Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-7539

Summary
Assigner-zdi
Assigner Org ID-99f1926a-a320-47d8-bbb5-42feb611262e
Published At-05 Aug, 2024 | 23:53
Updated At-06 Aug, 2024 | 13:48
Rejected At-
Credits

oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability

oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT+CUSD commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23195.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:zdi
Assigner Org ID:99f1926a-a320-47d8-bbb5-42feb611262e
Published At:05 Aug, 2024 | 23:53
Updated At:06 Aug, 2024 | 13:48
Rejected At:
▼CVE Numbering Authority (CNA)
oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability

oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT+CUSD commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23195.

Affected Products
Vendor
oFono
Product
oFono
Default Status
unknown
Versions
Affected
  • 1.34
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121: Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121: Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zerodayinitiative.com/advisories/ZDI-24-1079/
x_research-advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-24-1079/
Resource:
x_research-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
ofono
Product
ofono
CPEs
  • cpe:2.3:a:ofono:ofono:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 1.34
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:zdi-disclosures@trendmicro.com
Published At:06 Aug, 2024 | 00:15
Updated At:29 Aug, 2024 | 17:59

oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT+CUSD commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23195.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
ofono_project
ofono_project
>>ofono>>1.34
cpe:2.3:a:ofono_project:ofono:1.34:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-121Secondaryzdi-disclosures@trendmicro.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-121
Type: Secondary
Source: zdi-disclosures@trendmicro.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.zerodayinitiative.com/advisories/ZDI-24-1079/zdi-disclosures@trendmicro.com
Third Party Advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-24-1079/
Source: zdi-disclosures@trendmicro.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1209Records found
CVE-2024-7544
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.92%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 23:54
Updated-19 Aug, 2024 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability

oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of STK command PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23457.

Action-Not Available
Vendor-ofono_projectoFonoofono
Product-ofonooFonoofono
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7547
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-7||HIGH
EPSS-0.05% / 15.92%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 23:54
Updated-19 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability

oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of SMS PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23460.

Action-Not Available
Vendor-ofono_projectoFonoofono
Product-ofonooFonoofono
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7543
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.92%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 23:54
Updated-19 Aug, 2024 | 19:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability

oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of STK command PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23456.

Action-Not Available
Vendor-ofono_projectoFonoofono
Product-ofonooFonoofono
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7545
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.92%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 23:54
Updated-19 Aug, 2024 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability

oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of STK command PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23458.

Action-Not Available
Vendor-ofono_projectoFonoofono
Product-ofonooFonoofono
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7546
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.90%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 23:54
Updated-29 Aug, 2024 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability

oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of STK command PDUs. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23459.

Action-Not Available
Vendor-ofono_projectoFonoofono
Product-ofonooFonoofono
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-7538
Matching Score-10
Assigner-Zero Day Initiative
ShareView Details
Matching Score-10
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.25%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 23:53
Updated-29 Aug, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability

oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of responses from AT Commands. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-23190.

Action-Not Available
Vendor-ofono_projectoFonoofono
Product-ofonooFonoofono
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36477
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.96%
||
7 Day CHG-0.07%
Published-25 Aug, 2022 | 13:54
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function AddWlanMacList.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-b5_minib5_mini_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36498
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.96%
||
7 Day CHG-0.07%
Published-25 Aug, 2022 | 13:56
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_nx18_plusmagic_nx18_plus_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36493
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.96%
||
7 Day CHG-0.07%
Published-25 Aug, 2022 | 13:55
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_nx18_plusmagic_nx18_plus_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36484
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.11%
||
7 Day CHG-0.03%
Published-25 Aug, 2022 | 13:55
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the function setDiagnosisCfg.

Action-Not Available
Vendor-n/aTOTOLINK
Product-n350rt_firmwaren350rtn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36464
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.11%
||
7 Day CHG-0.02%
Published-25 Aug, 2022 | 13:53
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the sPort parameter in the function setIpPortFilterRules.

Action-Not Available
Vendor-n/aTOTOLINK
Product-a3700ra3700r_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36505
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.96%
||
7 Day CHG-0.07%
Published-25 Aug, 2022 | 13:58
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EDitusergroup.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-magic_nx18_plusmagic_nx18_plus_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37074
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.96%
||
7 Day CHG-0.08%
Published-25 Aug, 2022 | 14:00
Updated-03 Aug, 2024 | 10:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function switch_debug_info_set.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-gr-1200w_firmwaregr-120wn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-22423
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.12%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 17:21
Updated-03 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. Local attackers may exploit this vulnerability to cause integer overflow.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-22335
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.82%
||
7 Day CHG~0.00%
Published-03 Jun, 2021 | 19:25
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a Memory Buffer Improper Operation Limit vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause exceptions in image processing.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-magic_uiemuiEMUI;Magic UI
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36470
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.68%
||
7 Day CHG+0.01%
Published-25 Aug, 2022 | 13:53
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetAP5GWifiById.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-b5_minib5_mini_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-0329
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.86%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 16:50
Updated-03 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In several native functions called by AdvertiseManager.java, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-171400004

