Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-53879

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-15 Dec, 2025 | 20:32
Updated At-12 May, 2026 | 20:46
Rejected At-
Credits

NVClient 5.0 Stack Buffer Overflow Vulnerability via User Configuration

NVClient 5.0 contains a stack buffer overflow vulnerability in the user configuration contact field that allows attackers to crash the application. Attackers can overwrite 846 bytes of memory by pasting a crafted payload into the contact box, causing a denial of service condition.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:15 Dec, 2025 | 20:32
Updated At:12 May, 2026 | 20:46
Rejected At:
▼CVE Numbering Authority (CNA)
NVClient 5.0 Stack Buffer Overflow Vulnerability via User Configuration

NVClient 5.0 contains a stack buffer overflow vulnerability in the user configuration contact field that allows attackers to crash the application. Attackers can overwrite 846 bytes of memory by pasting a crafted payload into the contact box, causing a denial of service condition.

Affected Products
Vendor
neonguvenlik
Product
NVClient
Versions
Affected
  • 5.0
Problem Types
TypeCWE IDDescription
CWECWE-121Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
4.06.7MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Ahmet Ümit BAYRAM
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.exploit-db.com/exploits/51700
exploit
http://download.eyemaxdvr.com/DVST%20ST%20SERIES/CMS/Video%20Surveillance%20Management%20Software(V5.0).pdf
product
https://www.vulncheck.com/advisories/nvclient-stack-buffer-overflow-vulnerability-via-user-configuration
third-party-advisory
Hyperlink: https://www.exploit-db.com/exploits/51700
Resource:
exploit
Hyperlink: http://download.eyemaxdvr.com/DVST%20ST%20SERIES/CMS/Video%20Surveillance%20Management%20Software(V5.0).pdf
Resource:
product
Hyperlink: https://www.vulncheck.com/advisories/nvclient-stack-buffer-overflow-vulnerability-via-user-configuration
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.exploit-db.com/exploits/51700
exploit
http://download.eyemaxdvr.com/DVST%20ST%20SERIES/CMS/Video%20Surveillance%20Management%20Software(V5.0).pdf
exploit
Hyperlink: https://www.exploit-db.com/exploits/51700
Resource:
exploit
Hyperlink: http://download.eyemaxdvr.com/DVST%20ST%20SERIES/CMS/Video%20Surveillance%20Management%20Software(V5.0).pdf
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:15 Dec, 2025 | 21:15
Updated At:18 Dec, 2025 | 22:36

NVClient 5.0 contains a stack buffer overflow vulnerability in the user configuration contact field that allows attackers to crash the application. Attackers can overwrite 846 bytes of memory by pasting a crafted payload into the contact box, causing a denial of service condition.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.7MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 4.0
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CPE Matches

eyemaxsystems
eyemaxsystems
>>nvclient>>5.0
cpe:2.3:a:eyemaxsystems:nvclient:5.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-121Secondarydisclosure@vulncheck.com
CWE-787Primarynvd@nist.gov
CWE ID: CWE-121
Type: Secondary
Source: disclosure@vulncheck.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://download.eyemaxdvr.com/DVST%20ST%20SERIES/CMS/Video%20Surveillance%20Management%20Software(V5.0).pdfdisclosure@vulncheck.com
Product
https://www.exploit-db.com/exploits/51700disclosure@vulncheck.com
Exploit
Third Party Advisory
https://www.vulncheck.com/advisories/nvclient-stack-buffer-overflow-vulnerability-via-user-configurationdisclosure@vulncheck.com
Third Party Advisory
http://download.eyemaxdvr.com/DVST%20ST%20SERIES/CMS/Video%20Surveillance%20Management%20Software(V5.0).pdf134c704f-9b21-4f2e-91b3-4a467353bcc0
Product
https://www.exploit-db.com/exploits/51700134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Third Party Advisory
Hyperlink: http://download.eyemaxdvr.com/DVST%20ST%20SERIES/CMS/Video%20Surveillance%20Management%20Software(V5.0).pdf
Source: disclosure@vulncheck.com
Resource:
Product
Hyperlink: https://www.exploit-db.com/exploits/51700
Source: disclosure@vulncheck.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.vulncheck.com/advisories/nvclient-stack-buffer-overflow-vulnerability-via-user-configuration
Source: disclosure@vulncheck.com
Resource:
Third Party Advisory
Hyperlink: http://download.eyemaxdvr.com/DVST%20ST%20SERIES/CMS/Video%20Surveillance%20Management%20Software(V5.0).pdf
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Product
Hyperlink: https://www.exploit-db.com/exploits/51700
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

