Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-15536

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-18 Jan, 2026 | 09:02
Updated At-23 Feb, 2026 | 08:37
Rejected At-
Credits

BYVoid OpenCC MaxMatchSegmentation.cpp MaxMatchSegmentation heap-based overflow

A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. Patch name: 345c9a50ab07018f1b4439776bad78a0d40778ec. To fix this issue, it is recommended to deploy a patch.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:18 Jan, 2026 | 09:02
Updated At:23 Feb, 2026 | 08:37
Rejected At:
â–¼CVE Numbering Authority (CNA)
BYVoid OpenCC MaxMatchSegmentation.cpp MaxMatchSegmentation heap-based overflow

A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. Patch name: 345c9a50ab07018f1b4439776bad78a0d40778ec. To fix this issue, it is recommended to deploy a patch.

Affected Products
Vendor
BYVoid
Product
OpenCC
Versions
Affected
  • 1.1.0
  • 1.1.1
  • 1.1.2
  • 1.1.3
  • 1.1.4
  • 1.1.5
  • 1.1.6
  • 1.1.7
  • 1.1.8
  • 1.1.9
Problem Types
TypeCWE IDDescription
CWECWE-122Heap-based Buffer Overflow
CWECWE-119Memory Corruption
Type: CWE
CWE ID: CWE-122
Description: Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-119
Description: Memory Corruption
Metrics
VersionBase scoreBase severityVector
4.04.8MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3.15.3MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3.05.3MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2.04.3N/A
AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
Version: 4.0
Base score: 4.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Version: 3.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Version: 2.0
Base score: 4.3
Base severity: N/A
Vector:
AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

reporter
Oneafter (VulDB User)
Timeline
EventDate
Advisory disclosed2026-01-17 00:00:00
VulDB entry created2026-01-17 01:00:00
VulDB entry last update2026-02-07 00:23:11
Event: Advisory disclosed
Date: 2026-01-17 00:00:00
Event: VulDB entry created
Date: 2026-01-17 01:00:00
Event: VulDB entry last update
Date: 2026-02-07 00:23:11
Replaced By

Rejected Reason

References
HyperlinkResource
https://vuldb.com/?id.341708
vdb-entry
technical-description
https://vuldb.com/?ctiid.341708
signature
permissions-required
https://vuldb.com/?submit.733347
third-party-advisory
https://github.com/BYVoid/OpenCC/issues/997
issue-tracking
https://github.com/BYVoid/OpenCC/pull/1005
issue-tracking
https://github.com/oneafter/1222/blob/main/repro
exploit
https://github.com/BYVoid/OpenCC/commit/345c9a50ab07018f1b4439776bad78a0d40778ec
patch
https://github.com/BYVoid/OpenCC/
product
Hyperlink: https://vuldb.com/?id.341708
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.341708
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.733347
Resource:
third-party-advisory
Hyperlink: https://github.com/BYVoid/OpenCC/issues/997
Resource:
issue-tracking
Hyperlink: https://github.com/BYVoid/OpenCC/pull/1005
Resource:
issue-tracking
Hyperlink: https://github.com/oneafter/1222/blob/main/repro
Resource:
exploit
Hyperlink: https://github.com/BYVoid/OpenCC/commit/345c9a50ab07018f1b4439776bad78a0d40778ec
Resource:
patch
Hyperlink: https://github.com/BYVoid/OpenCC/
Resource:
product
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/BYVoid/OpenCC/issues/997
exploit
Hyperlink: https://github.com/BYVoid/OpenCC/issues/997
Resource:
exploit
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:18 Jan, 2026 | 09:15
Updated At:23 Feb, 2026 | 09:16

A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. Patch name: 345c9a50ab07018f1b4439776bad78a0d40778ec. To fix this issue, it is recommended to deploy a patch.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.04.8MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.15.3MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Secondary2.04.3MEDIUM
AV:L/AC:L/Au:S/C:P/I:P/A:P
Type: Secondary
Version: 4.0
Base score: 4.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:S/C:P/I:P/A:P
CPE Matches

