Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-3633

Summary
Assigner-Bitdefender
Assigner Org ID-b3d5ebe7-963e-41fb-98e1-2edaeabb8f82
Published At-14 Jul, 2023 | 19:29
Updated At-30 Oct, 2024 | 19:10
Rejected At-
Credits

Out of Bounds Memory Corruption Issue in CEVA Engine

An out-of-bounds write vulnerability in Bitdefender Engines on Windows causes the engine to crash. This issue affects Bitdefender Engines version 7.94791 and lower.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Bitdefender
Assigner Org ID:b3d5ebe7-963e-41fb-98e1-2edaeabb8f82
Published At:14 Jul, 2023 | 19:29
Updated At:30 Oct, 2024 | 19:10
Rejected At:
▼CVE Numbering Authority (CNA)
Out of Bounds Memory Corruption Issue in CEVA Engine

An out-of-bounds write vulnerability in Bitdefender Engines on Windows causes the engine to crash. This issue affects Bitdefender Engines version 7.94791 and lower.

Affected Products
Vendor
BitdefenderBitdefender
Product
Engines
Platforms
  • Windows
Default Status
unaffected
Versions
Affected
  • 7.94791
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-100CAPEC-100 Overflow Buffers
CAPEC ID: CAPEC-100
Description: CAPEC-100 Overflow Buffers
Solutions

An automated update to engine version 7.94792 or higher fixes the issue.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.bitdefender.com/support/security-advisories/out-of-bounds-memory-corruption-issue-in-ceva-engine-va-11010
N/A
Hyperlink: https://www.bitdefender.com/support/security-advisories/out-of-bounds-memory-corruption-issue-in-ceva-engine-va-11010
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.bitdefender.com/support/security-advisories/out-of-bounds-memory-corruption-issue-in-ceva-engine-va-11010
x_transferred
Hyperlink: https://www.bitdefender.com/support/security-advisories/out-of-bounds-memory-corruption-issue-in-ceva-engine-va-11010
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve-requests@bitdefender.com
Published At:14 Jul, 2023 | 20:15
Updated At:27 Jul, 2023 | 03:56

An out-of-bounds write vulnerability in Bitdefender Engines on Windows causes the engine to crash. This issue affects Bitdefender Engines version 7.94791 and lower.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Bitdefender
bitdefender
>>engines>>Versions before 7.94792(exclusive)
cpe:2.3:a:bitdefender:engines:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarycve-requests@bitdefender.com
CWE ID: CWE-787
Type: Primary
Source: cve-requests@bitdefender.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.bitdefender.com/support/security-advisories/out-of-bounds-memory-corruption-issue-in-ceva-engine-va-11010cve-requests@bitdefender.com
Vendor Advisory
Hyperlink: https://www.bitdefender.com/support/security-advisories/out-of-bounds-memory-corruption-issue-in-ceva-engine-va-11010
Source: cve-requests@bitdefender.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

811Records found
CVE-2024-28231
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.7||CRITICAL
EPSS-0.19% / 40.80%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 20:03
Updated-30 Jun, 2025 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Manipulated DATA Submessage causes a heap-buffer-overflow error

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminated remotely. Additionally, the payload_size in the DATA Submessage packet is declared as uint32_t. When a negative number, such as -1, is input into this variable, it results in an Integer Overflow (for example, -1 gets converted to 0xFFFFFFFF). This eventually leads to a heap-buffer-overflow, causing the program to terminate. Versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 contain a fix for this issue.

Action-Not Available
Vendor-eprosimaeProsimaeprosima
Product-fast_ddsFast-DDSfast_dds
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-27570
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.44%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 00:00
Updated-30 Apr, 2025 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the generate_conf_router function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Action-Not Available
Vendor-libtorn/a
Product-lbt-t300-t390_firmwarelbt-t300-t390n/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-36317
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 57.85%
||
7 Day CHG~0.00%
Published-11 Apr, 2021 | 19:06
Updated-04 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string.

Action-Not Available
Vendor-rust-langn/a
Product-rustn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44010
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.87%
||
7 Day CHG~0.00%
Published-23 Nov, 2023 | 00:00
Updated-03 Aug, 2024 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.

Action-Not Available
Vendor-clickhousen/a
Product-clickhousen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-43357
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.18%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-03 Oct, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.