320Records found

CVE-2021-22465
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 4.25%
||
7 Day CHG~0.00%
Published-28 Oct, 2021 | 12:31
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A component of the HarmonyOS has a Heap-based Buffer Overflow vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-20546
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.27% / 18.02%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 16:30
Updated-16 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application to crash. IBM X-Force ID: 198934

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_for_space_managementspectrum_protect_clientSpectrum Protect for Space Management
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0075
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 11.45%
||
7 Day CHG~0.00%
Published-17 Nov, 2021 | 19:38
Updated-03 Aug, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in firmware for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and some Killer(TM) WiFi in Windows 10 may allow a privileged user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ax1650ax1675_firmwareac_9462ac_8265ac_3165_firmwareac_9560_firmwareac_8265_firmwareax1675ax200ac_3165ac_9461ac_8260ac_9260ax1650_firmwareac_9461_firmware9260_firmwareac_3168ac_9462_firmwareac_9560ax200_firmware7265_firmwareac1550_firmwareac_3168_firmwareax201ax210_firmwareax201_firmwareac_9260_firmwareac1550ac_8260_firmwareax2107265Intel(R) PROSet/Wireless WiFi in multiple operating systems and some Killer(TM) WiFi in Windows 10
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-3900
Matching Score-4
Assigner-Glyph & Cog, LLC
ShareView Details
Matching Score-4
Assigner-Glyph & Cog, LLC
CVSS Score-2.9||LOW
EPSS-0.18% / 7.48%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 18:41
Updated-29 Jan, 2025 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds stack array write in Xpdf 4.05 due to missing zero check

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText.

Action-Not Available
Vendor-xpdfreaderXpdfxpdfreader
Product-xpdfXpdfxpdf
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-8679
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 19.25%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 03:21
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics Drivers before version 26.20.100.7755 may allow an authenticated user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-graphics_driversIntel(R) Graphics Drivers Advisory
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-9091
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 9.58%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 13:59
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-taurus-an00b_firmwaretaurus-an00bTaurus-AN00B
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9391
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.50% / 38.97%
||
7 Day CHG~0.00%
Published-25 Feb, 2020 | 17:55
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation.

Action-Not Available
Vendor-n/aNetApp, Inc.Fedora ProjectLinux Kernel Organization, Inc
Product-linux_kernelcloud_backuphci_management_nodefedoraactive_iq_unified_managersteelstore_cloud_integrated_storageh410c_firmwareh410csolidfiredata_availability_servicesn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-8230
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 27.15%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 15:36
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory.

Action-Not Available
Vendor-n/aNextcloud GmbH
Product-desktopDesktop Client
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3721
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 9.22%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPCManager
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-37121
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.7||MEDIUM
EPSS-0.21% / 10.88%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 16:13
Updated-06 Feb, 2026 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CODE::BLOCKS 16.01 - Buffer Overflow (SEH) UNICODE

CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can create a malicious M3U playlist file with 536 bytes of buffer and shellcode to trigger remote code execution.

Action-Not Available
Vendor-Code::Blocks
Product-Code::Blocks
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-37128
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.7||MEDIUM
EPSS-0.17% / 6.36%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 16:13
Updated-05 Feb, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZOC Terminal 7.25.5 - 'Script' Denial of Service

ZOC Terminal 7.25.5 contains a script processing vulnerability that allows local attackers to crash the application by loading a maliciously crafted REXX script file. Attackers can generate an oversized script with 20,000 repeated characters to trigger an application crash and cause a denial of service.