byvoid
byvoid
>>open_chinese_convert>>Versions up to 1.1.9(inclusive)
cpe:2.3:a:byvoid:open_chinese_convert:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Secondarycna@vuldb.com
CWE-122Secondarycna@vuldb.com
CWE-787Primarynvd@nist.gov
CWE ID: CWE-119
Type: Secondary
Source: cna@vuldb.com
CWE ID: CWE-122
Type: Secondary
Source: cna@vuldb.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/BYVoid/OpenCC/cna@vuldb.com
N/A
https://github.com/BYVoid/OpenCC/commit/345c9a50ab07018f1b4439776bad78a0d40778eccna@vuldb.com
Patch
https://github.com/BYVoid/OpenCC/issues/997cna@vuldb.com
Exploit
Issue Tracking
Patch
https://github.com/BYVoid/OpenCC/pull/1005cna@vuldb.com
Issue Tracking
Patch
https://github.com/oneafter/1222/blob/main/reprocna@vuldb.com
Product
https://vuldb.com/?ctiid.341708cna@vuldb.com
Permissions Required
VDB Entry
https://vuldb.com/?id.341708cna@vuldb.com
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.733347cna@vuldb.com
Exploit
Third Party Advisory
VDB Entry
https://github.com/BYVoid/OpenCC/issues/997134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Issue Tracking
Patch
Hyperlink: https://github.com/BYVoid/OpenCC/
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/BYVoid/OpenCC/commit/345c9a50ab07018f1b4439776bad78a0d40778ec
Source: cna@vuldb.com
Resource:
Patch
Hyperlink: https://github.com/BYVoid/OpenCC/issues/997
Source: cna@vuldb.com
Resource:
Exploit
Issue Tracking
Patch
Hyperlink: https://github.com/BYVoid/OpenCC/pull/1005
Source: cna@vuldb.com
Resource:
Issue Tracking
Patch
Hyperlink: https://github.com/oneafter/1222/blob/main/repro
Source: cna@vuldb.com
Resource:
Product
Hyperlink: https://vuldb.com/?ctiid.341708
Source: cna@vuldb.com
Resource:
Permissions Required
VDB Entry
Hyperlink: https://vuldb.com/?id.341708
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?submit.733347
Source: cna@vuldb.com
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/BYVoid/OpenCC/issues/997
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Issue Tracking
Patch

Change History

0
Information is not available yet

Similar CVEs

576Records found

CVE-2024-26733
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.26% / 16.91%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 17:00
Updated-11 May, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arp: Prevent overflow in arp_req_get().

In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpreq.arp_ha.sa_data. The arp_ha here is struct sockaddr, not struct sockaddr_storage, so the sa_data buffer is just 14 bytes. In the splat below, 2 bytes are overflown to the next int field, arp_flags. We initialise the field just after the memcpy(), so it's not a problem. However, when dev->addr_len is greater than 22 (e.g. MAX_ADDR_LEN), arp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL) in arp_ioctl() before calling arp_req_get(). To avoid the overflow, let's limit the max length of memcpy(). Note that commit b5f0de6df6dc ("net: dev: Convert sa_data to flexible array in struct sockaddr") just silenced syzkaller. [0]: memcpy: detected field-spanning write (size 16) of single field "r->arp_ha.sa_data" at net/ipv4/arp.c:1128 (size 14) WARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Modules linked in: CPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014 RIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128 Code: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb <0f> 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6 RSP: 0018:ffffc900050b7998 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001 RBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000 R13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010 FS: 00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261 inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981 sock_do_ioctl+0xdf/0x260 net/socket.c:1204 sock_ioctl+0x3ef/0x650 net/socket.c:1321 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x64/0xce RIP: 0033:0x7f172b262b8d Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d RDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003 RBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000 </TASK>

Action-Not Available
Vendor-Debian GNU/LinuxLinux Kernel Organization, IncNetApp, Inc.
Product-8200_firmwareh615ca400_firmwarea220a300a800a70fas2750_firmware9000h610sa700sa1k8700_firmwareh615c_firmwarelinux_kernela800_firmwarea900_firmware9500_firmwarea90_firmwareh610c_firmwarea300_firmwarec400_firmwarefas2720_firmwarea90a700s_firmwarea1k_firmwaredebian_linuxfas2720a150h610cfas2750820095008700h610s_firmwaree-series_santricity_os_controllera70_firmwarea900a320_firmware8300_firmwarec400fas2820_firmwarec190a150_firmwarea700_firmwarea700fas2820a220_firmwarec190_firmwarec800_firmwarec8008300a3209000_firmwarea400Linux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-26692
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 14.46%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 14:54
Updated-11 May, 2026 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
smb: Fix regression in writes when non-standard maximum write size negotiated