Action-Not Available
Vendor-sass-langn/a
Product-sassclibsassn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42080
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.36%
||
7 Day CHG~0.00%
Published-12 Oct, 2022 | 00:00
Updated-15 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac1206ac1206_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42060
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.61%
||
7 Day CHG~0.00%
Published-15 Nov, 2022 | 00:00
Updated-13 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w15e_firmwarew15en/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42081
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.36%
||
7 Day CHG~0.00%
Published-12 Oct, 2022 | 00:00
Updated-15 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via sched_end_time parameter.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac1206ac1206_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-25200
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.58% / 67.92%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 00:00
Updated-20 Jun, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c.

Action-Not Available
Vendor-espruinon/a
Product-espruinon/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41981
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.19% / 41.43%
||
7 Day CHG~0.00%
Published-23 Dec, 2022 | 23:03
Updated-14 Apr, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-openimageioOpenImageIO ProjectDebian GNU/Linux
Product-debian_linuxopenimageioOpenImageIO
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-24851
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.88%
||
7 Day CHG~0.00%
Published-28 May, 2024 | 15:30
Updated-13 Feb, 2025 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the Programming Software Connection FiBurn functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a buffer overflow. An attacker can send an unauthenticated packet to trigger this vulnerability.

Action-Not Available
Vendor-AutomationDirect
Product-p1-540_firmwarep3-550e_firmwarep3-550_firmwarep3-530p1-550_firmwarep2-550p3-550ep3-550p2-550_firmwarep1-540p3-530_firmwarep1-550P3-550Ep3-550e_firmware
CWE ID-CWE-805
Buffer Access with Incorrect Length Value
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-32397
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.74%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 07:05
Updated-13 May, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet.

Action-Not Available
Vendor-rt-labsRT-Labs
Product-p-netP-Net
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-40106
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.93%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:54
Updated-22 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the set_local_time function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i9_firmwarei9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-40874
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.29%
||
7 Day CHG+0.03%
Published-27 Oct, 2022 | 00:00
Updated-07 May, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulnerability in the GetParentControlInfo function, which can cause a denial of service attack through a carefully constructed http request.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1803ax1803_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-24422
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.49%
||
7 Day CHG+0.02%
Published-21 Jan, 2025 | 00:00
Updated-19 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a stack overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.

Action-Not Available
Vendor-n/aThe Linux Foundation
Product-magman/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-40104
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.55% / 66.99%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:54
Updated-22 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i9_firmwarei9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23982
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.41%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 16:35
Updated-12 Dec, 2024 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP PEM vulnerability

When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files.  NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_policy_enforcement_managerBIG-IPbig-ip_pem
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-40105
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.93%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:54
Updated-22 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i9_firmwarei9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-40152
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-6.5||MEDIUM
EPSS-0.57% / 67.54%
||
7 Day CHG+0.02%
Published-16 Sep, 2022 | 10:00
Updated-23 May, 2025 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack Buffer Overflow in Woodstox

Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

Action-Not Available
Vendor-xstreamxstreamFasterXML, LLC.
Product-woodstoxxstreamWoodstox
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-40101
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.93%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 18:54
Updated-22 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i9_firmwarei9n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-40149
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-6.5||MEDIUM
EPSS-0.41% / 60.23%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 00:00
Updated-21 Apr, 2025 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack Buffer Overflow in Jettison

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

Action-Not Available
Vendor-jettison_projectJettisonDebian GNU/Linux
Product-jettisondebian_linuxJettison
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-40875
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.36%
||
7 Day CHG+0.01%
Published-27 Oct, 2022 | 00:00
Updated-07 May, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the function GetParentControlInfo.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1803ax1803_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-40070
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.36%
||
7 Day CHG~0.00%
Published-19 Sep, 2022 | 14:36
Updated-03 Aug, 2024 | 12:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via bin/httpd, function: formSetFirewallCfg.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac21_firmwareac21n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-38568
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 33.29%
||
7 Day CHG~0.00%
Published-28 Aug, 2022 | 16:43
Updated-03 Aug, 2024 | 11:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the hostname parameter.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-m3m3_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-1061
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.3||HIGH
EPSS-0.26% / 48.81%
||
7 Day CHG~0.00%
Published-24 Mar, 2022 | 09:20
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap Buffer Overflow in parseDragons in radareorg/radare2

Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8.

