmi632qln1030mdm9650qpa5373pmk8001pmm855aumdm9250qtc800hmsm8917wtr3905qca9377qpa5460wtr2955wcn3660bqln1021aqqfe4320smb1380qfe4308apq8037qca6595auwcn3615msm8909wqtc800tpm8940sdx20mqca6310pm8937qfe2081fcpm8996qca9367sd821sdm630qcc1110qfe2101smb1360qat3522qfe4455fcwcd9340pm8953smb231qfe3440fcqat3514sdr660wcd9326wcd9335qet4200aqmsm8937smb1358wcd9341pm439pmi8952mdm9655smb1350wtr3950qtc800ssd660sd820sd712wtr3925pmi8937pm8998qfe2080fcsdr052sdw3100wcn3620apq8017qca6564asd450qet4100wcn3990smb1355wcd9330wgr7640sd636qet5100qca6595qca6564aumsm8996aupmi8940pmm8996aurgr7640auqualcomm215qln1035bdqpa4360pm855aqca6574amdm9206qca6174apm660lwtr4905ar8151wtr5975wcn3980qsw8573wsa8815qbt1000qfe4305qca6320wcn3680pmx20pmd9607qfe4309sd835apq8009smb1351qfe4373fcqfe2082fcmsm8920msm8953pmi8998pm660aqpa4340sdx50msdx20pm8916qln1036aqqtc801srsw8577pmd9655qfe4302qca6574ausd710apq8009wqfe4303wsa8810qat3550pm8005wcn3680bpm215apq8096auwtr2965qfe4301pm8004sdw2500msm8940apq8053sd439qet4101pmi8994sdm830smb1357qca9379qln1031Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-49829
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.09% / 0.78%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 08:32
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Camera

Memory corruption can occur during context user dumps due to inadequate checks on buffer length.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9380_firmwaresnapdragon_429_mobile_firmwarefastconnect_7800_firmwarewcn3620_firmwarewsa8835wcn3620sdm429w_firmwarewsa8830wsa8830_firmwarewsa8835_firmwarewcd9380snapdragon_8_gen_1_mobile_firmwaresnapdragon_429_mobilefastconnect_6900sdm429wfastconnect_6900_firmwaresnapdragon_8_gen_1_mobilewcn3660b_firmwarefastconnect_7800wcn3660bSnapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-21635
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 1.50%
||
7 Day CHG~0.00%
Published-04 Jul, 2023 | 04:46
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy without Checking Size of Input in Data Network Stack & Connectivity

Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_865_5gwsa8830wcd9380_firmwaresa6150p_firmwaresa8145p_firmwaresw5100psd865_5gfastconnect_6800snapdragon_855\+\/860_firmwareqca6564aucsrb31024snapdragon_855wsa8835wcd9380sa8150p_firmwareqca6420_firmwareqca6595au_firmwaresnapdragon_865\+_5gsnapdragon_x55_5gsnapdragon_wear_4100\+snapdragon_855_firmwaresxr2130qca6574aqca6564qca6426snapdragon_855\+\/860qca6430_firmwarewcn3980fastconnect_6200wcn3660bsd855wsa8815qca6426_firmwarewcn3660b_firmwareqca6574a_firmwaresnapdragon_x55_5g_firmwareqca6574au_firmwarewcn3680b_firmwarefastconnect_6200_firmwareqca6595auwcn3980_firmwareqca6391wcn3610_firmwareqca6420qca6436_firmwaresnapdragon_w5\+_gen_1_firmwaresnapdragon_xr2_5gsnapdragon_w5\+_gen_1qca6564au_firmwareaqt1000_firmwaresa6155p_firmwaresnapdragon_wear_4100\+_firmwarecsrb31024_firmwarefastconnect_6900fastconnect_6900_firmwarewcn3988_firmwareqca6430qca6574ausa6145p_firmwaresnapdragon_870_5gsa8155p_firmwaresa8195pwsa8810_firmwarewcd9341_firmwaresw5100wsa8810qca6436sa6155psw5100p_firmwaresnapdragon_865\+_5g_firmwaresa6145pwcn3680bqca6564_firmwaresxr2130_firmwarewcd9341snapdragon_auto_4gqca6696_firmwaresa8145pqca6696qca6391_firmwaresnapdragon_xr2_5g_firmwareaqt1000sa8150psnapdragon_auto_4g_firmwaresa6150psa8155pwsa8830_firmwaresnapdragon_870_5g_firmwaresd855_firmwaresd865_5g_firmwarewcn3988wsa8815_firmwarewsa8835_firmwaresa8195p_firmwaresw5100_firmwarefastconnect_6800_firmwaresnapdragon_865_5g_firmwarewcn3610Snapdragonaqt1000_firmwareqca6564au_firmwaresa6155p_firmwarewcd9380_firmwaresa6150p_firmwaresa8145p_firmwarecsrb31024_firmwarefastconnect_6900_firmwarewcn3988_firmwaresa6145p_firmwaresa8155p_firmwarewsa8810_firmwaresa8150p_firmwarewcd9341_firmwareqca6420_firmwareqca6595au_firmwaresnapdragon_auto_4g_modem_firmwaresw5100p_firmwareqca6564_firmwaresxr2130_firmwareqca6696_firmwareqca6430_firmwareqca6391_firmwaresnapdragon_855_mobile_platform_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwaresnapdragon_xr2_5g_platform_firmwareqca6426_firmwarewcn3660b_firmwarewsa8815_firmwareqca6574a_firmwarefastconnect_6200_firmwareqca6574au_firmwaresa8195p_firmwaresnapdragon_865_5g_mobile_platform_firmwarewcn3680b_firmwaresw5100_firmwarewsa8835_firmwarefastconnect_6800_firmwaresnapdragon_x55_5g_modem-rf_system_firmwarewcn3980_firmwarewcn3610_firmwareqca6436_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-42642
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.53% / 40.73%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 00:00
Updated-05 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller. NOTE: The supplier states that this vulnerability was fully remediated in December 2024 and that updated firmware is available through Crucial’s official support page.

Action-Not Available
Vendor-crucialn/a
Product-ct250mx500ssd1ct2000mx500ssd1ct500mx500ssd1ct4000mx500ssd1ct1000mx500ssd1mx500_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-0977
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-6.7||MEDIUM
EPSS-0.53% / 41.02%
||
7 Day CHG~0.00%
Published-03 Apr, 2023 | 15:39
Updated-11 Feb, 2025 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable.