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-22555
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-8.3||HIGH
EPSS-82.42% / 99.18%
||
7 Day CHG~0.00%
Published-07 Jul, 2021 | 11:20
Updated-16 Sep, 2024 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE

A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space

Action-Not Available
Vendor-n/aNetApp, Inc.Brocade Communications Systems, Inc. (Broadcom Inc.)Linux Kernel Organization, Inc
Product-aff_500f_firmwareh615c_firmwarefas_8700aff_a400_firmwareh610s_firmwaresolidfireh610sfas_8700_firmwarelinux_kernelhci_management_nodeh610caff_a400h615cfas_8300_firmwareaff_a250aff_500ffabric_operating_systemfas_8300h610c_firmwareaff_a250_firmwareLinux Kernel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-4656
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.33%
||
7 Day CHG~0.00%
Published-18 Jul, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncCanonical Ltd.
Product-linux_kernelubuntu_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-19452
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.68%
||
7 Day CHG~0.00%
Published-21 Feb, 2020 | 14:34
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow was found in Patriot Viper RGB through 1.1 when processing IoControlCode 0x80102040. Local attackers (including low integrity processes) can exploit this to gain NT AUTHORITY\SYSTEM privileges.

Action-Not Available
Vendor-patriotmemoryn/a
Product-viper_rgb_drivern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-17242
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.86%
||
7 Day CHG~0.00%
Published-08 Oct, 2019 | 11:18
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000966f.

Action-Not Available
Vendor-n/aIrfanView
Product-irfanviewn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-3843
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.89%
||
7 Day CHG~0.00%
Published-28 May, 2021 | 12:14
Updated-07 Aug, 2024 | 03:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack.

Action-Not Available
Vendor-ettercap-projectn/a
Product-ettercapettercap
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-3577
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.87%
||
7 Day CHG~0.00%
Published-20 Oct, 2022 | 00:00
Updated-08 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write.

Action-Not Available
Vendor-n/aLinux Kernel Organization, Inc
Product-linux_kernelKernel
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-19086
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.34%
||
7 Day CHG~0.00%
Published-10 Nov, 2018 | 03:00
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E040 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges.

Action-Not Available
Vendor-iobitn/a
Product-malware_fightern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12186
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 10.14%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 23:31
Updated-10 Dec, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Hotel Management System Available Room hotelnew.c stack-based overflow

A vulnerability was found in code-projects Hotel Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file hotelnew.c of the component Available Room Handler. The manipulation of the argument admin_entry leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-hotel_management_systemHotel Management Systemhotel_management_system
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12185
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 10.14%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 23:31
Updated-10 Dec, 2024 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Hotel Management System Administrator Login Password stack-based overflow

A vulnerability has been found in code-projects Hotel Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Administrator Login Password Handler. The manipulation of the argument Str2 leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-hotel_management_systemHotel Management Systemhotel_management_system
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-19084
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.34%
||
7 Day CHG~0.00%
Published-10 Nov, 2018 | 03:00
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E05C with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges.

Action-Not Available
Vendor-iobitn/a
Product-malware_fightern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21812
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.96%
||
7 Day CHG~0.00%
Published-13 Aug, 2021 | 22:39
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strcpy copying the path provided by the user into a static sized buffer without any length checks resulting in a stack-buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.

Action-Not Available
Vendor-attn/a
Product-xmillAT&T
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12354
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 10.26%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 01:31
Updated-10 Dec, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Phone Contact Manager System User Menu MenuDisplayStart buffer overflow

A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. Affected is the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-razormistSourceCodester
Product-phone_contact_manager_systemPhone Contact Manager Systemphone_shop_sales_managements_system_using_php_with_source_code
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-1936
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.06% / 17.92%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 13:50
Updated-16 Sep, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 153316.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDB2Db2
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-18026
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-2.05% / 83.13%
||
7 Day CHG~0.00%
Published-19 Oct, 2018 | 22:00
Updated-05 Aug, 2024 | 11:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IMFCameraProtect.sys in IObit Malware Fighter 6.2 (and possibly lower versions) is vulnerable to a stack-based buffer overflow. The attacker can use DeviceIoControl to pass a user specified size which can be used to overwrite return addresses. This can lead to a denial of service or code execution attack.

Action-Not Available
Vendor-iobitn/a
Product-malware_fightern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21052
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.14% / 77.55%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 20:11
Updated-23 Apr, 2025 | 19:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate Out-of-Bounds Write Vulnerability Could Lead To Arbitrary Code Execution

Adobe Animate version 21.0.2 (and earlier) is affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsanimateAnimate
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11262
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.01% / 2.15%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 22:31
Updated-21 Nov, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Record Management System View All Student Marks main stack-based overflow

A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as critical. Affected by this vulnerability is the function main of the component View All Student Marks. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-razormistSourceCodester
Product-student_record_management_systemStudent Record Management Systemstudent_record_management_system
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21813
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.96%
||
7 Day CHG~0.00%
Published-13 Aug, 2021 | 22:40
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflow.