In the Linux kernel, the following vulnerability has been resolved: smb: Fix regression in writes when non-standard maximum write size negotiated The conversion to netfs in the 6.3 kernel caused a regression when maximum write size is set by the server to an unexpected value which is not a multiple of 4096 (similarly if the user overrides the maximum write size by setting mount parm "wsize", but sets it to a value that is not a multiple of 4096). When negotiated write size is not a multiple of 4096 the netfs code can skip the end of the final page when doing large sequential writes, causing data corruption. This section of code is being rewritten/removed due to a large netfs change, but until that point (ie for the 6.3 kernel until now) we can not support non-standard maximum write sizes. Add a warning if a user specifies a wsize on mount that is not a multiple of 4096 (and round down), also add a change where we round down the maximum write size if the server negotiates a value that is not a multiple of 4096 (we also have to check to make sure that we do not round it down to zero).

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-26811
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.26% / 17.62%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 10:02
Updated-11 May, 2026 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ksmbd: validate payload size in ipc response

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate payload size in ipc response If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc response to ksmbd kernel server. ksmbd should validate payload size of ipc response from ksmbd.mountd to avoid memory overrun or slab-out-of-bounds. This patch validate 3 ipc response that has payload.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-26759
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.25% / 16.41%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 17:00
Updated-11 May, 2026 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mm/swap: fix race when skipping swapcache

In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix race when skipping swapcache When skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads swapin the same entry at the same time, they get different pages (A, B). Before one thread (T0) finishes the swapin and installs page (A) to the PTE, another thread (T1) could finish swapin of page (B), swap_free the entry, then swap out the possibly modified page reusing the same entry. It breaks the pte_same check in (T0) because PTE value is unchanged, causing ABA problem. Thread (T0) will install a stalled page (A) into the PTE and cause data corruption. One possible callstack is like this: CPU0 CPU1 ---- ---- do_swap_page() do_swap_page() with same entry <direct swapin path> <direct swapin path> <alloc page A> <alloc page B> swap_read_folio() <- read to page A swap_read_folio() <- read to page B <slow on later locks or interrupt> <finished swapin first> ... set_pte_at() swap_free() <- entry is free <write to page B, now page A stalled> <swap out page B to same swap entry> pte_same() <- Check pass, PTE seems unchanged, but page A is stalled! swap_free() <- page B content lost! set_pte_at() <- staled page A installed! And besides, for ZRAM, swap_free() allows the swap device to discard the entry content, so even if page (B) is not modified, if swap_read_folio() on CPU0 happens later than swap_free() on CPU1, it may also cause data loss. To fix this, reuse swapcache_prepare which will pin the swap entry using the cache flag, and allow only one thread to swap it in, also prevent any parallel code from putting the entry in the cache. Release the pin after PT unlocked. Racers just loop and wait since it's a rare and very short event. A schedule_timeout_uninterruptible(1) call is added to avoid repeated page faults wasting too much CPU, causing livelock or adding too much noise to perf statistics. A similar livelock issue was described in commit 029c4628b2eb ("mm: swap: get rid of livelock in swapin readahead") Reproducer: This race issue can be triggered easily using a well constructed reproducer and patched brd (with a delay in read path) [1]: With latest 6.8 mainline, race caused data loss can be observed easily: $ gcc -g -lpthread test-thread-swap-race.c && ./a.out Polulating 32MB of memory region... Keep swapping out... Starting round 0... Spawning 65536 workers... 32746 workers spawned, wait for done... Round 0: Error on 0x5aa00, expected 32746, got 32743, 3 data loss! Round 0: Error on 0x395200, expected 32746, got 32743, 3 data loss! Round 0: Error on 0x3fd000, expected 32746, got 32737, 9 data loss! Round 0 Failed, 15 data loss! This reproducer spawns multiple threads sharing the same memory region using a small swap device. Every two threads updates mapped pages one by one in opposite direction trying to create a race, with one dedicated thread keep swapping out the data out using madvise. The reproducer created a reproduce rate of about once every 5 minutes, so the race should be totally possible in production. After this patch, I ran the reproducer for over a few hundred rounds and no data loss observed. Performance overhead is minimal, microbenchmark swapin 10G from 32G zram: Before: 10934698 us After: 11157121 us Cached: 13155355 us (Dropping SWP_SYNCHRONOUS_IO flag) [kasong@tencent.com: v4]

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2007-1709
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.98% / 78.15%
||
7 Day CHG~0.00%
Published-27 Mar, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-22104
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 14.20%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 00:00
Updated-01 Aug, 2024 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS).