Action-Not Available
Vendor-Radare2 (r2)
Product-radare2radareorg/radare2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-38742
Matching Score-4
Assigner-Rockwell Automation
ShareView Details
Matching Score-4
Assigner-Rockwell Automation
CVSS Score-8.1||HIGH
EPSS-4.76% / 89.03%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 15:24
Updated-22 May, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation ThinManager Software Vulnerable to Arbitrary Code Execution and Denial-Of-Service Attack

Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the ThinServer process. If successfully exploited, this could expose the server to arbitrary remote code execution.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-thinmanagerThinManager ThinServer
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-39173
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.51% / 80.44%
||
7 Day CHG~0.00%
Published-29 Sep, 2022 | 00:00
Updated-20 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message.

Action-Not Available
Vendor-wolfssln/a
Product-wolfssln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-38569
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.70%
||
7 Day CHG~0.00%
Published-28 Aug, 2022 | 16:41
Updated-03 Aug, 2024 | 11:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelAd.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-m3m3_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-38567
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.60%
||
7 Day CHG~0.00%
Published-28 Aug, 2022 | 16:46
Updated-03 Aug, 2024 | 11:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vulnerability in the function formSetAdConfigInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the authIPs parameter.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-m3m3_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-40069
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.36%
||
7 Day CHG~0.00%
Published-19 Sep, 2022 | 14:38
Updated-03 Aug, 2024 | 12:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetSysTime.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac21_firmwareac21n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-40067
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.36%
||
7 Day CHG~0.00%
Published-19 Sep, 2022 | 14:40
Updated-03 Aug, 2024 | 12:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetVirtualSer.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac21_firmwareac21n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-40075
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.36%
||
7 Day CHG~0.00%
Published-19 Sep, 2022 | 14:30
Updated-03 Aug, 2024 | 12:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, form_fast_setting_wifi_set.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac21_firmwareac21n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-33087
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.93% / 75.18%
||
7 Day CHG~0.00%
Published-30 Jun, 2022 | 22:27
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-archer_a5_firmwarearcher_c50_firmwarearcher_a5archer_c50n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-22373
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.15% / 36.81%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 14:33
Updated-21 Aug, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-grassroots_dicom_projectGrassroot DICOMgrassroots_dicom_projectFedora Project
Product-grassroots_dicomfedoraGrassroot DICOMgrassroots_dicom
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-3725
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 17.82%
||
7 Day CHG~0.00%
Published-27 Oct, 2022 | 00:00
Updated-09 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark FoundationFedora Project
Product-fedorawiresharkWireshark
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-32050
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.54%
||
7 Day CHG~0.00%
Published-01 Jul, 2022 | 17:27
Updated-03 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40.

Action-Not Available
Vendor-n/aTOTOLINK
Product-t6t6_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37453
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 44.08%
||
7 Day CHG~0.00%
Published-20 Oct, 2022 | 00:00
Updated-08 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffer overflow or an excess allocation happens due to unchecked array and matrix bounds in structure data types.

Action-Not Available
Vendor-softingn/a
Product-opcedgeaggregatoropc_ua_c\+\+_software_development_kitedgeconnectorsecure_integration_serveruagatesn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37325
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.60%
||
7 Day CHG~0.00%
Published-05 Dec, 2022 | 00:00
Updated-24 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.

Action-Not Available
Vendor-n/aSangoma Technologies Corp.
Product-asteriskn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-3667
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.07% / 22.27%
||
7 Day CHG+0.01%
Published-26 Oct, 2022 | 00:00
Updated-14 Apr, 2025 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Axiomatic Bento4 mp42aac Ap4ByteStream.cpp WritePartial heap-based overflow

A vulnerability, which was classified as critical, was found in Axiomatic Bento4. This affects the function AP4_MemoryByteStream::WritePartial of the file Ap4ByteStream.cpp of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212007.