Action-Not Available
Vendor-Microsoft CorporationMusarubra US LLC (Trellix)Linux Kernel Organization, Inc
Product-windowslinux_kernelagentTrellix Agent
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-47334
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 0.12%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 22:48
Updated-27 Jan, 2026 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in Camera Driver

Memory corruption while processing shared command buffer packet between camera userspace and kernel.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_695_5g_mobile_platform_firmwarewcd9375_firmwarewcd9371_firmwareqcm5430wcn3988_firmwaresa7255p_firmwareqca6595au_firmwareqam8255pqcm2290wcn7860_firmwarewcn7861qcs7230qcs4490_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresm7635psa8650p_firmwareqam8775p_firmwaresm7325p_firmwareqcs410_firmwareqrb5165m_firmwarewcn3980wsa8845_firmwaresmart_audio_400_platformsnapdragon_8\+_gen_1_mobile_platformqca6391_firmwaresmart_audio_400_platform_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_778g_5g_mobile_platformrobotics_rb5_platform_firmwareqamsrv1msm6225psnapdragon_ar1_gen_1_platform_\"luna1\"_firmwaresm8635psxr2250p_firmwaresm8635_firmwaresnapdragon_680_4g_mobile_platformwcn7881_firmwaresa9000psnapdragon_480_5g_mobile_platformqca6595ausm8650qsnapdragon_7\+_gen_2_mobile_platformsm6650psm8750p_firmwaresd_8_gen1_5g_firmwarewcn7860qcs5430ssg2115psxr2330pqcs9100sw5100p_firmwareqcm8550snapdragon_6_gen_1_mobile_platformsnapdragon_888_5g_mobile_platform_firmwarewcn7881snapdragon_7c\+_gen_3_computeqcs9100_firmwaresm6650p_firmwaresnapdragon_8\+_gen_1_mobile_platform_firmwareqcm8550_firmwareqca6698auwcd9335snapdragon_8\+_gen_2_mobile_platformwsa8810ssg2125pwsa8845hssg2125p_firmwareqcm4490_firmwaresnapdragon_7\+_gen_2_mobile_platform_firmwarewcn3950sm7635p_firmwarefastconnect_6700_firmwarevideo_collaboration_vc5_platform_firmwarefastconnect_6900_firmwareqcn9012snapdragon_460_mobile_platformqcm6490_firmwareqca6678aq_firmwaresm7435_firmwaresg8275_firmwaresnapdragon_w5\+_gen_1_wearable_platformsnapdragon_7_gen_1_mobile_platform_firmwaresw5100_firmwaresrv1hrobotics_rb2_platformqcs2290sw5100pwcn6650_firmwaresm7550psnapdragon_680_4g_mobile_platform_firmwaresnapdragon_695_5g_mobile_platformsm8750pwcn6740sm7675_firmwaresnapdragon_778g_5g_mobile_platform_firmwarewcd9370flight_rb5_5g_platformvideo_collaboration_vc1_platformqcs8250_firmwaresm8475p_firmwarewsa8840sa7255psm7550_firmwaresm7435snapdragon_4_gen_1_mobile_platformsnapdragon_6_gen_1_mobile_platform_firmwarewsa8830wcd9371qmp1000snapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmwaresnapdragon_ar2_gen_1_platformsa8770p_firmwaresm6475qcs6490qca6678aqsnapdragon_662_mobile_platformsa9000p_firmwareqmp1000_firmwaresnapdragon_4_gen_1_mobile_platform_firmwarewsa8815_firmwarewsa8835sa8620psm7325pwcd9380_firmwarewcn3988snapdragon_460_mobile_platform_firmwarevideo_collaboration_vc5_platformwcn3910_firmwarevideo_collaboration_vc3_platformqcs6490_firmwarewsa8815sm7550snapdragon_w5\+_gen_1_wearable_platform_firmwaresd_8_gen1_5gsa8620p_firmwaresm6475_firmwarewcn3910sm4635wcd9378sxr2350p_firmwaresa8770psnapdragon_662_mobile_platform_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwarewcn7861_firmwarecsra6640_firmwaresm8735_firmwaresnapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)_firmwaresm8650q_firmwareqrb5165nsw5100snapdragon_8_gen_3_mobile_platformsg8275pwcd9375snapdragon_888\+_5g_mobile_platform_\(sm8350-ac\)snapdragon_4_gen_2_mobile_platform_firmwaresg4150psnapdragon_7c\+_gen_3_compute_firmwaresm8635p_firmwaresm6650_firmwarewcn7880sg8275qcs4490snapdragon_8_gen_1_mobile_platformsnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)qca6698au_firmwareqamsrv1h_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewcn7750qcn9011qcs8550_firmwarewcd9395_firmwareqcs2290_firmwaresm8750sm4635_firmwareqam8255p_firmwaresnapdragon_7_gen_1_mobile_platformwsa8810_firmwareqcn9012_firmwaresrv1h_firmwaresxr1230probotics_rb2_platform_firmwaresnapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)_firmwareqcs610qrb5165msnapdragon_ar1_gen_1_platform_firmwaresa7775pqca6698aq_firmwaressg2115p_firmwaresnapdragon_685_4g_mobile_platform_\(sm6225-ad\)snapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)wsa8835_firmwareqcm5430_firmwareqca6797aq_firmwaresa8775psg4150p_firmwaresxr2330p_firmwaresrv1mfastconnect_6200_firmwareqam8650pqcn9011_firmwareqam8650p_firmwareqcm4490wcn6755_firmwaresxr1230p_firmwarecsra6620qam8775psm7635_firmwarewcn3950_firmwarewcn7750_firmwareqcm2290_firmwaresm6650robotics_rb5_platformsxr2250pflight_rb5_5g_platform_firmwaresa8650psxr2230p_firmwaresrv1m_firmwarewcn6740_firmwarewcn6650qca6797aqsnapdragon_782g_mobile_platform_\(sm7325-af\)_firmwarefastconnect_6200sm8735sxr2350psm7635sm8635wcn3980_firmwareqcs8550snapdragon_4_gen_2_mobile_platformfastconnect_6900wsa8832video_collaboration_vc1_platform_firmwaresa8775p_firmwaresnapdragon_888_5g_mobile_platformwcd9390fastconnect_7800wcn6755snapdragon_480_5g_mobile_platform_firmwarewsa8832_firmwareqamsrv1hqca6698aqsnapdragon_782g_mobile_platform_\(sm7325-af\)qca6391sa8255psm8750_firmwareqcs410snapdragon_8_gen_1_mobile_platform_firmwaresm7675pwcd9385qcs5430_firmwareqcs610_firmwaresnapdragon_ar2_gen_1_platform_firmwareqrb5165n_firmwarefastconnect_7800_firmwaresm8475psnapdragon_ar1_gen_1_platformwsa8830_firmwaresm8550p_firmwareqamsrv1m_firmwarewcd9335_firmwarewsa8840_firmwaresm8550pwcn7880_firmwarewcd9385_firmwaresxr2230pqca6595csra6620_firmwareqca6595_firmwaresm7675qcm6490sg8275p_firmwaresm7675p_firmwarewcd9378_firmwareqcs615_firmwarewcd9370_firmwareqcs8250wsa8845wsa8845h_firmwaresm6225p_firmwaresnapdragon_ar1_gen_1_platform_\"luna1\"snapdragon_8_gen_2_mobile_platformqcs615qcs7230_firmwarewcd9395wcd9380sa7775p_firmwaresa8255p_firmwaresnapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)_firmwarefastconnect_6700wcd9390_firmwaresm7550p_firmwarecsra6640Snapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-47335