Action-Not Available
Vendor-attn/a
Product-xmillAT&T
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-28578
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.11% / 30.19%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 10:48
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Services

Memory corruption in Core Services while executing the command for removing a single event listener.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qdx1010_firmwareimmersive_home_214sd865_5gqca6595ipq6028_firmwareqca8081_firmwareqcn9001snapdragon_670_mobilesnapdragon_x50_5g_modem-rf_systemwcd9340_firmwareipq5028_firmwarewcd9395_firmwareqcn6024ar9380qcc710_firmwareqca6426snapdragon_8\+_gen_1_mobilefastconnect_6700qcn6422_firmwareqcn5124_firmwaresnapdragon_782g_mobile_firmwarewsa8832_firmwareqca8337qca6426_firmwarewcd9395snapdragon_665_mobile_firmwaresc8180xp-aaabqca6574au_firmwareipq8078a_firmwareqam8295pwcd9341sd626_firmwareipq5312snapdragon_x12_lte_modemsnapdragon_888\+_5g_mobile_firmwarewsa8810_firmwaresd730_firmwarewsa8845h_firmwaresa9000p_firmwaresc8180xp-acafsnapdragon_850_mobile_computefastconnect_6800_firmwarefsm10055sd835_firmwarevideo_collaboration_vc1_platform_firmwaresa8770pqcn9000snapdragon_678_mobile_firmwaresa8540pqsm8250_firmwareqsm8350_firmwareqcn6432video_collaboration_vc1_platformqep8111sa7255psnapdragon_730_mobile_firmwarewcd9385_firmwareqca6421vision_intelligence_200qca6310ipq8074a_firmwareipq8076awcd9360snapdragon_680_4g_mobilesa6155pqca6564au_firmwareqca8075qam8650pvideo_collaboration_vc5_platform_firmwaresa9000psnapdragon_835_mobilesnapdragon_888_5g_mobile_firmwaresnapdragon_662_mobile_firmwaresa6155p_firmwaresnapdragon_685_4g_mobile_firmwaresd835snapdragon_4_gen_2_mobile_firmwareqca6436_firmwareipq8070a_firmwareqcn5021_firmwareqcn9070snapdragon_695_5g_mobile_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresm4125_firmwareqca6420wcn3910csrb31024snapdragon_x70_modem-rf_system_firmwaremdm9250_firmwaresnapdragon_712_mobilesnapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_835_mobile_firmwarewcn3660bqca6574aqca6174awcd9340qcs8250_firmwareqcm2290qdu1210snapdragon_auto_5g_modem-rf_gen_2qcn6122_firmwareqcn5154_firmwaresm8550p_firmwareqcm8550wcn3988snapdragon_765_5g_mobile_firmwareqcn5122_firmwareqcn9024pmp8074vision_intelligence_300_firmwareqca6574snapdragon_x75_5g_modem-rf_systemqamsrv1hqcn6412_firmwaresdx57mqcs410qcm2290_firmwarevision_intelligence_100sa8155pqca8072_firmwaresnapdragon_765g_5g_mobile_firmwarewsa8830smart_display_200_firmwareipq5312_firmwaresm8550pqcf8000_firmwaresa6145psnapdragon_625_mobile_firmwareimmersive_home_318_firmwareqcn6122sa8255p_firmwaresnapdragon_4_gen_2_mobilesnapdragon_7c_compute_firmwareqrb5165m_firmwaresa8650p_firmwareimmersive_home_216_firmwareqca9985immersive_home_316snapdragon_865\+_5g_mobile_firmwareipq8071aqcn6112wcn3950_firmwareqrb5165nfastconnect_6200sm7325p_firmwaresd460wcd9360_firmwaresc8180x-acaf_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_660_mobile_firmwareqdx1011snapdragon_710_mobile_firmwarevideo_collaboration_vc3_platform_firmwarerobotics_rb3_firmwareqcn6023_firmwareqcn5164_firmwaresd670_firmwaresnapdragon_8_gen_3_mobilesnapdragon_855_mobilesc8180xp-acaf_firmwareqcn9072qcn6224_firmwarevision_intelligence_100_firmwareqca6431sd660_firmwaresnapdragon_480_5g_mobilesnapdragon_750g_5g_mobile_firmwaresdx57m_firmwareimmersive_home_216srv1msxr2130_firmwaresnapdragon_860_mobile_firmwarear8035_firmwaresnapdragon_778g\+_5g_mobileqrb5165msc8380xpqca6320qca4024_firmwareqca0000_firmwaresd888_firmwareqcs6125_firmwareqca9992_firmwareqca9990ipq8070qcn9074wsa8815_firmwareqca8337_firmwaresnapdragon_x12