Action-Not Available
Vendor-Axiomatic Systems, LLC
Product-bento4Bento4
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36788
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.11% / 30.54%
||
7 Day CHG~0.00%
Published-20 Apr, 2023 | 15:29
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the TriangleMesh clone functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially-crafted STL file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-slic3rSlic3r
Product-libslic3rlibslic3r
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34759
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.20%
||
7 Day CHG~0.00%
Published-13 Jul, 2022 | 21:10
Updated-16 Sep, 2024 | 22:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. Affected Products: X80 advanced RTU Communication Module (BMENOR2200H) (V1.0), OPC UA Modicon Communication Module (BMENUA0100) (V1.10 and prior)

Action-Not Available
Vendor-
Product-opc_ua_module_for_m580opc_ua_module_for_m580_firmwarex80_advanced_rtu_module_firmwarex80_advanced_rtu_moduleOPC UA Modicon Communication ModuleX80 advanced RTU Communication Module
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-21780
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-7.5||HIGH
EPSS-1.15% / 77.58%
||
7 Day CHG~0.00%
Published-02 Feb, 2024 | 06:38
Updated-16 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer supported.

Action-Not Available
Vendor-kddiKDDI CORPORATION
Product-home_spot_cube_2home_spot_cube_2_firmwareHOME SPOT CUBE2
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-35557
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.05%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 16:37
Updated-03 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow vulnerability exists in /goform/wifiSSIDget in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-w6w6_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-25898
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 17.83%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 00:00
Updated-18 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the pskSecret parameter at /userRpm/WlanSecurityRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr841nd_firmwaretl-wr841ndn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-35506
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.63%
||
7 Day CHG~0.00%
Published-03 Aug, 2022 | 20:33
Updated-03 Aug, 2024 | 09:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TripleCross v0.1.0 was discovered to contain a stack overflow which occurs because there is no limit to the length of program parameters.

Action-Not Available
Vendor-triplecross_projectn/a
Product-triplecrossn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-33286
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.19%
||
7 Day CHG~0.00%
Published-06 Jan, 2023 | 05:02
Updated-09 Apr, 2025 | 14:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer over-read in WLAN