Action-Not Available
Vendor-EmTec
Product-ZOC Terminal
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-37132
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.7||MEDIUM
EPSS-0.23% / 13.59%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 16:13
Updated-09 Feb, 2026 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UltraVNC Launcher 1.2.4.0 - 'Password' Denial of Service

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long 300-character string into the password field to trigger an application crash and prevent normal launcher functionality.

Action-Not Available
Vendor-uvncUltraVNC Team
Product-ultravncUltraVNC Launcher
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-37140
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-4.6||MEDIUM
EPSS-0.21% / 11.65%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 16:13
Updated-27 Mar, 2026 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Everest 5.50.2100 - 'Open File' Denial of Service

Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can generate a 450-byte buffer of repeated characters and paste it into the file open dialog to trigger an application crash.

Action-Not Available
Vendor-aida64FinalWire
Product-aida64Everest
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-37122
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.7||MEDIUM
EPSS-0.40% / 32.04%
||
7 Day CHG~0.00%
Published-06 Feb, 2026 | 23:14
Updated-07 Apr, 2026 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SpotFTP-FTP Password Recover 2.4.8 - Denial of Service

SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration code to trigger the application crash.

Action-Not Available
Vendor-Nsauditor
Product-FTP Password Recover
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-37177
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.7||MEDIUM
EPSS-0.30% / 22.14%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 20:37
Updated-13 Feb, 2026 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BOOTP Turbo 2.0 - Denial of Service (SEH)

BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash and corrupt the SEH chain.

Action-Not Available
Vendor-Weird Solutions
Product-BOOTP Turbo
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-37181
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.7||MEDIUM
EPSS-0.42% / 33.72%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 20:37
Updated-12 Feb, 2026 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Torrent FLV Converter 1.51 Build 117 - Stack Oveflow (SEH partial overwrite)

Torrent FLV Converter 1.51 Build 117 contains a stack overflow vulnerability that allows attackers to overwrite Structured Exception Handler (SEH) through a malicious registration code input. Attackers can craft a payload with specific offsets and partial SEH overwrite techniques to potentially execute arbitrary code on vulnerable Windows 32-bit systems.

Action-Not Available
Vendor-TorrentRockYou
Product-Torrent FLV Converter
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-37198
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.7||MEDIUM
EPSS-0.39% / 31.41%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 20:37
Updated-05 Mar, 2026 | 01:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Duplicate Cleaner Pro 4 - Denial of Service

Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger an application crash.

Action-Not Available
Vendor-DigitalVolcano Software
Product-Duplicate Cleaner Pro
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-37136
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.7||MEDIUM
EPSS-0.36% / 28.11%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 16:13
Updated-05 Feb, 2026 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZOC Terminal v7.25.5 - 'Private key file' Denial of Service

ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private key file input with a 2000-byte buffer, causing the application to become unresponsive when attempting to create SSH key files.

Action-Not Available
Vendor-EmTec
Product-ZOC Terminal
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-35924
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.38% / 29.73%
||
7 Day CHG~0.00%
Published-31 Dec, 2020 | 08:16
Updated-04 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the try-mutex crate before 0.3.0 for Rust. TryMutex<T> allows cross-thread sending of a non-Send type.

Action-Not Available
Vendor-try-mutex_projectn/a
Product-try-mutexn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-36429
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.31% / 22.75%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 06:47
Updated-04 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Variant_encodeJson in open62541 1.x before 1.0.4 has an out-of-bounds write for a large recursion depth.