_lte_modem_firmwareipq8173snapdragon_665_mobilesm7250p_firmwarewcn3999ipq6010_firmwarewcn3950snapdragon_730g_mobile_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareipq5028qca9986qcn9070_firmwaresnapdragon_778g\+_5g_mobile_firmwaresa8295p_firmwaresmart_audio_400_firmwaresd_675_firmwareqca9984ipq5010_firmwareqcn9022_firmwaresnapdragon_720g_mobilesm7250pcsrb31024_firmwareipq6018sa8155sd_8cx_firmwaresc8180x-acafsd888fsm10055_firmwareqru1062_firmwarefsm10056sd460_firmwaresnapdragon_675_mobile_firmwaresnapdragon_850_mobile_compute_firmwaresnapdragon_768g_5g_mobilesc8380xp_firmwareipq8065qru1062qca6310_firmwaresd626fastconnect_6800qcs7230snapdragon_865_5g_mobile_firmwareipq5302_firmwareqcn9001_firmwarewcd9371fastconnect_6900_firmwarerobotics_rb5_firmwareqca8075_firmwareqcf8000sc8180x-aaab_firmwarevideo_collaboration_vc3_platformqca9980_firmwareqca9985_firmwareqca6431_firmwareqcn6402_firmwareqca6698aq_firmwareqcs2290qcs2290_firmwaresnapdragon_xr2\+_gen_1_firmwarewcn3615wcn3999_firmwaresa8255pqcs7230_firmwarewcd9390_firmwareqcn5024qep8111_firmwareqca6430snapdragon_855\+_mobilesnapdragon_765_5g_mobileimmersive_home_326qdx1011_firmwaresnapdragon_860_mobilesc8180xp-ad_firmwaresnapdragon_auto_5g_modem-rfflight_rb5_5g_firmwaressg2125pqru1052csra6640_firmwareqamsrv1mqam8650p_firmwarevideo_collaboration_vc5_platformqca6420_firmwareqcs6490_firmwaresnapdragon_x65_5g_modem-rf_systemipq8076_firmwaresd855_firmwarewcd9335_firmwareqrb5165n_firmwareqca6436wcn3980_firmwarewsa8835wsa8840_firmwareqca6391_firmwareqdu1010_firmwareipq8068qcs4290_firmwarecsra6620qca8081sd660wsa8815qam8775pqca9377snapdragon_ar2_gen_1_firmwareqcm4325_firmwareqcn6412qcm4290_firmwaresnapdragon_720g_mobile_firmwareqca9888_firmwareqca9889qcn5024_firmwareqcn9002_firmwareimmersive_home_318ipq5010qcn9274_firmwaresnapdragon_710_mobilesg4150p_firmwareqru1052_firmwarecsra6620_firmwareqcs8550ipq8068_firmwaresa8650psnapdragon_626_mobileqam8775p_firmwaresd865_5g_firmwarepmp8074_firmwaresnapdragon_xr1wcd9375qca9889_firmwaresnapdragon_ar2_gen_1snapdragon_636_mobilesa8145psd_675snapdragon_8\+_gen_1_mobile_firmwarecsr8811smart_display_200qdx1010wcn3680b_firmwaresnapdragon_8_gen_1_mobile_firmwareqcm8550_firmwareqcs410_firmwarerobotics_rb3sa6150p_firmwaresw5100pipq9574qcn9000_firmwareqcn6102_firmwaresxr1120qcn9022qcs610_firmwarewcd9335wcd9370qca8072snapdragon_7c_gen_2_compute_firmwareqca6696wcd9341_firmwareqcn9003_firmwareipq8076wcn6740_firmwareipq6018_firmwaresnapdragon_750g_5g_mobileqca9984_firmwareqcn6023snapdragon_685_4g_mobilesnapdragon_780g_5g_mobilevision_intelligence_200_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareqca9994_firmwareqdu1110snapdragon_auto_4g_modemipq8078asnapdragon_690_5g_mobile_firmwareqca6574auwcd9390csra6640snapdragon_778g_5g_mobile_firmwaresrv1hqcn9100_firmwarewcn3660b_firmwareqcn5122sd730snapdragon_690_5g_mobileqcn6024_firmwaresnapdragon_636_mobile_firmwareqca9886_firmwaresnapdragon_712_mobile_firmwaresnapdragon_625_mobileqcm6125_firmwarec-v2x_9150ssg2115pqcc710qcn6132_firmwaresnapdragon_xr2_5g_firmwaresnapdragon_xr1_firmwaresxr1120_firmwareqcn5054315_5g_iot_modem_firmwarefastconnect_6900qcn6402snapdragon_w5\+_gen_1_wearable_firmwareimmersive_home_326_firmwareqru1032_firmwareipq5332_firmwareqcn5052fsm10056_firmwareqca9980qfw7114315_5g_iot_modemipq9574_firmwaresnapdragon_x55_5g_modem-rf_systemqam8255p_firmwareipq8064sa8155_firmwareqcn5164qca6335qcs4490snapdragon_730_mobilemdm9250wsa8845snapdragon_626_mobile_firmwareqcn6100_firmwareqca6421_firmwareqcm6125sc8180x-adcsr8811_firmwarewsa8810qcn5021qdu1000_firmwareqsm8250srv1h_firmwareqcn6100qca6595ausnapdragon_888_5g_mobilesm7315_firmwareqdu1010wcd9326_firmwaresnapdragon_845_mobile_firmwarewsa8840srv1m_firmwareqcs8550_firmwaresnapdragon_730g_mobilesnapdragon_782g_mobileqdu1210_firmwareqca9986_firmwaresnapdragon_8_gen_2_mobile_firmwareqfw7124_firmwareqcn9012wcd9371_firmwareqcs4490_firmwarewcn3910_firmwaresdx71msnapdragon_460_mobilesnapdragon_8_gen_2_mobilewcd9370_firmwareqdu1110_firmwareqdu1000sa7255p_firmwareipq9570snapdragon_8\+_gen_2_mobilesa8195pqca6335_firmwareqcm6490ipq5302sa8540p_firmwaresnapdragon_662_mobileqcn9274ipq8076a_firmwaresa8775pipq9570_firmwaresxr2230p_firmwarear9380_firmwaresd675_firmwaresnapdragon_855_mobile_firmwareqca6430_firmwareqcn9011sa8775p_firmwaresmart_audio_400qcn9024_firmwarewsa8845hsa6150pwcd9326sa8155p_firmwaresnapdragon_630_mobileqca6564aqcn9074_firmwaresnapdragon_768g_5g_mobile_firmwaresnapdragon_7c_gen_2_computeipq8174sc8180x\+sdx55_firmwareipq8174_firmwarear8035ipq8072aqamsrv1m_firmwaresa6155qcm4325qcn6224sc8180x\+sdx55qca6698aqssg2125p_firmwaresm6250snapdragon_480\+_5g_mobilesd670wcn3680bsa8145p_firmwaresa8150p_firmwarefastconnect_6700_firmwarewcn3990qcn9002ipq8078qcs6490qcs8250snapdragon_695_5g_mobileipq9554_firmwaresnapdragon_778g_5g_mobilefastconnect_6200_firmwarear8031_firmwarewsa8830_firmwaresnapdragon_460_mobile_firmwareqca6678aq_firmwareqca8386_firmwarewsa8845_firmwarewsa8832snapdragon_auto_4g_modem_firmwareqca6678aqqcn6432_firmwareqcn5022_firmwaresc8180xp-aaab_firmwareqca9992ipq9554qca6564ausc8180xp-adsm6250p_firmwaresc8280xp-abbbsa8195p_firmwareqcm4290qcn5054_firmwareqca9888ipq5332sd_455_firmwarear8031sg8275p_firmwareqca9377_firmwareqcm6490_firmwareipq8072a_firmwaresnapdragon_xr2\+_gen_1sm4125qcm4490_firmwareqru1032vision_intelligence_400_firmwareqcn6112_firmwareqcs6125flight_rb5_5gsnapdragon_870_5g_mobile_firmwaresnapdragon_7c\+_gen_3_computesnapdragon_732g_mobilesnapdragon_870_5g_mobilesnapdragon_678_mobilesd_455qca9886qcn6132sm6250_firmwaresc8180x-ad_firmwaresnapdragon_7c_computeqcn6102qca6584auqca6320_firmwareqcn6274_firmwareqcn9011_firmwaresw5100_firmwarewcn6740snapdragon_780g_5g_mobile_firmwaresnapdragon_845_mobilesnapdragon_8_gen_3_mobile_firmwareqfw7114_firmwareqca4024qca6595_firmwarefastconnect_7800_firmwareqcn6422snapdragon_675_mobileimmersive_home_214_firmwareipq8070awcd9380sa6145p_firmwareqam8255psa6155_firmwaresxr2230pqca9990_firmwaresnapdragon_xr2_5gsa8150pqcn9003immersive_home_3210qcn5052_firmwaresnapdragon_auto_5g_modem-rf_firmwaresnapdragon_x35_5g_modem-rf_systemsc8180x-aaabsxr1230psd662_firmwareipq6010sw5100aqt1000snapdragon_4_gen_1_mobile_firmwarec-v2x_9150_firmwareqam8295p_firmwaresd855wcn3990_firmwaresm7315snapdragon_660_mobileqca6564a_firmwarewcd9385qca9994qsm8350snapdragon_888\+_5g_mobilesnapdragon_8_gen_1_mobilesnapdragon_630_mobile_firmwaresd662snapdragon_680_4g_mobile_firmwareqcs4290sxr1230p_firmwaresnapdragon_865\+_5g_mobilesg8275psdx71m_firmwaresm6250psdx55_firmwareipq8071a_firmwarewcn3615_firmwaresxr2130ipq6028qcm4490qcn9100snapdragon_480\+_5g_mobile_firmwarerobotics_rb5qca6174a_firmwaresm7325psnapdragon_732g_mobile_firmwaresnapdragon_670_mobile_firmwareaqt1000_firmwareqca6584au_firmwareqcn5152_firmwareqcn6274qfw7124qca6595au_firmwareqca0000sw5100p_firmwareqca6696_firmwarewcd9380_firmwareqca6574_firmwaresg4150psd_8_gen1_5gqcn5124ipq8064_firmwareqca6797aqqcn5152ipq8065_firmwareqca6574a_firmwaresdx55qcn9072_firmwaresnapdragon_4_gen_1_mobilesnapdragon_865_5g_mobileipq8074aimmersive_home_3210_firmwaresd675snapdragon_855\+_mobile_firmwaresd_8_gen1_5g_firmwarewcd9375_firmwareqca8386qca6391snapdragon_x70_modem-rf_systemipq8173_firmwareqcn9012_firmwaresa8770p_firmwaresa8295psnapdragon_x50_5g_modem-rf_system_firmwaresc8280xp-abbb_firmwarefastconnect_7800snapdragon_8\+_gen_2_mobile_firmwareipq8078_firmwarevision_intelligence_300snapdragon_765g_5g_mobilewcn3988_firmwareimmersive_home_316_firmwareqamsrv1h_firmwareipq8070_firmwareqcn5154sd_8cxvision_intelligence_400ssg2115p_firmwarewsa8835_firmwareqcn5022snapdragon_x75_5g_modem-rf_system_firmwarewcn3980snapdragon_w5\+_gen_1_wearableqcs610Snapdragonsnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_720g_mobile_platform_firmwarequalcomm_video_collaboration_vc1_platform_firmwarewsa8832_firmwareqca6431_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareflight_rb5_5g_platform_firmwareipq8070_firmwareqcn6102_firmwaresd888_firmwareqcn9024_firmwareqcn9070_firmwarewsa8835_firmwareqcn6422_firmwaresd670_firmwarecsr8811_firmwarefastconnect_6700_firmwareipq8076a_firmwaresnapdragon_x12_lte_modem_firmwareqcn9022_firmwaremdm9250_firmwaresa8155p_firmwareqcn6224_firmwareqca6420_firmwareqcn5052_firmwareqcn5164_firmwarecsrb31024_firmwareimmersive_home_3210_platform_firmwareqca9994_firmwareqca9377_firmwaresd626_firmwaresm7315_firmwareqcn6100_firmwareqcn6402_firmwarevision_intelligence_400_platform_firmwaresd835_firmwarewcd9385_firmwareqca9990_firmwarefastconnect_7800_firmwarepmp8074_firmwareipq8078_firmwaressg2125p_firmwarewcd9360_firmwarecsra6620_firmwaresa8155_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcn6024_firmwareqamsrv1m_firmwareipq8070a_firmwareqcn6274_firmwareipq5302_firmwareqcn5152_firmwareqam8650p_firmwarec-v2x_9150_firmwareqsm8250_firmwarewcn3950_firmwaresnapdragon_670_mobile_platform_firmwaresnapdragon_778g_5g_mobile_platform_firmwareqcn6432_firmwaresrv1m_firmwareimmersive_home_316_platform_firmwareqrb5165n_firmwaresnapdragon_8_gen_2_mobile_platform_firmwareqcn5024_firmwaresa8195p_firmwareqcn9003_firmwareipq8173_firmwarewcn3910_firmwareqcn9012_firmwaresd_8cx_firmwareqcn9100_firmwareqdx1011_firmwaresw5100_firmwaresa9000p_firmwarear8035_firmwaresnapdragon_695_5g_mobile_platform_firmware315_5g_iot_modem_firmwarewsa8845_firmwaresd660_firmwareqca8075_firmwareqca6574au_firmwaresdx71m_firmwareqcn9274_firmwareipq8071a_firmwareqca6678aq_firmwaresm4125_firmwareqcn5122_firmwareipq8068_firmwarewcn3980_firmwareqca4024_firmwaresnapdragon_626_mobile_platform_firmwareqcn9000_firmwareqcm6125_firmwarewcn3660b_firmwareqca6696_firmwareimmersive_home_326_platform_firmwareqsm8350_firmwareqcn5054_firmwaresnapdragon_xr1_platform_firmwareqca8337_firmwareqca9985_firmwareqcn5154_firmwarefsm10056_firmwareqca6595au_firmwareqamsrv1h_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_ar2_gen_1_platform_firmwareipq9570_firmwarewcd9395_firmwareqdu1010_firmwaresg4150p_firmwareqca6174a_firmwareqcn9072_firmwareqca6391_firmwaresnapdragon_x70_modem-rf_system_firmwareipq6010_firmwarewcd9370_firmwarewsa8840_firmwareqam8775p_firmwarewcd9371_firmwarerobotics_rb3_platform_firmwareqca9986_firmwaresw5100p_firmwareqcm4325_firmwaresnapdragon_865_5g_mobile_platform_firmwarewsa8830_firmwareqam8295p_firmwareqca6320_firmwareqca6574_firmwaresd_675_firmwareqca9984_firmwarewcd9335_firmwaresnapdragon_630_mobile_platform_firmwareqcn6112_firmwarear8031_firmwareqcm4490_firmwareqcn6023_firmwareqca8072_firmwareqcm2290_firmwaresnapdragon_480_5g_mobile_platform_firmwaresnapdragon_662_mobile_platform_firmwareipq5028_firmwareqdx1010_firmwareqcs610_firmwareipq6028_firmwarewsa8815_firmwareipq8072a_firmwarewcn3990_firmwareipq9574_firmwareqrb5165m_firmwareqca6430_firmwaresd865_5g_firmwaresnapdragon_750g_5g_mobile_platform_firmwareqca6426_firmwaresnapdragon_auto_4g_modem_firmwaresc8380xp_firmwaresdx55_firmwaresmart_audio_400_platform_firmwaresnapdragon_auto_5g_modem-rf_firmwareqca6421_firmwarefsm10055_firmwareimmersive