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 0.12%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 22:48
Updated-27 Jan, 2026 | 21:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in Camera Driver

Memory corruption while parsing clock configuration data for a specific hardware type.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcd9375_firmwaresm8735_firmwarewcn6650qcm5430qcm6490_firmwaresm8650q_firmwaresnapdragon_8_gen_3_mobile_platformsm8735wcd9375wcn7860_firmwarewcn6650_firmwaresm7635wcn7861sm8635sm7635psm8635p_firmwarefastconnect_6900sm8750psm6650_firmwarewcn7880wsa8832sm7675_firmwarewcd9370wcn6755wcd9390fastconnect_7800wsa8832_firmwarewsa8845_firmwareqca6698aqvideo_collaboration_vc3_platform_firmwarewsa8840sm8750_firmwaresm8635psnapdragon_8_gen_3_mobile_platform_firmwarewcn7750sm8635_firmwarewsa8830wcn7881_firmwarewcd9395_firmwaresm7675pqmp1000sm8750wcd9385qcs5430_firmwarefastconnect_7800_firmwareqcs6490wsa8830_firmwareqmp1000_firmwaresm6650psm8750p_firmwarewsa8840_firmwarewsa8835wcn7860qcs5430wcn7880_firmwarewcd9385_firmwareqcs9100qca6698aq_firmwarewsa8835_firmwareqcm5430_firmwarewcn7881wcd9380_firmwareqcs9100_firmwaresm6650p_firmwarevideo_collaboration_vc3_platformsm7675qcm6490sm7675p_firmwareqcs6490_firmwarewcd9378_firmwareqcs615_firmwarewcd9370_firmwarewcn6755_firmwarewsa8845wsa8845hwsa8845h_firmwareqcs615wcd9378wcd9395sm7635_firmwarewcn7750_firmwarewcd9380sm6650sm7635p_firmwarefastconnect_6700_firmwarefastconnect_6700wcd9390_firmwarewcn7861_firmwarefastconnect_6900_firmwaresm8650qSnapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-5164
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 1.63%
||
7 Day CHG~0.00%
Published-30 Mar, 2026 | 15:02
Updated-28 Apr, 2026 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Virtio-win: virtio-win: denial of service via unvalidated descriptor count in unmap request

A flaw was found in virtio-win. The `RhelDoUnMap()` function does not properly validate the number of descriptors provided by a user during an unmap request. A local user could exploit this input validation vulnerability by supplying an excessive number of descriptors, leading to a buffer overrun. This can cause a system crash, resulting in a Denial of Service (DoS).

Action-Not Available
Vendor-Red Hat, Inc.
Product-virtio-winenterprise_linuxRed Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 9
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-20731
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.6||MEDIUM
EPSS-0.37% / 28.92%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 19:10
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.40, D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D8500 before 1.0.3.39, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.20, R6300v2 before 1.0.4.18, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.46, R7000 before 1.0.9.26, R6900P before 1.3.0.20, R7000P before 1.3.0.20, R7100LG before 1.0.0.34, R7300DST before 1.0.0.62, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.116, R8500 before 1.0.2.116, WN2500RPv2 before 1.0.1.54, and WNDR3400v3 before 1.0.1.18.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8000r6400_firmwareex3800_firmwareex6200ex7000r6900pr7100lgr8000pex3700r6900p_firmwarewndr3400d6220r8300r7100lg_firmwarer7300dst_firmwarer8500_firmwarer7000_firmwarer8000p_firmwared6400_firmwarewn2500rpwn2500rp_firmwarer7300dstd6220_firmwarer6300_firmwared8500_firmwareex6130r6250_firmwarer7900pex6000_firmwareex6100r7000p_firmwarer8500d7000ex6130_firmwared8500wndr3400_firmwared7000_firmwarer6700r8300_firmwarer7000ex6200_firmwareex6150d6400r6900r7000pr6900_firmwareex3800ex6100_firmwareex3700_firmwareex6000ex7000_firmwareex6120r6300r6400r6700_firmwarer7900p_firmwareex6120_firmwareex6150_firmwarer8000_firmwarer6250n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-20728
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.32% / 23.20%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 19:05
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6400 before 1.0.0.74, D7000v2 before 1.0.0.74, D7800 before 1.0.1.34, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.102, DGND2200Bv4 before 1.0.0.102, DM200 before 1.0.0.52, JNDR3000 before 1.0.0.22, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBW30 before 2.1.2.6, R6250 before 1.0.4.26, R6300v2 before 1.0.4.24, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.26, R6900P before 1.3.0.20, R7000P before 1.3.0.20, R7100LG before 1.0.0.40, R7300DST before 1.0.0.62, R7500v2 before 1.0.3.26, R7800 before 1.0.2.44, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.116, R8500 before 1.0.2.116, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3400v3 before 1.0.1.18, WNDR3700v4 before 1.0.2.96, WNDR4300v1 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, WNR2000v5 before 1.0.0.64, and WNR3500Lv2 before 1.2.