Action-Not Available
Vendor-open62541n/a
Product-open62541n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-36855
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.22% / 12.73%
||
7 Day CHG~0.00%
Published-21 Oct, 2025 | 15:02
Updated-31 Oct, 2025 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DCMTK dcmqrscp parseQuota stack-based overflow

A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version 3.6.6 is sufficient to fix this issue. The identifier of the patch is 0fef9f02e. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-offisn/a
Product-dcmtkDCMTK
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-28928
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.64% / 46.40%
||
7 Day CHG~0.00%
Published-24 Nov, 2020 | 18:01
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).

Action-Not Available
Vendor-musl-libcn/aOracle CorporationFedora ProjectDebian GNU/Linux
Product-musldebian_linuxfedoragraalvmn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-26572
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.40% / 31.80%
||
7 Day CHG+0.01%
Published-06 Oct, 2020 | 01:03
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.

Action-Not Available
Vendor-opensc_projectn/aDebian GNU/LinuxFedora Project
Product-debian_linuxfedoraopenscn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-24863
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.53% / 41.07%
||
7 Day CHG~0.00%
Published-03 Sep, 2020 | 14:34
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger an invalid free and crash the system via a crafted size value in conjunction with an invalid mode.

Action-Not Available
Vendor-midnightbsdn/aFreeBSD Foundation
Product-freebsdmidnightbsdn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-25600
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.43% / 34.31%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 21:12
Updated-04 Aug, 2024 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains can use only 1023 channels, due to limited space in their shared (between guest and Xen) information structure, whereas all other domains can use up to 4095 in this model. The recording of the respective limit during domain initialization, however, has occurred at a time where domains are still deemed to be 64-bit ones, prior to actually honoring respective domain properties. At the point domains get recognized as 32-bit ones, the limit didn't get updated accordingly. Due to this misbehavior in Xen, 32-bit domains (including Domain 0) servicing other domains may observe event channel allocations to succeed when they should really fail. Subsequent use of such event channels would then possibly lead to corruption of other parts of the shared info structure. An unprivileged guest may cause another domain, in particular Domain 0, to misbehave. This may lead to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only x86 32-bit domains servicing other domains are vulnerable. Arm systems, as well as x86 64-bit domains, are not vulnerable.

Action-Not Available
Vendor-n/aFedora ProjectDebian GNU/LinuxopenSUSEXen Project
Product-xendebian_linuxfedoraleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-24352
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 32.92%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 05:05
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

Action-Not Available
Vendor-n/aQEMU
Product-qemun/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-15306
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.46% / 36.97%
||
7 Day CHG~0.00%
Published-26 Jun, 2020 | 00:38
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.

Action-Not Available
Vendor-openexrn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedoraopenexrleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-15358
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.03% / 59.40%
||
7 Day CHG~0.00%
Published-27 Jun, 2020 | 11:39
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

Action-Not Available
Vendor-sqliten/aOracle CorporationApple Inc.Canonical Ltd.Siemens AG
Product-ubuntu_linuxiphone_oscommunications_messaging_serversqlitecommunications_network_charging_and_controloutside_in_technologymacoscommunications_cloud_native_core_policyicloudsinec_infrastructure_network_servicesipadostvoswatchoshyperion_infrastructure_technologyenterprise_manager_ops_centermysqln/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-11832
Matching Score-4
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Matching Score-4
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.32% / 24.28%
||
7 Day CHG~0.00%
Published-31 Dec, 2020 | 17:58
Updated-04 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In functions charging_limit_current_write and charging_limit_time_write in /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c have not checked the parameters, which causes a vulnerability.

Action-Not Available
Vendor-oppon/a
Product-find_x2_proreno3_proreno3_pro_firmwarefind_x2_pro_firmwareOPPO Find X2
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-12386
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 14.32%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 13:52
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in some Intel(R) Graphics Drivers before version 15.36.39.5143 may allow an authenticated user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-graphics_driversIntel(R) Graphics Drivers
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-11834
Matching Score-4
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Matching Score-4
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.32% / 24.28%
||
7 Day CHG~0.00%
Published-31 Dec, 2020 | 17:59
Updated-04 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the function proc_fastchg_fw_update_write in proc_fastchg_fw_update_write does not check the parameter len, resulting in a vulnerability.

Action-Not Available
Vendor-oppon/a
Product-find_x2_proreno3_proreno3_pro_firmwarefind_x2_pro_firmwareOPPO Find X2
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-12289
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 12.30%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 18:42
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-jhl7440_thunderbolt_3_firmwarejhl6240_thunderbolt_3_firmwarejhl7540_thunderbolt_3jhl8010r_usb_retimer_firmwarejhl6340_thunderbolt_3jhl7340_thunderbolt_3_firmwarejhl7040_thunderbolt_3_retimerdsl6540_thunderbolt_3dsl6340_thunderbolt_3_firmwarejhl6540_thunderbolt_3_firmwaredsl5320_thunderbolt_2_firmwaredsl6540_thunderbolt_3_firmwarejhl8010r_usb_retimerjhl7040_thunderbolt_3_retimer_firmwaredsl5520_thunderbolt_2jhl7540_thunderbolt_3_firmwarejhl6540_thunderbolt_3jhl8040r_thunderbolt_4_retimerjhl7340_thunderbolt_3dsl5320_thunderbolt_2jhl6240_thunderbolt_3jhl8040r_thunderbolt_4_retimer_firmwarejhl6340_thunderbolt_3_firmwaredsl6340_thunderbolt_3jhl7440_thunderbolt_3dsl5520_thunderbolt_2_firmwareIntel(R) Thunderbolt(TM) controllers
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-11833
Matching Score-4
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Matching Score-4
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.32% / 24.28%
||
7 Day CHG~0.00%
Published-31 Dec, 2020 | 17:59
Updated-04 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c, the function mp2650_data_log_write in mp2650_data_log_write does not check the parameter len which causes a vulnerability.

Action-Not Available
Vendor-oppon/a
Product-find_x2_proreno3_proreno3_pro_firmwarefind_x2_pro_firmwareOPPO Find X2
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-11835
Matching Score-4
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
ShareView Details
Matching Score-4
Assigner-OPPO Mobile Telecommunication Corp., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.32% / 24.28%
||
7 Day CHG~0.00%
Published-31 Dec, 2020 | 17:59
Updated-04 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_da9313.c, failure to check the parameter buf in the function proc_work_mode_write in proc_work_mode_write causes a vulnerability.