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremdm9640_firmwaresm6250p_firmwareipq4028_firmwareqca1023qca8337ar9380ipq8173_firmwareqcn5124mdm9645wcn3950_firmwareqca6595au_firmwaresa6155mdm8215sd_455_firmwareapq8076qcs6125_firmwaresa415msm4375wcn3998wcd9371_firmwarewcn3950qcn6024_firmwaresd720gsm4125mdm9206_firmwarewcn3660bqsm8350_firmwareqsm8350sd460_firmwaresm7315_firmwarewcn7850qca8081_firmwarewcn3998_firmwareqca6420qcn9002qca9986ipq8070_firmwareqca9367_firmwareipq8065ipq8078a_firmwaresd_8cx_gen2ipq8072_firmwareqca0000sa8155_firmwareipq8068qca6430wcd9340sd765gsd680wcn7851_firmwaremdm9250_firmwareqca9888_firmwareqcn6122qca6696_firmwarewcd9371sd870_firmwareqca1062qcn5154_firmwaremdm8215_firmwaresd_8cxsa8150pqca9992_firmwaresd660sd865_5g_firmwaresd712sd660_firmwaresm8475qcn5022_firmwareqcn7606_firmwarewcn6750_firmwareqca6428_firmwareqca9985_firmwarewcn3991ipq4018_firmwareqca9980_firmwareipq8078qca8084qcn9001_firmwareipq8173sdx55m_firmwaremsm8976_firmwareqca6574sd670_firmwarecsr8811_firmwarewcd9380qcs410qcn5024sd690_5g_firmwareqca9379_firmwaresdx24_firmwareqca9985qcn9012_firmwareqcn9274_firmwareipq6018_firmwarewcd9340_firmwarewsa8815wcn6850pmp8074_firmwareqcn6112qca6584_firmwaremdm9215_firmwaresd695ipq6028ipq8064sd835pmp8074ipq9574_firmwarewcn3980_firmwaresd730qcc5100_firmwaresa8295pqca2062_firmwarewcn6740_firmwaresd678_firmwareapq8064au_firmwareipq8078_firmwareqcn5054qcs603qca9994qca9980sd670qcn9024_firmwareipq8174_firmwareqcm4290_firmwarewcn6855qcn7605_firmwaresw5100p_firmwareqcs610_firmwaresa6145pqca9886_firmwarear8031qca1023_firmwaresdm630_firmwaresd820_firmwareqca6391_firmwaresa4150p_firmwareqca4024wcd9370_firmwaresdx55qcn5021_firmwarecsra6640qca9379sa4155psxr2150pqcn7606qsm8250_firmwarewsa8830qca1062_firmwarecsrb31024mdm9628_firmwaremdm9650sd_636qca8082qca9992qcs4290mdm9250qca6420_firmwareapq8009_firmwareqca2064_firmwaresd690_5gmdm9310_firmwaresd675_firmwareipq8072qca6564qca6426wcn3990_firmwareqrb5165n_firmwareqca9984_firmwareqca9377wcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwarewcn3615_firmwareipq8074aqcn6102_firmwareqcn9011_firmwaresa8155qca6584qcn5122_firmwaresdx55_firmwarewcn3615qcn6023_firmwaresm7250p_firmwarewcn3610_firmwareqrb5165nqca6584ausd778gipq8174wcn7851qcn5052qca9367sdm630mdm9607_firmwareqcn6112_firmwaresa415m_firmwarewcn3988_firmwareqcn9074qca6421qca8085sd778g_firmwaresa8195pqca6694sm4375_firmwarewcd9326wcd9335qcn6023qcs4290_firmwareqca8085_firmwareqcs6490_firmwareqca6390qca9898_firmwaresd750g_firmwareaqt1000msm8976wcd9375sm6250_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwaresdx20_firmwarewsa8815_firmwareapq8017qcx315qcm6125_firmwaresd780gsd865_5gqca6595qcc5100ipq8065_firmwareqcx315_firmwaresd665_firmwareqcn5154qca8075_firmwaresc8180xmdm9206wcn6855_firmwareqcn6132_firmwareqcn9003_firmwareqca9888qca6310_firmwareipq8070a_firmwaremdm9615qca6574_firmwareqca9886sm7325p_firmwaresd665qca6175asd765qca6574a_firmwareqrb5165msd850_firmwaresm7315apq8009mdm9310qcn6102csrb31024_firmwareqcm6490_firmwareqcn9070_firmwaresd480_firmwareipq6028_firmwareipq8072a_firmwaresc8180x_firmwareqca9889_firmwaresd710mdm9607qcn5122mdm9645_firmwaresdx20m_firmwareqcn5022qca6564_firmwaresd768gqca1064_firmwarewcn6740qca8075apq8096au_firmwareqcn6024qcn9022sd845mdm9615_firmwareqcn9002_firmwareipq6000_firmwaresdx12qcs410_firmwareqca6175a_firmwaresd_8cx_gen3_firmwareqca2066sa6150p_firmwareqcs610qca6431_firmwarewcd9360_firmwaresdx65qca4024_firmwareipq8078aipq5028_firmwaresa8150p_firmwareqcs2290qca6335qca2062csra6620_firmwareqcs605_firmwaresd_675_firmwarecsra6640_firmwareqca6554a_firmwareqam8295psd_8cx_gen2_firmwareipq8076amdm9628qca8386_firmwaresd_8_gen1_5g_firmwareqca8084_firmwaresd710_firmwareqca4020qca6428qca6574au_firmwareqcn5164_firmwareipq8071wcd9375_firmwaresa6155_firmwaresdx12_firmwarewcd9360sdx20mqca6438_firmwaresd680_firmwarewcn3999qrb5165_firmwareipq5028qrb5165m_firmwareipq4029_firmwareqcs6125sa4155p_firmwareipq6010sd662_firmwareqcs405qcn6132sw5100qca4020_firmwareqca6436wcn6851sa6155pqcs603_firmwarewcd9341ipq8068_firmwareqca2066_firmwareqca6431sd750gipq9008_firmwarewcn3910_firmwaresxr2150p_firmwarewsa8830_firmwaresd855