Action-Not Available
Vendor-jungon/ajungoMitsubishi Electric Corporation
Product-gt_got2000rt_visualboxfr_configurator_sw3mx_opc_server_da\/uasw1dnc-qsccf-bgx_works3sw1dnc-mnetg-b_firmwaregenesis64sw0dnc-mneth-bgt_got1000data_transfermrzjw3-mc2-utl_firmwaresw1dnc-mnetg-bezsocketsw0dnc-mneth-b_firmwaresw1dnc-ccbd2-b_firmwaresw1dnc-qsccf-b_firmwaresw1dnc-ccief-jgt_softgot1000sw1dnc-ccief-bsw1dnc-ccbd2-brt_toolbox3sw1dnc-ccief-b_firmwarefr_configurator2mx_componentsw1dnd-emsdk-bnumerical_control_device_communicationgx_logviewermr_configuratorsw1dnc-ccief-j_firmwarecw_configuratorwindrivercpu_module_logging_configuration_tooldata_transfer_classicgt_softgot2000px_developer\/monitor_toolgx_works2sw1dnd-emsdk-b_firmwaremr_configurator2mi_configuratoriq_worksmrzjw3-mc2-utlgx_developern/awindriver
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-22103
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.23% / 13.29%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 00:00
Updated-01 Aug, 2024 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS).

Action-Not Available
Vendor-jungon/ajungoMitsubishi Electric Corporation
Product-gt_got2000rt_visualboxfr_configurator_sw3mx_opc_server_da\/uasw1dnc-qsccf-bgx_works3sw1dnc-mnetg-b_firmwaregenesis64sw0dnc-mneth-bgt_got1000data_transfermrzjw3-mc2-utl_firmwaresw1dnc-mnetg-bezsocketsw0dnc-mneth-b_firmwaresw1dnc-ccbd2-b_firmwaresw1dnc-qsccf-b_firmwaresw1dnc-ccief-jgt_softgot1000sw1dnc-ccief-bsw1dnc-ccbd2-brt_toolbox3sw1dnc-ccief-b_firmwarefr_configurator2mx_componentsw1dnd-emsdk-bnumerical_control_device_communicationgx_logviewermr_configuratorsw1dnc-ccief-j_firmwarecw_configuratorwindrivercpu_module_logging_configuration_tooldata_transfer_classicgt_softgot2000px_developer\/monitor_toolgx_works2sw1dnd-emsdk-b_firmwaremr_configurator2mi_configuratoriq_worksmrzjw3-mc2-utlgx_developern/awindriver
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-21979
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 8.45%
||
7 Day CHG~0.00%
Published-23 Apr, 2024 | 16:36
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD Software: Adrenalin Edition AMD Software: PRO Editionradeon_directx_11_driver_dll
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-4062
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.29% / 20.36%
||
7 Day CHG+0.01%
Published-29 Apr, 2025 | 13:31
Updated-09 May, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Theater Seat Booking System cancel stack-based overflow

A vulnerability has been found in code-projects Theater Seat Booking System 1.0 and classified as critical. Affected by this vulnerability is the function cancel. The manipulation of the argument cancelcustomername leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & ProjectsFabian Ros
Product-theater_seat_booking_systemTheater Seat Booking System
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-21972
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 8.45%
||
7 Day CHG~0.00%
Published-23 Apr, 2024 | 16:36
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD Software: Adrenalin Edition AMD Software: PRO Edition
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-4069
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.29% / 20.60%
||
7 Day CHG+0.01%
Published-29 Apr, 2025 | 15:31
Updated-28 May, 2025 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Product Management System add_item stack-based overflow

A vulnerability, which was classified as critical, has been found in code-projects Product Management System 1.0. Affected by this issue is the function add_item. The manipulation of the argument st.productname leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-product_management_systemProduct Management System
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-21594
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.17% / 6.97%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 00:52
Updated-03 Jun, 2025 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX 5000 Series: Repeated execution of a specific CLI command causes a flowd crash