Action-Not Available
Vendor-oppon/a
Product-find_x2_proreno3_proreno3_pro_firmwarefind_x2_pro_firmwareOPPO Find X2
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-11236
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.45% / 35.91%
||
7 Day CHG~0.00%
Published-07 Apr, 2021 | 07:55
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption due to invalid value of total dimension in the non-histogram type KPI could lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfs2580qpm5679_firmwareqpm5620_firmwareqca8337qdm2307qca6431_firmwareqfs2608_firmwareqfs2530qpm8870_firmwareqpa8802qpm6585_firmwareqat3519qbt2000_firmwareqat5522_firmwarepm8150aqtc800hqdm5670sdr8250_firmwareqca6595au_firmwareqpa5581_firmwarepm7150lqpa8821qdm5671qpm4650_firmwareqat3518qpa5580_firmwaresa415mwcn3998smr526_firmwareqdm2305_firmwareqpm5670_firmwareqdm5652sd6905gqca6574au_firmwareqpm8870wcd9375_firmwarewcn3998_firmwareqpm5679qbt2000pm6150aqpm6670_firmwaresdr735gpm8150bqdm3301_firmwareqsm7250pmr735asd765gqdm2308_firmwareqca6436wcn6851qpa6560qfs2630_firmwaresdr865qdm5620_firmwarewcd9341qdm4643_firmwareqca6431qca6696_firmwareqln5020sd870_firmwaresd750gqpm5657pm6350qdm5621qpm5875_firmwarewsa8830_firmwaresd855_firmwareqdm5650wcn3988smb1390qat5516_firmwarepm6150lsd8885gpm855l_firmwareqpa8686_firmwareqpm6585wcn3991qca8337_firmwarewcd9380_firmwaresmb1355qln4650qpa8801sdr735g_firmwareqat5568qet5100qdm5671_firmwareqpa8801_firmwareqca6564aupm8150l_firmwareqat5533_firmwaresdx55m_firmwareqtm527_firmwaresdxr25gqpa8673_firmwareqet4101_firmwarepm7250bqln4642_firmwareqfs2630qpa8842wcd9380smb1355_firmwarepm7250b_firmwarepmk8350_firmwaresmb1381sdr735pm7250smb1395qpa8803smr526pmk8003qtc801s_firmwaresdxr25g_firmwareqdm2301wsa8815wcn6850qdm5621_firmwareqdm2301_firmwareqca6426_firmwarepm8350_firmwarepm8009sdx55mqca6421_firmwarepm8008pm8350b_firmwareqtm525_firmwareqat3518_firmwaresd6905g_firmwareqpm5621_firmwarepm855lqln1021aq_firmwarewcn6851_firmwareqdm5670_firmwareqpa6560_firmwaresd8655gqpa8802_firmwarepm7150a_firmwarepm8150b_firmwareqpm5621qpm6582pm8009_firmwareqdm2310_firmwareqfs2580_firmwaresd480sd870sd8885g_firmwarepm8150lqdm5677pm855_firmwarepmx60_firmwarepm855b_firmwareqpm6582_firmwareqca6391_firmwarewcd9370_firmwareqln4650_firmwareqat3516_firmwareqpm5875sdx55qet5100mqet4101qat3555_firmwareqat3516qpa8803_firmwareqpm5658pm855bqln1031qpm5658_firmwareqpm5870wcn3991_firmwareqdm5652_firmwarewsa8830qet6110_firmwareqln5030qpa5581qpa2625_firmwarecsrb31024pm8350bh_firmwarepmr735b_firmwarepmx24_firmwareqet5100_firmwareqpm4621qpm5870_firmwareqet6100_firmwareqet6100sd765g_firmwareqpa8686qca6390_firmwaresmb1396pm7150awcd9370pm8350qpa5461_firmwarepm8350c_firmwarepmr525_firmwareqca6426qca6584au_firmwareqpm5641wcd9385_firmwareqdm5650_firmwareqat5516pm7250_firmwareqdm5620qln1021aqqpa8821_firmwarepm8350bhpmk8002_firmwarepm3003aqln1031_firmwareqdm4650_firmwaresdx55_firmwareqat5533qca6595ausm7250p_firmwareqca6436_firmwareqsm7250_firmwareqpm6670pm7150l_firmwareqca6564au_firmwareqca6584auqdm2305qpm8820qpm4641qat5515_firmwareqln5020_firmwarepm855qpm8830_firmwarepm8250smb1398qdm4643qfs2530_firmwaresa415m_firmwarepmx55qpm4641_firmwarewcn3988_firmwarepm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwaresdr735_firmwarewsa8810_firmwareqpm5677qat5515sd765_firmwareqdm5677_firmwarepm6350_firmwaresdr8150_firmwarewcd9385qtc800h_firmwareqpm5620qln5040_firmwareqpm4630qca6390wcd9375sd750g_firmwareqpa8673qdm2310qln5030_firmwareqln4642qpm5677_firmwarewsa8815_firmwaresmb1396_firmwaresmr525_firmwarewcn6850_firmwarewsa8835_firmwareqpm8820_firmwareqpm6621_firmwarepmx24qet6110qln5040qpm8895qpm5670pmx55_firmwareqtm527pmk8350smb1398_firmwareqpm8830pm8350bqat5522qdm2307_firmwarewsa8835pm8150cpmr735bqpm5657_firmwarepmk8003_firmwareqca6574aqpm4640_firmwaresmb1390_firmwareqdm5679_firmwarepm8350csmr525qpm4640pm6150l_firmwarepmr525pm8150a_firmwareqet5100m_firmwareqpm4650qtm525qln1036aq_firmwaresd855pm6150a_firmwaresd765qca6574a_firmwareqpm4630_firmwaresd768g_firmwaresdr865_firmwareqat3555pm8250_firmwarepmx60qca6391qpa5461qpm8895_firmwarecsrb31024_firmwaresdr8150qfs2608sd480_firmwareqln1036aqqtc801ssmb1395_firmwareqdm4650qca6574auqpm5641_firmwarepm8008_firmwaresd8655g_firmwarewcd9341_firmwareqpm6621wsa8810pmr735a_firmwareqat5568_firmwareqdm2308qdm5679sdr8250sd768gpm3003a_firmwareqca6696smb1381_firmwareqpa2625pmk8002sm7250pqpm4621_firmwareqpa5580Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-10029
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.76% / 50.68%
||
7 Day CHG~0.00%
Published-04 Mar, 2020 | 00:00
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.