_firmwarewcn3988qca6438wcn7850_firmwaresa8195p_firmwareqca9898sa8295p_firmwareipq4028wcn3610mdm9640ipq5018_firmwareqca8337_firmwarewcd9380_firmwareipq8072asw5100pmsm8996au_firmwarewcd9330ipq8076a_firmwareqca6564auwcn6856_firmwareipq9008qcn5164qcn5054_firmwaresdx50m_firmwareqca8072_firmwareqca6174qca6430_firmwareqcn5052_firmwarewcd9335_firmwarewcn3980qca6335_firmwareqcs605sd7cwcn3910qca6320mdm9650_firmwareqca9986_firmwareqca6426_firmwarewcn3660b_firmwareqca9984qcn9024wcd9330_firmwaresdx55mipq8064_firmwareqca6421_firmwaresd821_firmwarear8031_firmwareqrb5165wcn6851_firmwareipq8070sd_636_firmwareqca6564a_firmwaresd480sd870qsm8250ipq6018sd695_firmwaresdxr1apq8096auqca6595_firmwareqcs405_firmwaresa8145pqca2064sd780g_firmwaresd888_firmwaresa8155psd675ar8035_firmwareqcm2290qcn5024_firmwarewcn3991_firmwaresd678qcn9070sa8145p_firmwareqcs2290_firmwaresd7c_firmwarecsra6620qcn9072qca8386sd765g_firmwareipq8069_firmwareqca6390_firmwareipq6000qca6174_firmwaresd730_firmwarewcd9370qcn5152_firmwareqca0000_firmwareqca6584au_firmwareapq8076_firmwareqcn9000_firmwareipq5018sd_8cx_firmwareqcn7605qca2065sd662qcn5124_firmwareqam8295p_firmwareqca1064qcn6100_firmwareqca8082_firmwareqca6320_firmwarewcn3680b_firmwareqca6595auwcn3999_firmwareqca6436_firmwareipq5010qca6564au_firmwaresa6155p_firmwareqca6310qcn9274qcn9001qca9990qcs6490sa515m_firmwaresdxr2_5gsd821sa6145p_firmwaresm6250sd712_firmwareapq8017_firmwarewsa8810_firmwaresd765_firmwareqca8081ipq8071aqca6174a_firmwareipq8071a_firmwarewcd9385qca2065_firmwaresd_8cx_gen3ar8035csr8811apq8064auqca6694_firmwareqcn9100_firmwaresd820qcm6490wcn6850_firmwarewsa8835_firmwareqca6564asa4150pqca8072qcm2290_firmwarewcn3990qcn9000sd_675qca6554aar9380_firmwaresdx24qcn9012sd888qcn6122_firmwarewsa8835msm8996ausd888_5gsm6250pipq4018qca6574aqca9889qca6174asm7325pipq8074qca9994_firmwarewcn6750qcn9003ipq8076_firmwaresa515msd855sm4125_firmwareipq8076qcn5021ipq8069qcn5152sd768g_firmwaresd460qca6391sdxr1_firmwareaqt1000_firmwareqcn9100sdx65_firmwareqcm4290sdx50msdx20mdm9215qcn9011sd_455ipq8074_firmwareqca6574ausa8155p_firmwareipq9574wcd9341_firmwareqcm6125wsa8810wcn6856wcn3680bsd835_firmwareipq6010_firmwareqca6696sd845_firmwaresa6150pqcn9022_firmwareqca9990_firmwareipq8070aqcn6100qcn9072_firmwaresm7250psd720g_firmwareipq8071_firmwareqcn9074_firmwaresw5100_firmwareipq4029sd850Snapdragon
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-1068
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.35%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-16 Apr, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Modbus Tools Modbus Slave Stack-Based Buffer Overflow

Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used.

Action-Not Available
Vendor-modbustoolsModbus Tools
Product-modbus_slaveModbus Slave
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-19323
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 54.85%
||
7 Day CHG~0.00%
Published-11 Sep, 2023 | 00:00
Updated-26 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 2.06beta devices. There is a heap buffer overflow allowing remote attackers to restart router via the M-search request ST parameter. No authentication required

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-619ldir-619l_firmwaren/adir-619l
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-40151
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 57.65%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 10:00
Updated-23 May, 2025 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack Buffer Overflow in xstream

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

Action-Not Available
Vendor-xstreamxstream
Product-xstreamxstream
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-34424
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.31%
||
7 Day CHG~0.00%
Published-28 Sep, 2022 | 20:30
Updated-20 May, 2025 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system crash by running particular security scans.

Action-Not Available
Vendor-Dell Inc.
Product-smartfabric_os10Dell Networking OS10
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 16
  • 17
  • Next
Details not found