A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted, which leads to a Flow Processing Daemon (flowd) crash. The NSD process has to be restarted to restore services. If this issue occurs, it can be checked with the following command: user@host> request security policies check The following log message can also be observed: Error: policies are out of sync for PFE node<number>.fpc<number>.pic<number>. This issue affects: Juniper Networks Junos OS on SRX 5000 Series * All versions earlier than 20.4R3-S6; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S4; * 21.3 versions earlier than 21.3R3-S3; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3-S1; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-5185
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.15% / 4.96%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 06:45
Updated-24 Apr, 2026 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nothings stb_image Multi-frame GIF File stb_image.h stbi__gif_load_next heap-based overflow

A security flaw has been discovered in Nothings stb_image up to 2.30. This affects the function stbi__gif_load_next of the file stb_image.h of the component Multi-frame GIF File Handler. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Nothings
Product-stb_image
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-5186
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.11% / 1.71%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 07:30
Updated-24 Apr, 2026 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nothings stb Multi-frame GIF File stb_image.h stbi__load_gif_main double free

A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame GIF File Handler. This manipulation causes double free. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Nothings
Product-stb
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-415
Double Free
CVE-2026-5235
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.16% / 5.49%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 22:15
Updated-24 Apr, 2026 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Axiomatic Bento4 MP4 File Ap4Dac4Atom.cpp ReadCache heap-based overflow

A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. This impacts the function AP4_BitReader::ReadCache of the file Ap4Dac4Atom.cpp of the component MP4 File Parser. This manipulation causes heap-based buffer overflow. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-Axiomatic Systems, LLC
Product-Bento4
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-5236
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.16% / 5.49%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 23:00
Updated-24 Apr, 2026 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Axiomatic Bento4 DSI v1 Ap4Dac4Atom.cpp SkipBits heap-based overflow

A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_BitReader::SkipBits of the file Ap4Dac4Atom.cpp of the component DSI v1 Parser. Such manipulation of the argument n_presentations leads to heap-based buffer overflow. The attack needs to be performed locally. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

Action-Not Available
Vendor-Axiomatic Systems, LLC
Product-Bento4
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-12354
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.35% / 27.47%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 01:31
Updated-10 Dec, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Phone Contact Manager System User Menu MenuDisplayStart buffer overflow

A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. Affected is the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-razormistSourceCodester
Product-phone_contact_manager_systemPhone Contact Manager Systemphone_shop_sales_managements_system_using_php_with_source_code
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-7519
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 28.41%
||
7 Day CHG~0.00%
Published-21 Mar, 2018 | 20:00
Updated-16 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow.

Action-Not Available
Vendor-omronICS-CERT
Product-cx-supervisorOmron CX-Supervisor
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12185
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.35% / 26.72%
||
7 Day CHG+0.01%
Published-04 Dec, 2024 | 23:31
Updated-10 Dec, 2024 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Hotel Management System Administrator Login Password stack-based overflow

A vulnerability has been found in code-projects Hotel Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Administrator Login Password Handler. The manipulation of the argument Str2 leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-hotel_management_systemHotel Management Systemhotel_management_system
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11262
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.41% / 33.25%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 22:31
Updated-21 Nov, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Record Management System View All Student Marks main stack-based overflow

A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as critical. Affected by this vulnerability is the function main of the component View All Student Marks. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-razormistSourceCodester
Product-student_record_management_systemStudent Record Management Systemstudent_record_management_system
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-7513
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 28.41%
||
7 Day CHG~0.00%
Published-21 Mar, 2018 | 20:00
Updated-17 Sep, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow.