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbw30_firmwarewndr3700r8900_firmwarer6400_firmwarer7100lgdm200_firmwarerbw30wndr4300_firmwarer6900p_firmwarer7500_firmwarer8300r7100lg_firmwarer7300dst_firmwarer8500_firmwarer7000_firmwarewndr4500r7300dstr6300_firmwared8500_firmwarer7900pdgnd2200b_firmwared7000r8900r9000_firmwared8500r6700wndr3700_firmwarer7000wnr2000_firmwarerbs50_firmwarewnr3500l_firmwarer7500d6400jndr3000_firmwarer9000r6900_firmwarer7800r7900_firmwarer7800_firmwarer6700_firmwarer7900p_firmwarewnr2000r8000_firmwarer6250r8000d7800r6900pr7900r8000pwndr3400dgn2200r8000p_firmwared6400_firmwarer6250_firmwarer7000p_firmwared7800_firmwaredm200r8500wndr3400_firmwared7000_firmwarer8300_firmwarewndr4500_firmwarerbs50r6900r7000pjndr3000rbr50_firmwaredgnd2200bdgn2200_firmwarerbr50wnr3500lrbk50r6300wndr4300r6400rbk50_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-9403
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.08% / 0.41%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 23:29
Updated-19 Dec, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_- interface.c, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege in a privileged process with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-9386
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 0.42%
||
7 Day CHG~0.00%
Published-05 Dec, 2024 | 22:20
Updated-19 Dec, 2024 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In reboot_block_command of htc reboot_block driver, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-3742
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.19% / 8.69%
||
7 Day CHG~0.00%
Published-23 Aug, 2023 | 19:42
Updated-09 Oct, 2024 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-ideapad_1_15igl7legion_5-17imh05_firmwarev14_g2-itl_firmwareideapad_3-17itl6legion_5-15ith6hslim_7_prox_14iah7_firmwarelegion_5-15imh6ideapad_3_15iau7ideapad_1_15iau7slim_9-14itl05slim_7_pro-14ihu5yoga_slim_7_pro_14iah7ideapad_5-15itl05_firmwareideapad_3-17itl6_firmwareyoga_slim_7_pro-14ihu5_olegion_5-15ith6h_firmwareslim_7_carbon_13iap7v17_g3_iap_firmwarelegion_5_pro-16ith6legion_5-17ith6hv15_g3_iapyoga_slim_7_pro-14itl5ideapad_1_14igl7legion_5_15iah7h_firmwarelegion_5-17ith6_firmwareyoga_slim_9-14itl05_firmwareideapad_3-14igl05_firmwareideapad_3-14itl05_firmwarev14_g2_ijllegion_5p-15imh05h_firmwareideapad_3-14iml05_firmwarelegion_5-15imh6_firmwareideapad_1_14iau7yoga_slim_9_14iap7slim_7_pro-14ihu5_firmwarev15_g1-imllegion_5_pro_16iah7_firmwarev17-iilideapad_1-15ijl7slim_9_14iap7_firmwareyoga_slim_7_carbon_13iap7v17_g3_iapyoga_slim_7_pro_14iap7yoga_slim_7_prox_14iah7_firmwareideapad_3-17iml05ideapad_3-17iil05_firmwareideapad_1_14igl7_firmwareyoga_slim_7_pro-14itl5_firmwareideapad_3-15igl05yoga_slim_9_14iap7_firmwareideapad_3-15itl6v14_g3_iapideapad_1_14iau7_firmwarelegion_7-16ithg6_firmwareideapad_5_15ial7l3-15itl6_firmwareideapad_3-14iml05v15_g3_iap_firmwarelegion_5-17imh05h_firmwareyoga_slim_7_pro-14ihu5_o_firmwarelegion_5_pro_16iah7h_firmwarelegion_5_15iah7hv17_g2-itlideapad_3-15iml05legion_5-17imh05ideapad_3-15iil05_firmwarev15_g2_ijllegion_7_16iax7s14_g3_iap_firmwarelegion_5_15iah7_firmwarev15_g2-itl_firmwarev14_g1-imlyoga_7_14ial7_firmwarelegion_5_pro-16ith6hideapad_3_17iau7v15_g2_ijl_firmwareyoga_slim_7_carbon_13iap7_firmwareideapad_3_14iau7ideapad_3-14igl05legion_5-15imh05hv15-igl_firmwareideapad_3_17iau7_firmwarelegion_5-15imh05v14_g3_iap_firmwareslim_7_prox_14iah7ideapad_gaming_3-15imh05_firmwareslim_7_carbon_13iap7_firmwareideapad_3-15itl05ideapad_1_15igl7_firmwareyoga_7_16iap7legion_7-16ithg6ideapad_3-15iml05_firmwareideapad_3-15iil05ideapad_1_15iau7_firmwareideapad_3-17iml05_firmwarev14-igl_firmwarelegion_5p-15imh05hlegion_5-17ith6legion_5-17imh05hlegion_5p-15imh05ideapad_5-15itl05v15_g2-itllegion_5-17ith6h_firmwarelegion_5_pro-16ith6h_firmwarelegion_7_16iax7_firmwarelegion_5_pro_16iah7slim_7_14iap7yoga_7-15itl5ideapad_3-14itl6ideapad_gaming_3-15imh05s14_g2_itllegion_5p-15imh05_firmwareideapad_creator_5-15imh05yoga_slim_7_pro_14iap7_firmwarev15_g1-iml_firmwares14_g3_iapv15-iglyoga_7_14ial7ideapad_5-15iil05_firmwarelegion_5_15iah7yoga_7_16iap7_firmwarelegion_5-15ith6s540-13itlyoga_slim_7_prox_14iah7v17-iil_firmwareideapad_3_15iau7_firmwarev17_g2-itl_firmwareyoga_slim_9-14itl05ideapad_5_15ial7_firmwarelegion_5_pro_16iah7hideapad_3-15itl05_firmwareideapad_3-15igl05_firmwarethinkbook_15p_g2_ithyoga_7-14itl5yoga_7-14itl5_firmwareideapad_5-15iil05slim_9_14iap7v14_g1-iml_firmwareyoga_7-15itl5_firmwareslim_9-14itl05_firmwarev14-iglideapad_3-15itl6_firmwares540-13itl_firmwarev14_g2-itlideapad_3-14itl6_firmwareyoga_slim_7_pro-14ihu5ideapad_1-15ijl7_firmwarel3-15iml05_firmwarelegion_5-15ith6_firmwares14_g2_itl_firmwareyoga_9_14iap7legion_5-15imh05h_firmwarethinkbook_15p_g2_ith_firmwareyoga_9_14iap7_firmwareslim_7_14iap7_firmwareideapad_1-14ijl7_firmwareyoga_slim_7_pro_14iah7_firmwareideapad_3-14iil05ideapad_creator_5-15imh05_firmwareideapad_3_14iau7_firmwareideapad_3-17iil05v14_g2_ijl_firmwareideapad_3-14iil05_firmwareyoga_7_16iah7_firmwareideapad_3-14itl05ideapad_1-14ijl7l3-15itl6yoga_7_16iah7thinkbook_15p_imh_firmwareyoga_slim_7_pro-14ihu5_firmwarel3-15iml05thinkbook_15p_imhlegion_5_pro-16ith6_firmwarelegion_5-15imh05_firmwareNotebookideapad_gaming_3-15imh05_firmwarelegion_5-17imh05_firmwareslim_7_carbon_13iap7_firmwareideapad_1_15igl7_firmwareideapad_3-15iml05_firmwarev14_g2-itl_firmwareslim_7_prox_14iah7_firmwareideapad_1_15iau7_firmwareideapad_3-17iml05_firmwarev14-igl_firmwareideapad_5-15itl05_firmwareideapad_3-17itl6_firmwarelegion_5-15ith6h_firmwarev17_g3_iap_firmwarelegion_5-17ith6h_firmwarelegion_5_pro-16ith6h_firmwarelegion_7_16iax7_firmwarelegion_5_15iah7h_firmwarelegion_5-17ith6_firmwareyoga_slim_9-14itl05_firmwareideapad_3-14igl05_firmwarelegion_5p-15imh05_firmwareideapad_3-14itl05_firmwareyoga_slim_7_pro_14iap7_firmwarev15_g1-iml_firmwareideapad_5-15iil05_firmwarelegion_5p-15imh05h_firmwareyoga_7_16iap7_firmwareideapad_3-14iml05_firmwarelegion_5-15imh6_firmwarev17-iil_firmwareideapad_3_15iau7_firmwarev17_g2-itl_firmwareslim_7_pro-14ihu5_firmwarelegion_5_pro_16iah7_firmwareideapad_5_15ial7_firmwarelegion_5_pro-16ith6_firmwareideapad_3-15itl05_firmwareideapad_3-15igl05_firmwareyoga_7-14itl5_firmwareyoga_slim_7_prox_14iah7_firmwareideapad_3-17iil05_firmwareideapad_1_14igl7_firmwareyoga_slim_7_pro-14itl5_firmwarev14_g1-iml_firmwareyoga_7-15itl5_firmwareyoga_slim_9_14iap7_firmwareslim_9-14itl05_firmwareideapad_3-15itl6_firmwares540-13itl_firmwareideapad_3-14itl6_firmwareideapad_1_14iau7_firmwareideapad_1-15ijl7_firmwarel3-15iml05_firmwarelegion_7-16ithg6_firmwarelegion_5-15ith6_firmwares14_g2_itl_firmwarel3-15itl6_firmwarev15_g3_iap_firmwarelegion_5-17imh05h_firmwareyoga_slim_7_pro-14ihu5_o_firmwarelegion_5-15imh05h_firmwarethinkbook_15p_g2_ith_firmwarelegion_5_pro_16iah7h_firmwareyoga_9_14iap7_firmwareslim_7_14iap7_firmwareideapad_1-14ijl7_firmwareyoga_slim_7_pro_14iah7_firmwareideapad_3-15iil05_firmwareideapad_creator_5-15imh05_firmwareideapad_3_14iau7_firmwarev14_g2_ijl_firmwareideapad_3-14iil05_firmwareyoga_7_16iah7_firmwares14_g3_iap_firmwarelegion_5_15iah7_firmwarev15_g2-itl_firmwareyoga_7_14ial7_firmwarev15_g2_ijl_firmwareyoga_slim_7_carbon_13iap7_firmwarethinkbook_15p_imh_firmwareyoga_slim_7_pro-14ihu5_firmwarev15-igl_firmwarelegion_5-15imh05_firmwareideapad_3_17iau7_firmwarev14_g3_iap_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-40137
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.23% / 13.27%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 21:26
Updated-27 Mar, 2025 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-ideacentre_m70t_gen_3ideacentre_aio_3-27itl6_firmwarethinkagile_hx5530thinksmart_core_device\thinkstation_p340_workstationideacentre_a340-22ick_all-in-oneideacentre_m80s_gen_3_firmwareideacentre_m920sv330-20icb_all-in-oneideacentre_aio_3-22ada05_firmwarev55t_gen_2_13acnthinkstation_p330_tiny_workstation_firmwareyta8900fthinkagile_hx2330thinkagile_mx3331-f_all-flashideacentre_m910s_firmwarethinkagile_vx3520-g__firmwareideacentre_m920qideacentre_m70a_gen_2ideacentre_5-14are05thinkstation_p350_workstationthinkstation_p520c_workstationideacentre_a340-24igm_all-in-one_firmwarethinkagile_hx2320_firmwarethinksystem_hr630x_firmwarethinkagile_vx_2u4nv530s-07icb_firmwarethinkagile_hx7820_firmwarev55t_gen_2_13acn_firmwarethinkagile_vx7320_n_thinkstation_p330_workstation_2nd_gen_firmwarethinkagile_vx_4u_firmwareideacentre_5-14iob6_firmwareideacentre_510a-15ickideacentre_aio_3-22itl6_firmwareideacentre_m75s-1_firmwarethinkserver_ts560_firmwareideacentre_aio_3-24ada6_firmwarelegion_t530-28icbideacentre_m90a_firmwarethinkserver_rd450_firmwareideacentre_5-14are05_firmwareideacentre_510s-07icb_firmwareideacentre_m70a_gen_2_firmwarethinkserver_sr588_firmwarev530-22icb_all-in-oneideacentre_m800_firmwareideacentre_m710s_firmwareideacentre_neo_50t_gen_3thinkagile_hx2320-e_firmwarethinkagile_hx3331thinkagile_vx3720__firmwarethinkserver_rd350g_firmwarethinkserver_sd350_firmwarethinkserver_ts150ideacentre_m80q_firmwareideacentre_neo_70t_gen_3_firmwareideacentre_aio_3-24itl6_firmwareideacentre_m70q_gen_2_firmwareideacentre_aio_3-24are05thinkagile_hx2321_firmwareqt_b415_firmwareideacentre_m70c_firmwareideacentre_m90s_gen_3_firmwareideacentre_m70a_gen_3yangtian_afq150_firmwareideacentre_m90q_gen_2_firmwarethinkagile_mx_1u_-_mx3321_h__firmwareideacentre_m800ideacentre_g5-14imb05ideacentre_m910xthinkagile_hx3376_firmwarethinksmart_core_\&_controller_kit\thinkagile_hx7821_firmwareideacentre_m70tthinkagile_mx_edge-_mx1020_thinkagile_vx_2u4n_firmwarelegion_t530-28aprthinkagile_hx2330_firmwareideacentre_mini_5-01imh05thinkagile_hx1321ideacentre_m710tthinkstation_p620_workstationthinkagile_mx-_all_flashthinkstation_p340_tiny_workstationthinkagile_mx3520_f-_all_flash__firmwareideacentre_g5-14amr05_firmwareideacentre_m70t_firmwarethinkagile_mx_1u_-_mx3321_h_thinkcentre_m6600t_firmwarethinkcentre_m8600s_firmwarethinksmart_hub_teamsthinkagile_hx3520-gideacentre_m80sideacentre_a340-22ast_all-in-onethinksmart_core_device_for_logitechideacentre_m80s_gen_3thinkagile_vx7820_legion_t5-26iob6_firmwareideacentre_m90av530-15icbideacentre_m910qv530-24icb_all-in-onethinkagile_hx5530_firmwarethinkcentre_e75sthinkserver_sd350thinkstation_p360_tiny_workstation_firmwareideacentre_aio_3-22iil5_firmwareideacentre_m75s_gen_2ideacentre_a340-22ast_all-in-one_firmwarelegion_t5-28icb05_firmwareideacentre_aio_3-22imb05_firmwareideacentre_m75q_gen_2_firmwareideacentre_m80t_firmwarethinkserver_rd350_firmwareideacentre_m90a_gen_3v520_firmwareideacentre_720-18aprlegion_t5-28icb05thinkagile_mx3530-h_hybrid_firmwarethinkagile_vx7520_n__firmwarethinkagile_hx1520-rideacentre_m715t_firmwarethinkagile_vx_1se_firmwarethinkcentre_m