_home_214_platform_firmwareqam8255p_firmwareqca6310_firmwaresa8650p_firmwarear9380_firmwareqcn6132_firmwareqcn6412_firmwareqca6574a_firmwaresd_455_firmwareqcs4490_firmwareqcn5124_firmwareipq8065_firmwaresdx57m_firmwaresa8150p_firmwareqcs7230_firmwaresrv1h_firmwaresd855_firmwaresnapdragon_780g_5g_mobile_platform_firmwaresnapdragon_8_gen_3_mobile_platform_firmwaresa8255p_firmwaresm7325p_firmwarewcn3988_firmwarequalcomm_video_collaboration_vc5_platform_firmwaresnapdragon_660_mobile_platform_firmwaresnapdragon_855_mobile_platform_firmwareqcm6490_firmwareipq8064_firmwareipq8076_firmwareipq8074a_firmwarefastconnect_6200_firmwareqca8386_firmwaresm6250_firmwaresa6155_firmwaresm7250p_firmwaresnapdragon_675_mobile_platform_firmwareqca6698aq_firmwareqca8081_firmwaresnapdragon_680_4g_mobile_platform_firmwaresa8770p_firmwaresnapdragon_710_mobile_platform_firmwaresnapdragon_636_mobile_platform_firmwarecsra6640_firmwaresxr1120_firmwarewcd9341_firmwarewsa8845h_firmwareqca9992_firmwareqcm8550_firmwareqdu1110_firmwareqca6436_firmwaresd662_firmwareqca6595_firmwareqca0000_firmwaresa7255p_firmwarewcd9326_firmwareqcn9011_firmwaresnapdragon_4_gen_2_mobile_platform_firmwarevision_intelligence_300_platform_firmwaresnapdragon_x55_5g_modem-rf_system_firmwareqca6564a_firmwareqca6335_firmwareqca9889_firmwaresnapdragon_625_mobile_platform_firmwareipq6018_firmwaresnapdragon_690_5g_mobile_platform_firmwareipq9554_firmwareqca9980_firmwarewcd9340_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6800_firmwareqcn5022_firmwareqcs6125_firmwareqcc710_firmwareqcf8000_firmwaresa6155p_firmwareqcn9002_firmwareqcn9074_firmwarewcn6740_firmwaresd_8_gen1_5g_firmwareqcs8550_firmwaresa8540p_firmwareipq5312_firmwareqca6564au_firmwaresnapdragon_xr2_5g_platform_firmwareqcn9001_firmwaresm6250p_firmwareqep8111_firmwareqcn6122_firmwaresa8775p_firmwareimmersive_home_318_platform_firmwarewcn3615_firmwarewcd9390_firmwareaqt1000_firmwaresm8550p_firmwarewcn3999_firmwareqcs6490_firmwaresnapdragon_850_mobile_compute_platform_firmwaresd675_firmwareipq8078a_firmwaresa6145p_firmwaresnapdragon_835_mobile_pc_platform_firmwaresa8295p_firmwaresnapdragon_845_mobile_platform_firmwaresnapdragon_888_5g_mobile_platform_firmwaresa6150p_firmwaresxr1230p_firmwareqfw7124_firmwareipq8174_firmwarefastconnect_6900_firmwareqdu1000_firmwareqca9888_firmwaresxr2130_firmwarewcd9380_firmwareqca6584au_firmwaresnapdragon_8_gen_1_mobile_platform_firmwarewsa8810_firmwareimmersive_home_216_platform_firmwareqcn5021_firmwareqfw7114_firmwaresd730_firmwaresxr2230p_firmwaressg2115p_firmwaresg8275p_firmwaresnapdragon_x50_5g_modem-rf_system_firmwaresa8145p_firmwaresd460_firmwareqru1052_firmwarequalcomm_video_collaboration_vc3_platform_firmwarerobotics_rb5_platform_firmwareqdu1210_firmwareqcs4290_firmwareqca9886_firmwareqru1062_firmwareqcs2290_firmwaresnapdragon_460_mobile_platform_firmwareqca6797aq_firmwarewcn3680b_firmwareipq5010_firmwaresnapdragon_712_mobile_platform_firmwaresnapdragon_665_mobile_platform_firmwareqru1032_firmwareqcs410_firmwareipq5332_firmwareqcm4290_firmwareqcs8250_firmwarewcd9375_firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-1394
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.50% / 65.09%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:52
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1393, CVE-2019-1395, CVE-2019-1396, CVE-2019-1408, CVE-2019-1434.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0646
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-0.02% / 2.77%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 15:16
Updated-01 Aug, 2025 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination

An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Action-Not Available
Vendor-Red Hat, Inc.Linux Kernel Organization, Inc
Product-enterprise_linuxlinux_kernelRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9.0 Extended Update SupportRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRHOL-5.8-RHEL-9Red Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat Virtualization 4 for Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 8.2 Update Services for SAP Solutions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0409
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.99%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 15:40
Updated-29 Aug, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Xorg-x11-server: selinux context corruption

A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

Action-Not Available
Vendor-tigervncFedora ProjectRed Hat, Inc.X.Org Foundation
Product-enterprise_linux_desktopxwaylandenterprise_linuxx_serverenterprise_linux_for_power_big_endianenterprise_linux_for_power_little_endianenterprise_linux_serverfedoraenterprise_linux_for_scientific_computingenterprise_linux_workstationenterprise_linux_for_ibm_z_systemstigervncRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-32917
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.10%
||
7 Day CHG~0.00%
Published-20 Sep, 2022 | 00:00
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-10-05||Apply updates per vendor instructions.

The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

Action-Not Available
Vendor-Apple Inc.
Product-ipadosiphone_osmacosiOSmacOSiOS, iPadOS, and macOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-19085
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.34%
||
7 Day CHG~0.00%
Published-10 Nov, 2018 | 03:00
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E048 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges.

Action-Not Available
Vendor-iobitn/a
Product-malware_fightern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-18714
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.72% / 81.61%
||
7 Day CHG~0.00%
Published-01 Nov, 2018 | 17:00
Updated-05 Aug, 2024 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RegFilter.sys in IOBit Malware Fighter 6.2 and earlier is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E010. This can lead to denial of service (DoS) or code execution with root privileges.

Action-Not Available
Vendor-iobitn/a
Product-malware_fightern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0962
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.18% / 40.25%
||
7 Day CHG~0.00%
Published-27 Jan, 2024 | 12:31
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
obgm libcoap Configuration File coap_oscore.c get_split_entry stack-based overflow

A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252206 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-libcoapobgm
Product-libcoaplibcoap
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-10397
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-7.7||HIGH
EPSS-0.19% / 41.17%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 19:33
Updated-05 Aug, 2025 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code.

Action-Not Available
Vendor-openafsOpenAFS
Product-openafsOpenAFS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-6931
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.25%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 14:09
Updated-13 Feb, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-bounds write in Linux kernel's Performance Events system component

A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.

Action-Not Available
Vendor-Debian GNU/LinuxLinux Kernel Organization, Inc
Product-linux_kerneldebian_linuxKernel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-19087
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.34%
||
7 Day CHG~0.00%
Published-10 Nov, 2018 | 03:00
Updated-05 Aug, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RegFilter.sys in IOBit Malware Fighter 6.2 is susceptible to a stack-based buffer overflow when an attacker uses IOCTL 0x8006E044 with a size larger than 8 bytes. This can lead to denial of service or code execution with root privileges.

Action-Not Available
Vendor-iobitn/a
Product-malware_fightern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21815
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.96%
||
7 Day CHG~0.00%
Published-13 Aug, 2021 | 22:43
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs' Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflow. An attacker can provide malicious input to trigger this vulnerability.

Action-Not Available
Vendor-attn/a
Product-xmillAT&T
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-11112
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.24% / 47.51%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 18:41
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 26.20.100.6812 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel CorporationNetApp, Inc.
Product-graphics_drivercloud_backupdata_availability_servicessteelstore_cloud_integrated_storage2019.2 IPU – Intel(R) Graphics Driver for Windows* and Linux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0023
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.4||HIGH
EPSS-2.84% / 85.67%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 19:36
Updated-16 Dec, 2024 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-0408
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.32%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 13:05
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-156999009

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-0090
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.21% / 42.77%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 21:23
Updated-15 Aug, 2024 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE

NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)Microsoft CorporationCanonical Ltd.Red Hat, Inc.VMware (Broadcom Inc.)NVIDIA CorporationLinux Kernel Organization, Inc
Product-ubuntu_linuxstudiovirtual_gpuhypervisorteslavspherequadrocloud_gaminggeforcertxlinux_kernelgpu_display_driverazure_stack_hcienterprise_linux_kernel-based_virtual_machinenvswindowsGPU display driver, vGPU software, and Cloud Gamingvirtual_gpucloud_gaminggpu_display_driver
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 24
  • 25
  • Next
Details not found