Action-Not Available
Vendor-omronICS-CERT
Product-cx-supervisorOmron CX-Supervisor
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-11261
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.26% / 16.86%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 22:00
Updated-21 Nov, 2024 | 23:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Record Management System Number of Students Menu StudentRecordManagementSystem.cpp memory corruption

A vulnerability, which was classified as critical, was found in SourceCodester Student Record Management System 1.0. Affected is an unknown function of the file StudentRecordManagementSystem.cpp of the component Number of Students Menu. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-razormistSourceCodester
Product-student_record_management_systemStudent Record Management Systemstudent_record_management_system
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-12186
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.35% / 26.72%
||
7 Day CHG+0.01%
Published-04 Dec, 2024 | 23:31
Updated-10 Dec, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Hotel Management System Available Room hotelnew.c stack-based overflow

A vulnerability was found in code-projects Hotel Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file hotelnew.c of the component Available Room Handler. The manipulation of the argument admin_entry leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-hotel_management_systemHotel Management Systemhotel_management_system
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-1052
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.3||HIGH
EPSS-0.41% / 33.28%
||
7 Day CHG~0.00%
Published-24 Mar, 2022 | 13:05
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap Buffer Overflow in iterate_chained_fixups in radareorg/radare2

Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6.

Action-Not Available
Vendor-Radare2 (r2)
Product-radare2radareorg/radare2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-1062
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.30% / 22.17%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 13:04
Updated-25 Feb, 2026 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.

Action-Not Available
Vendor-Fedora ProjectRed Hat, Inc.
Product-enterprise_linux_server_ausenterprise_linux_for_arm_64_eusenterprise_linux389_directory_serverdirectory_serverfedoraenterprise_linux_for_ibm_z_systemsenterprise_linux_eusenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_server_tusenterprise_linux_update_services_for_sap_solutionsenterprise_linux_for_power_little_endian_eusenterprise_linux_for_ibm_z_systems_eusRed Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Directory Server 11.7 for RHEL 8Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Directory Server 11.8 for RHEL 8Red Hat Directory Server 12Red Hat Directory Server 12.2 EUS for RHEL 9Red Hat Enterprise Linux 7Red Hat Directory Server 11.5 E4S for RHEL 8Red Hat Enterprise Linux 8
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-0774
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 25.50%
||
7 Day CHG~0.00%
Published-22 Jan, 2024 | 00:00
Updated-13 Nov, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Any-Capture Any Sound Recorder Registration memory corruption

A vulnerability was found in Any-Capture Any Sound Recorder 2.93. It has been declared as problematic. This vulnerability affects unknown code of the component Registration Handler. The manipulation of the argument User Name/Key Code leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-251674 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-taurisoftAny-Capture
Product-any_sound_recorderAny Sound Recorder
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-0771
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 22.12%
||
7 Day CHG~0.00%
Published-21 Jan, 2024 | 23:00
Updated-08 May, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nsasoft Product Key Explorer Registration memory corruption

A vulnerability has been found in Nsasoft Product Key Explorer 4.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-nsasoftNsasoft
Product-product_key_explorerProduct Key Explorer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0911
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-5.5||MEDIUM
EPSS-0.31% / 23.04%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 14:13
Updated-04 Nov, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Indent: heap-based buffer overflow in set_buf_break()

A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.

Action-Not Available
Vendor-GNU
Product-indent
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0684
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-5.5||MEDIUM
EPSS-0.49% / 38.55%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 08:26
Updated-04 Nov, 2025 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coreutils: heap overflow in split --line-bytes with very long lines

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.

Action-Not Available
Vendor-GNU
Product-coreutils
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0429
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.3||HIGH
EPSS-0.20% / 10.17%
||
7 Day CHG~0.00%
Published-11 Jan, 2024 | 16:04
Updated-25 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer overflow vulnerability on Hex Workshop

A denial service vulnerability has been found on  Hex Workshop affecting version 6.7, an attacker could send a command line file arguments and control the Structured Exception Handler (SEH) records resulting in a service shutdown.

Action-Not Available
Vendor-bpsoftHex Workshophex_workshop
Product-hex_workshopHex Workshophex_workshop
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-6693
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.33% / 24.85%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 09:15
Updated-25 Feb, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx()

A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.

Action-Not Available
Vendor-Fedora ProjectRed Hat, Inc.QEMU
Product-qemuenterprise_linuxfedoraRed Hat Enterprise Linux 6Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8 Advanced VirtualizationRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2999
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.8||MEDIUM
EPSS-0.18% / 8.23%
||
7 Day CHG+0.01%
Published-31 Mar, 2025 | 14:31
Updated-29 May, 2025 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PyTorch torch.nn.utils.rnn.unpack_sequence memory corruption

A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-n/aThe Linux Foundation
Product-pytorchPyTorch
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-6560
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.28% / 19.97%
||
7 Day CHG~0.00%
Published-08 Dec, 2023 | 23:56
Updated-02 Aug, 2024 | 08:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kernel: io_uring out of boundary memory access in __io_uaddr_map()

An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system.