Action-Not Available
Vendor-n/aGNUopenSUSENetApp, Inc.Canonical Ltd.Debian GNU/LinuxFedora Project
Product-ubuntu_linuxdebian_linuxcloud_backuphci_management_nodefedoraactive_iq_unified_managersteelstore_cloud_integrated_storageh410c_firmwareglibch410csolidfireleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-18820
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 27.24%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 20:43
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eximious Logo Designer 3.82 has Heap Corruption starting at ntdll!RtlpNtMakeTemporaryKey+0x0000000000001a78.

Action-Not Available
Vendor-eximioussoftn/a
Product-logo_designern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5177
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.5||MEDIUM
EPSS-0.46% / 36.51%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 23:25
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). The destination buffer sp+0x440 is overflowed with the call to sprintf() for any domainname values that are greater than 1024-len(‘/etc/config-tools/edit_dns_server domain-name=‘) in length. A domainname value of length 0x3fa will cause the service to crash.

Action-Not Available
Vendor-wagoWago
Product-pfc200pfc200_firmwareWAGO PFC200
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5176
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.5||MEDIUM
EPSS-0.53% / 40.65%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 23:24
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x40 is overflowed with the call to sprintf() for any gateway values that are greater than 512-len(‘/etc/config-tools/config_default_gateway number=0 state=enabled value=‘) in length. A gateway value of length 0x7e2 will cause the service to crash.

Action-Not Available
Vendor-wagoWago
Product-pfc200pfc200_firmwareWAGO PFC200
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-5182
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-5.5||MEDIUM
EPSS-0.53% / 40.65%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 22:09
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x440 is overflowed with the call to sprintf() for any type values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled config-type=‘) in length. A type value of length 0x3d9 will cause the service to crash.

Action-Not Available
Vendor-wagoWago
Product-pfc200pfc200_firmwareWAGO PFC200
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-25334
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.7||MEDIUM
EPSS-0.19% / 8.87%
||
7 Day CHG~0.00%
Published-12 Feb, 2026 | 22:48
Updated-25 Mar, 2026 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Product Key Explorer 4.2.0.0 - 'Name' Denial of Service

Product Key Explorer 4.2.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by overflowing the registration name input field. Attackers can create a specially crafted text file with repeated characters to trigger a buffer overflow when pasted into the registration name field, causing the application to crash.

Action-Not Available
Vendor-nsasoftNsasoft
Product-product_key_explorerNsauditor Product Key Explorer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2019-25339
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.7||MEDIUM
EPSS-0.28% / 20.05%
||
7 Day CHG~0.00%
Published-12 Feb, 2026 | 22:48
Updated-13 Feb, 2026 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GHIA CamIP 1.2 for iOS - 'Password' Denial of Service

GHIA CamIP 1.2 for iOS contains a denial of service vulnerability in the password input field that allows attackers to crash the application. Attackers can paste a 33-character buffer of repeated characters into the password field to trigger an application crash on iOS devices.