6600qthinkagile_mx1021ideacentre_3-07ada05_firmwarethinkagile_hx2331thinkagile_hx2320-ethinkagile_vx5530v50t-13iob_g2_firmwarethinkserver_sr860p_firmwarethinkserver_rd550_firmwareideacentre_m810z_all-in-oneideacentre_m710ethinkstation_p320_workstation_firmwarethinkagile_hx3376ideacentre_a340-22igm_all-in-onethinkagile_vx3530-gideacentre_m70s_gen_3ideacentre_g5-14imb05_firmwarethinkcentre_m6600tideacentre_m720e_firmwareideacentre_m910sthinkagile_hx7530_firmwarethinksmart_hub_500thinkagile_hx5520thinkagile_vx7530_firmwareideacentre_a340-24icb_all-in-oneideacentre_aio_3-24imb05_firmwareideacentre_m75t_gen_2_firmwarev530-15arrthinkagile_mx_1u_-_mx3321_f__firmwarethinkserver_ts450ideacentre_m70qideacentre_m920s_firmwareideacentre_m90t_firmwarethinkagile_hx3720thinkedge_se30_firmwarev530-15icrthinksystem_hr610xthinkagile_vx3330thinkagile_hx3331_firmwarethinkstation_p350_tiny_workstationideacentre_m720tv50a-24imbthinksystem_hr610x_firmwareideacentre_m70s_firmwareideacentre_m70cthinkagile_vx1320__firmwarelegion_t530-28apr_firmwareideacentre_neo_70t_gen_3thinkserver_ts550ideacentre_neo_50s_gen_3_firmwareideacentre_m75q-1legion_c530-19icbthinkagile_hx1331thinkagile_hx7521thinkagile_hx2320thinkcentre_m8600sthinkstation_p620_workstation_firmwareideacentre_aio_3-24ada6thinkserver_rd650thinkagile_vx_2u_firmwareideacentre_aio_3-27imb05thinkserver_rs160thinkstation_p348_workstation_firmwarethinkstation_p920_workstationthinkagile_mx3330-f_all-flashthinkagile_hx2321ideacentre_510s-07ickthinksystem_dx8200d_firmwarethinkagile_hx1320v530-22icb_all-in-one_firmwareideacentre_aio_3-22iil5thinkagile_hx1321_firmwarethinkagile_vx7520_n_ideacentre_m715s_firmwarev55t-15are_firmwarelegion_t5-26iob6ideacentre_m90t_gen_3_firmwareideacentre_m720t_firmwarethinkagile_hx1320_firmwareideacentre_a340-24iwl_all-in-oneideacentre_m910x_firmwarethinkagile_hx3521-glegion_t7-34imz5_firmwarethinkserver_ts150_firmwarev530-15icr_firmwareideacentre_m720eqt_m410thinkagile_vx2330thinkstation_p310_workstationthinksystem_hr650x_firmwarethinkserver_td350_firmwarev30a-24imlthinkserver_rd450thinkagile_mx3531_h_hybridideacentre_aio_3-27itl6ideacentre_aio_3-22ada6_firmwareideacentre_m90a_gen_3_firmwarethinkagile_vx5520_ideacentre_gaming_5_17acn7thinkstation_p320_tiny_workstation_firmwareideacentre_m70a_gen_3_firmwareideacentre_a340-22iwl_all-in-onethinkstation_p320_workstationideacentre_e96zideacentre_m75q_gen_2thinkstation_p348_workstationthinkserver_rd650_firmwareideacentre_t540-15ickqitian_a815thinkagile_hx7530ideacentre_m715q_2nd_genthinkagile_mx-_hybridideacentre_m80q_gen_3thinkedge_se30ideacentre_m920x_firmwareideacentre_m810z_all-in-one_firmwarethinkagile_hx1021_edgideacentre_m715sn4610_storage_firmwareideacentre_m90t_gen_3qt_b415thinkagile_hx7821thinkagile_hx5521_firmwarelegion_t7-34imz5ideacentre_m625qv30a-24iml_firmwareideacentre_aio_3-24are05_firmwarethinkstation_p520c_workstation_firmwareideacentre_m90q_tiny_firmwarethinkagile_vx3331ideacentre_m900xv520s_firmwareyoga_a940-27icb_all-in-one_firmwarethinkagile_hx5520-c_firmwareideacentre_m90a_gen_2ideacentre_m90q_gen_3ideacentre_m720q_firmwareideacentre_m75q-1_firmwarethinksystem_st58ideacentre_c5-14imb05thinkagile_mx-_all_flash_firmwarev50s-07imb_firmwareideacentre_m90a_gen_2_firmwareideacentre_aio_3-24itl6ideacentre_m920q_firmwaren4610_storageideacentre_m900_firmwarethinkcentre_m8600t_firmwarev30a-22iml_firmwarethinkagile_hx1521-rideacentre_m80qthinkserver_rd350gthinkagile_hx3320thinkserver_ts460ideacentre_m720sv55t-15apiideacentre_5-14imb05_firmwareideacentre_m60e_tinyideacentre_m80t_gen_3thinkstation_p320_tiny_workstationthinkagile_hx7531_firmwareyoga_a940-27icb_all-in-oneideacentre_m90q_gen_2thinkagile_mx3531-f_all-flashideacentre_m90s_firmwareideacentre_5-14acn6thinkagile_vx2330_firmwarethinkagile_vx3530-g_firmwareideacentre_3-07imb05thinkagile_vx3320_ideacentre_gaming_5-14acn6_firmwarethinkserver_sr860pideacentre_m70q_firmwarethinkserver_ts550_firmwareideacentre_m80tthinkserver_rs260_firmwarethinkagile_hx3521-g_firmwareideacentre_a340-24icb_all-in-one_firmwareideacentre_5_14iab7_firmwareideacentre_aio_3-24alc6ideacentre_a340-22icb_all-in-oneideacentre_m80t_gen_3_firmwarethinkagile_vx_1u_firmwareideacentre_a340-22iwl_all-in-one_firmwarethinkagile_vx2320__firmwarethinkserver_sr590_firmwareideacentre_m710qthinkstation_p520_workstation_firmwarev50t-13imbthinkagile_vx5520__firmwareideacentre_m910tthinkstation_p330_workstation_2nd_genideacentre_510-15ick_firmwareideacentre_gaming_5_17acn7_firmwarethinkagile_hx5520-cideacentre_m70q_gen_2thinkagile_vx7520__firmwarethinkagile_mx3531_h_hybrid_firmwareideacentre_m715q_firmwarethinkagile_mx3530-h_hybridideacentre_m818z_firmwarethinkserver_sr590legion_c530-19icb_firmwarethinksmart_core_\&_controller_full_room_kit\qt_m415_firmwarethinkagile_hx3330_firmwarev50s-07imbideacentre_m910q_firmwarethinkagile_hx3321_firmwaren3310_storagethinkagile_vx3320__firmwareideacentre_aio_3-22ada05ideacentre_m818zideacentre_5-14acn6_firmwareideacentre_gaming_5-14acn6ideacentre_m70aideacentre_a340-22igm_all-in-one_firmwarethinkagile_vx7530thinkagile_mx_1u_-_mx3321_f_ideacentre_m910t_firmwarethinkserver_rs160_firmwarethinkagile_hx3721_firmwareideacentre_m70s_gen_3_firmwarethinkagile_mx3520_h-_hybrid__firmwarethinkagile_mx3330-f_all-flash_firmwareideacentre_m725s_firmwareideacentre_a340-24igm_all-in-onev50t-13iob_g2thinkagile_hx3320_firmwareideacentre_gaming_5-14iob6v520