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, IncRed Hat, Inc.
Product-linux_kernelRed Hat Enterprise Linux 9kernelRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Fedora
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-6340
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 11.61%
||
7 Day CHG~0.00%
Published-17 Jan, 2024 | 23:57
Updated-11 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability.

Action-Not Available
Vendor-SonicWall Inc.
Product-netextendercapture_clientNetExtenderCapture Client
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-53879
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.7||MEDIUM
EPSS-0.18% / 8.26%
||
7 Day CHG~0.00%
Published-15 Dec, 2025 | 20:32
Updated-12 May, 2026 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NVClient 5.0 Stack Buffer Overflow Vulnerability via User Configuration

NVClient 5.0 contains a stack buffer overflow vulnerability in the user configuration contact field that allows attackers to crash the application. Attackers can overwrite 846 bytes of memory by pasting a crafted payload into the contact box, causing a denial of service condition.

Action-Not Available
Vendor-eyemaxsystemsneonguvenlik
Product-nvclientNVClient
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-52512
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.22% / 12.70%
||
7 Day CHG~0.00%
Published-02 Mar, 2024 | 21:52
Updated-11 May, 2026 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pinctrl: nuvoton: wpcm450: fix out of bounds write

In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: wpcm450: fix out of bounds write Write into 'pctrl->gpio_bank' happens before the check for GPIO index validity, so out of bounds write may happen. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-52790
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 10.63%
||
7 Day CHG~0.00%
Published-21 May, 2024 | 15:31
Updated-11 May, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
swiotlb: fix out-of-bounds TLB allocations with CONFIG_SWIOTLB_DYNAMIC

In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix out-of-bounds TLB allocations with CONFIG_SWIOTLB_DYNAMIC Limit the free list length to the size of the IO TLB. Transient pool can be smaller than IO_TLB_SEGSIZE, but the free list is initialized with the assumption that the total number of slots is a multiple of IO_TLB_SEGSIZE. As a result, swiotlb_area_find_slots() may allocate slots past the end of a transient IO TLB buffer.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-52596
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 13.49%
||
7 Day CHG-0.00%
Published-06 Mar, 2024 | 06:45
Updated-11 May, 2026 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
sysctl: Fix out of bounds access for empty sysctl registers

In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix out of bounds access for empty sysctl registers When registering tables to the sysctl subsystem there is a check to see if header is a permanently empty directory (used for mounts). This check evaluates the first element of the ctl_table. This results in an out of bounds evaluation when registering empty directories. The function register_sysctl_mount_point now passes a ctl_table of size 1 instead of size 0. It now relies solely on the type to identify a permanently empty register. Make sure that the ctl_table has at least one element before testing for permanent emptiness.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-52347
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 0.31%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 02:21
Updated-06 May, 2025 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-t770t612sc7731et606t610sc9832eandroids8000sc9863at310t820t616t618t760SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-52350
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 0.29%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 02:21
Updated-27 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ril service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t606t760sc9832eandroidsc7731et310sc9863at616t770t612t610t820s8000t618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-52435
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 13.91%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 18:27
Updated-11 May, 2026 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
net: prevent mss overflow in skb_segment()