Action-Not Available
Vendor-ghia-camip
Product-GHIA CamIP
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2019-25341
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.7||MEDIUM
EPSS-0.30% / 22.14%
||
7 Day CHG~0.00%
Published-12 Feb, 2026 | 22:48
Updated-13 Feb, 2026 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iNetTools for iOS 8.20 - 'Whois' Denial of Service

iNetTools for iOS 8.20 contains a denial of service vulnerability in the Whois feature that allows attackers to crash the application by manipulating input. Attackers can paste a specially crafted 98-character buffer into the Domain Name field to trigger an application crash.

Action-Not Available
Vendor-inettools
Product-iNetTools for iOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2019-25434
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.7||MEDIUM
EPSS-0.30% / 22.06%
||
7 Day CHG-0.07%
Published-20 Feb, 2026 | 22:54
Updated-07 Apr, 2026 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SpotAuditor 5.3.1.0 Denial of Service via Registration Name Field

SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. Attackers can enter a large string of characters (5000 bytes or more) in the name field during registration to trigger an unhandled exception that crashes the application.

Action-Not Available
Vendor-nsasoftNsasoft
Product-spotauditorNsauditor SpotAuditor
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2019-25437
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.7||MEDIUM
EPSS-0.14% / 3.38%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 22:54
Updated-07 Apr, 2026 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foscam Video Management System 1.1.6.6 Buffer Overflow Denial of Service

Foscam Video Management System 1.1.6.6 contains a buffer overflow vulnerability in the UID field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 5000-character buffer into the UID parameter during device addition to trigger an application crash when the Login Check function is invoked.

Action-Not Available
Vendor-Foscam
Product-Foscam Video Management System
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2019-25549
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.12% / 2.09%
||
7 Day CHG~0.00%
Published-21 Mar, 2026 | 12:46
Updated-16 Apr, 2026 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
VeryPDF PCL Converter 2.7 Denial of Service via PDF Security

VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Attackers can trigger a buffer overflow by entering a 3000-byte password in the PDF Security encryption fields, causing the application to crash when processing PCL files.

Action-Not Available
Vendor-verypdfVerypdf
Product-verypdfVeryPDF PCL Converter
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-25556
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.19% / 8.61%
||
7 Day CHG~0.00%
Published-21 Mar, 2026 | 12:46
Updated-24 Mar, 2026 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TwistedBrush Pro Studio 24.06 Resize Image Denial of Service

TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a malicious string into the New Width or New Height field to trigger a buffer overflow that causes the application to crash.

Action-Not Available
Vendor-pixarraPixarra
Product-twistedbrush_pro_studioTwistedBrush Pro Studio
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-25558
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.19% / 8.44%
||
7 Day CHG~0.00%
Published-21 Mar, 2026 | 12:46
Updated-16 Apr, 2026 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Selfie Studio 2.17 Denial of Service via Resize Image

Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a large string of characters into the New Width or New Height field to trigger a buffer overflow that crashes the application.

Action-Not Available
Vendor-pixarraPixarra
Product-selfie_studioSelfie Studio
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-25561
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.18% / 7.85%
||
7 Day CHG~0.00%
Published-21 Mar, 2026 | 12:47
Updated-16 Apr, 2026 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lyric Maker 2.0.1.0 Denial of Service via Buffer Overflow

Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Title field. Attackers can paste a 5000-byte buffer into the Title input field and save the file to trigger a denial of service condition.

Action-Not Available
Vendor-jetaudioJetaudio
Product-lyric_makerLyric Maker
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-25565
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.18% / 8.06%
||
7 Day CHG~0.00%
Published-21 Mar, 2026 | 12:47
Updated-16 Apr, 2026 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Magic Iso Maker 5.5 Buffer Overflow Denial of Service

Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows local attackers to crash the application by submitting an oversized input. Attackers can generate a file containing 5000 bytes of data, paste it into the Serial Code field during registration, and trigger a denial of service condition that crashes the application.

Action-Not Available
Vendor-magicisoMagiciso
Product-magic_iso_makerMagic Iso Maker
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • Next
Details not found