sideacentre_m710e_firmwaren3310_storage_firmwareideacentre_m70a_firmwareideacentre_aio_3-24iil5_firmwareideacentre_t540-15ama_gthinkagile_vx7330_firmwarethinkagile_vx7531_firmwareideacentre_m60e_tiny_firmwarev330-20icb_all-in-one_firmwarethinkagile_hx7531thinkagile_vx3330_firmwarethinkstation_p330_tiny_workstationthinkstation_p350_tiny_workstation_firmwarethinkagile_vx7531qt_m410_firmwarethinkagile_vx3720_ideacentre_aio_3-22imb05ideacentre_m720qideacentre_510s-07icbthinksystem_st58_firmwarethinkagile_mx1021_firmwarethinkstation_p310_workstation_firmwarethinkagile_hx7520thinkagile_hx3330qt_m415thinkcentre_m8600tv520thinkagile_hx1331_firmwareideacentre_t540-15ama_g_firmwarethinksmart_core_device_for_polythinkagile_hx3321ideacentre_m715tideacentre_720-18apr_firmwareideacentre_a340-24ick_all-in-onethinkagile_mx3331-f_all-flash_firmwareideacentre_mini_5-01imh05_firmwareideacentre_m75t_gen_2thinkagile_hx1021_edg_firmwareideacentre_m80s_firmwarethinksmart_hub_zoomideacentre_m820z_all-in-onethinkagile_hx3720_firmwarethinkstation_p520_workstationideacentre_m75nideacentre_3-07ada05ideacentre_m90s_gen_3thinkcentre_m6600sthinkagile_mx3520_h-_hybrid_ideacentre_m70q_gen_3_firmwarethinkagile_vx_2uv35s-07ada_firmwareideacentre_m625q_firmwarethinkcentre_m700qthinksmart_core_device_for_poly_firmwarethinkagile_hx5521-cthinkagile_vx_1uideacentre_m900x_firmwareideacentre_aio_3-27imb05_firmwarethinkagile_vx1320_thinkagile_hx1520-r_firmwarev530s-07icr_firmwarethinkagile_hx5531ideacentre_510-15ickv55t-15arev530s-07icrthinkagile_mx_edge-_mx1020__firmwarethinkcentre_e75tthinkagile_mx-_hybrid_firmwarev50t-13imb_firmwareideacentre_gaming_5_17iab7ideacentre_3-07imb05_firmwareqitian_a815_firmwareideacentre_t540-15ick_firmwareideacentre_g5-14amr05yta8900f_firmwareideacentre_aio_3-24alc6_firmwareideacentre_gaming_5-14iob6_firmwarethinkserver_ts250ideacentre_m710q_firmwarethinkcentre_e75t_firmwareideacentre_m900thinkagile_vx5530_firmwarethinkagile_hx5521v530-15arr_firmwarethinksmart_hub_teams_firmwareideacentre_m70sthinkagile_hx3375_firmwareideacentre_aio_3-22ada6thinkagile_hx3721thinkagile_hx3520-g_firmwareideacentre_3_07iab7_firmwarethinkstation_p330_workstationthinkstation_p340_workstation_firmwarev35s-07adaideacentre_m90sideacentre_510a-15arrideacentre_a340-24iwl_all-in-one_firmwarethinkagile_hx1521-r_firmwareideacentre_m630e_firmwarethinkagile_hx7820thinkstation_p350_workstation_firmwareideacentre_5-14iob6ideacentre_m725sideacentre_m90tideacentre_a340-24ick_all-in-one_firmwarethinkagile_hx7520_firmwareideacentre_m75s-1v50a-24imb_firmwarev530-15icb_firmwareideacentre_510s-07ick_firmwarelegion_t530-28icb_firmwarethinkagile_mx3520_f-_all_flash_thinkstation_stadia_ggp-120_firmwareideacentre_aio_3-27alc6_firmwareideacentre_510a-15arr_firmwareideacentre_m820z_all-in-one_firmwareideacentre_m700_tiny_firmwareideacentre_m920xthinkcentre_m700q_firmwarethinkagile_hx7521_firmwarethinkagile_hx3375thinkagile_vx7320_n__firmwarethinkagile_vx7820__firmwarethinksystem_hr650xideacentre_a340-22ick_all-in-one_firmwarev530s-07icbthinkagile_hx2720-e_firmwarethinkstation_thinkstation_p318_firmwarethinksystem_dx1100uv50a-22imbyangtian_afq150ideacentre_m75n_firmwarev540-24iwl_all-in-onev530-24icb_all-in-one_firmwarethinksmart_hub_500_firmwareideacentre_m710sideacentre_m90q_gen_3_firmwarethinkstation_thinkstation_p318thinkagile_vx_4uthinkagile_mx3331-h_hybridideacentre_m630eideacentre_aio_3-24imb05ideacentre_5-14imb05thinkagile_vx7520_thinksystem_st50ideacentre_neo_50s_gen_3thinkagile_mx3531-f_all-flash_firmwarev540-24iwl_all-in-one_firmwarethinkstation_p330_workstation_firmwareideacentre_m710t_firmwarethinkcentre_m610thinkserver_td350ideacentre_m715qideacentre_aio_3-24iil5thinkagile_hx2331_firmwareideacentre_aio_3-22itl6v55t-15api_firmwarethinksmart_core_device_for_logitech_firmwareideacentre_m75s_gen_2_firmwareideacentre_m70q_gen_3thinksystem_dx1100u_firmwarethinkcentre_m6600s_firmwarethinkagile_mx3330-h_hybrid_firmwareideacentre_3_07iab7thinkagile_hx2720-ethinkcentre_m6600q_firmwarethinkserver_sr588thinkagile_hx5520_firmwareideacentre_m90q_tinyideacentre_5_14iab7thinkserver_ts250_firmwarethinkagile_mx3530_f_all_flashthinkstation_stadia_ggp-120ideacentre_m70t_gen_3_firmwarethinkstation_p920_workstation_firmwareideacentre_m715q_2nd_gen_firmwareideacentre_m920t_firmwarethinkserver_rs260thinkagile_mx3530_f_all_flash_firmwarethinksystem_st50_firmwarethinkagile_mx3330-h_hybridthinkstation_p720_workstationthinksystem_dx8200dthinksystem_hr630xideacentre_m720s_firmwarethinkagile_vx2320_ideacentre_e96z_firmwarethinkagile_vx_1sethinkagile_vx3520-g_v50a-22imb_firmwareideacentre_aio_3-27alc6thinkagile_hx5521-c_firmwarethinkstation_p360_tiny_workstationthinkagile_vx7330v30a-22imlthinkserver_rd350ideacentre_a340-22icb_all-in-one_firmwarethinkcentre_e75s_firmwareideacentre_c5-14imb05_firmwarethinkcentre_m610_firmwarethinkserver_ts450_firmwarethinksmart_hub_zoom_firmwarethinkstation_p340_tiny_workstation_firmwareideacentre_510a-15ick_firmwareideacentre_m920tthinkstation_p720_workstation_firmwareideacentre_m700_tinythinkagile_vx3331_firmwareideacentre_neo_50t_gen_3_firmwarethinkserver_ts460_firmwareideacentre_gaming_5_17iab7_firmwarethinkserver_ts560ideacentre_m80q_gen_3_firmwarethinkagile_hx5531_firmwarethinkagile_mx3331-h_hybrid_firmwarethinkserver_rd550BIOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-33226
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 1.80%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:38
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer copy without checking the size of input in Core

Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client applications.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwareqam8255p_firmwarewcn3991wcd9380_firmwarewsa8830wcn785x-5sm8350-ac_firmwaresm8150-acwsa8835wcd9380qca6420_firmwareqca6595au_firmwaresnapdragon_wear_4100\+_platform_firmwaresm8350snapdragon_wear_4100\+_platformwcn685x-5_firmwarewcn685x-1qca6430_firmwaresm8450wcn3980wcn3998wcd9385_firmwaresd855wcn3660bwsa8815wcn3660b_firmwareqca6574au_firmwarewcn3680b_firmwareqca6595auwcn3998_firmwarewcn785x-5_firmwarewcn3980_firmwarewcn3610_firmwareqca6420aqt1000_firmwareqca6698aqsm8350_firmwarewcn685x-5qca6797aq_firmwareqca6430wcn785x-1_firmwareqca6574auwsa8810_firmwarewcd9341_firmwaresm8450_firmwarewsa8810sa8255p_firmwaresm8150-ac_firmwareqca6698aq_firmwarewcn3680bsm8350-acwcn685x-1_firmwarewcd9385sm8150_firmwaresa8255pwcd9341qca6797aqaqt1000wsa8830_firmwaresd855_firmwaresm8150wcn785x-1wsa8815_firmwarewsa8835_firmwareqam8255pwcn3610Snapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-33230
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 1.80%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:38
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer copy without checking the size of input in FM Host

Memory corruption in FM Host due to buffer copy without checking the size of input in FM Host

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwaresm6375wcn3991wsa8830sa6150p_firmwaresa8145p_firmwaresw5100pqca6554asnapdragon_w5\+_gen_1_wearable_platformqca6595qca6564auwsa8835qca6574sa8150p_firmwareqca6420_firmwareqca6595au_firmwaresnapdragon_wear_4100\+_platform_firmwarewcd9370qca6574asnapdragon_wear_4100\+_platformqca6584au_firmwareqca6430_firmwarewcn3980sm4375wcn3998qca6554a_firmwarewcd9385_firmwareqca6574_firmwaresm6375_firmwarewcn3660bsd855wsa8815wcn3660b_firmwareqca6574a_firmwareqca6574au_firmwarewcn3680b_firmwareqca6595auwcn3998_firmwarewcd9375_firmwarewcn3980_firmwarewcn3610_firmwareqca6420sm4350-acsnapdragon_w5\+_gen_1_wearable_platform_firmwareaqt1000_firmwareqca6564au_firmwareqca6584ausa6155p_firmwarewcn3988_firmwareqca6430qca6574ausa6145p_firmwaresa8155p_firmwaresa8195pwsa8810_firmwarewcd9341_firmwaresm4375_firmwaresw5100wsa8810sa6155psw5100p_firmwaresa6145pwcn3680bwcd9385sm8150_firmwarewcd9341qca6696_firmwareqca6595_firmwaresa8145pqca6696sm4350wcd9375sm4350_firmwareaqt1000sa8150pwcd9370_firmwaresm4350-ac_firmwaresa6150psa8155pwsa8830_firmwaresd855_firmwaresm8150wcn3988wsa8815_firmwarewsa8835_firmwaresa8195p_firmwaresw5100_firmwarewcn3610Snapdragonaqt1000_firmwareqca6564au_firmwaresa6155p_firmwaresa6150p_firmwaresa8145p_firmwarewcn3988_firmwaresa6145p_firmwaresa8155p_firmwarewsa8810_firmwaresa8150p_firmwarewcd9341_firmwareqca6420_firmwareqca6595au_firmwaresw5100p_firmwaresnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_480_5g_mobile_platform_firmwareqca6584au_firmwareqca6696_firmwareqca6430_firmwareqca6595_firmwareqca6554a_firmwarewcd9385_firmwaresnapdragon_855_mobile_platform_firmwareqca6574_firmwarewcd9370_firmwarewsa8830_firmwaresd855_firmwarewsa8815_firmwarewcn3660b_firmwarewsa8835_firmwareqca6574a_firmwarefastconnect_6200_firmwareqca6574au_firmwaresa8195p_firmwaresnapdragon_695_5g_mobile_platform_firmwarewcn3680b_firmwaresw5100_firmwarewcd9375_firmwarewcn3980_firmwarewcn3610_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-33224
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 1.80%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:38
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer copy without checking the size of input in Core

Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl queries.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwareqam8255p_firmwarewcn3991wsa8830wcd9380_firmwaresa6150p_firmwaresa8145p_firmwaresw5100psnapdragon_w5\+_gen_1_wearable_platformwcn785x-5sm8350-ac_firmwaresm8150-acwsa8835wcd9380sa8150p_firmwareqca6420_firmwareqca6595au_firmwaresnapdragon_wear_4100\+_platform_firmwaresm8350snapdragon_wear_4100\+_platformwcn685x-5_firmwarewcn685x-1sm8450qca6430_firmwarewcn3980wcn3998wcd9385_firmwarewcn3660bsd855wsa8815wcn3660b_firmwareqca6574au_firmwarewcn3680b_firmwareqca6595auwcn3998_firmwarewcn785x-5_firmwarewcn3980_firmwarewcn3610_firmwareqca6420snapdragon_w5\+_gen_1_wearable_platform_firmwareaqt1000_firmwaresa6155p_firmwareqcs8155qca6698aqsm8350_firmwarewcn685x-5wcn3988_firmwareqca6430qca6797aq_firmwarewcn785x-1_firmwaresa6145p_firmwareqca6574ausa8155p_firmwaresa8195pwsa8810_firmwarewcd9341_firmwaresm8450_firmwaresw5100wsa8810sa8255p_firmwaresa6155psw5100p_firmwaresm8150-ac_firmwareqca6698aq_firmwaresa6145pwcn3680bsm8350-acwcn685x-1_firmwarewcd9385sm8150_firmwaresa8255pwcd9341qca6696_firmwaresa8145pqca6696qca6797aqaqt1000sa8150psa6150psa8155pwsa8830_firmwaresd855_firmwaresm8150wcn785x-1wcn3988wsa8815_firmwarewsa8835_firmwaresa8195p_firmwareqcs8155_firmwaresw5100_firmwareqam8255pwcn3610Snapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-24153
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.24% / 15.44%
||
7 Day CHG+0.01%
Published-27 Jan, 2025 | 21:45
Updated-02 Apr, 2026 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3. An app with root privileges may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found