In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able to crash the kernel in skb_segment() [1] GSO_BY_FRAGS is a forbidden value, but unfortunately the following computation in skb_segment() can reach it quite easily : mss = mss * partial_segs; 65535 = 3 * 5 * 17 * 257, so many initial values of mss can lead to a bad final result. Make sure to limit segmentation so that the new mss value is smaller than GSO_BY_FRAGS. [1] general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077] CPU: 1 PID: 5079 Comm: syz-executor993 Not tainted 6.7.0-rc4-syzkaller-00141-g1ae4cd3cbdd0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 RIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551 Code: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00 RSP: 0018:ffffc900043473d0 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597 RDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070 RBP: ffffc90004347578 R08: 0000000000000005 R09: 000000000000ffff R10: 000000000000ffff R11: 0000000000000002 R12: ffff888063202ac0 R13: 0000000000010000 R14: 000000000000ffff R15: 0000000000000046 FS: 0000555556e7e380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020010000 CR3: 0000000027ee2000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> udp6_ufo_fragment+0xa0e/0xd00 net/ipv6/udp_offload.c:109 ipv6_gso_segment+0x534/0x17e0 net/ipv6/ip6_offload.c:120 skb_mac_gso_segment+0x290/0x610 net/core/gso.c:53 __skb_gso_segment+0x339/0x710 net/core/gso.c:124 skb_gso_segment include/net/gso.h:83 [inline] validate_xmit_skb+0x36c/0xeb0 net/core/dev.c:3626 __dev_queue_xmit+0x6f3/0x3d60 net/core/dev.c:4338 dev_queue_xmit include/linux/netdevice.h:3134 [inline] packet_xmit+0x257/0x380 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3087 [inline] packet_sendmsg+0x24c6/0x5220 net/packet/af_packet.c:3119 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0xd5/0x180 net/socket.c:745 __sys_sendto+0x255/0x340 net/socket.c:2190 __do_sys_sendto net/socket.c:2202 [inline] __se_sys_sendto net/socket.c:2198 [inline] __x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7f8692032aa9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff8d685418 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8692032aa9 RDX: 0000000000010048 RSI: 00000000200000c0 RDI: 0000000000000003 RBP: 00000000000f4240 R08: 0000000020000540 R09: 0000000000000014 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8d685480 R13: 0000000000000001 R14: 00007fff8d685480 R15: 0000000000000003 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551 Code: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00 RSP: 0018:ffffc900043473d0 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597 RDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070 RBP: ffffc90004347578 R0 ---truncated---

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-51778
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 11.35%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 00:00
Updated-13 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS).

Action-Not Available
Vendor-jungon/aMitsubishi Electric Corporation
Product-mr_configuratorfr_configurator2mrzjw3-mc2-utlsw1dnc-qsccf-bcpu_module_logging_configuration_toolsw1dnc-mnetg-bcw_configuratorgt_got1000numerical_control_device_communicationsw1dnc-ccief-b_firmwareiq_workssw1dnc-ccief-j_firmwaremx_opc_server_da\/uasw1dnd-emsdk-bwindriverezsocketmi_configuratorsw1dnc-ccbd2-b_firmwaredata_transfersw1dnc-ccbd2-bgt_softgot2000gx_developersw1dnc-mnetg-b_firmwaremr_configurator2gt_got2000sw1dnc-ccief-jdata_transfer_classicgenesis64gx_works2gt_softgot1000sw1dnc-qsccf-b_firmwaresw1dnd-emsdk-b_firmwarert_toolbox3mrzjw3-mc2-utl_firmwaregx_works3sw1dnc-ccief-bfr_configurator_sw3gx_logviewerpx_developer\/monitor_toolmx_componentsw0dnc-mneth-bsw0dnc-mneth-b_firmwarert_visualboxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50246
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.51% / 40.00%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 20:43
Updated-25 Apr, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jq has heap-buffer-overflow vulnerability in the function decToString in decNumber.c

jq is a command-line JSON processor. Version 1.7 is vulnerable to heap-based buffer overflow. Version 1.7.1 contains a patch for this issue.

Action-Not Available
Vendor-jqlangjqlang
Product-jqjq
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-50268
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.44% / 35.62%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 20:49
Updated-13 Feb, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jq has stack-based buffer overflow in decNaNs

jq is a command-line JSON processor. Version 1.7 is vulnerable to stack-based buffer overflow in builds using decNumber. Version 1.7.1 contains a patch for this issue.

Action-Not Available
Vendor-jqlangjqlang
Product-jqjq
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-48349
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 0.27%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 02:44
Updated-20 Jun, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-t770t616androidt610t612s8000t310t760t820sc9832esc9863asc7731et606t618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-48340
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 0.27%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 02:44
Updated-20 Jun, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In video decoder, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with no additional execution privileges needed

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-t770t616androidt610t612s8000t310t760t820sc9832esc9863asc7731et606t618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-48352
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 0.27%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 02:44
Updated-20 Jun, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In phasecheckserver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-t770t616androidt610t612s8000t310t760t820sc9832esc9863asc7731et606t618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-23159
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 7.30%
||
7 Day CHG+0.01%
Published-01 May, 2025 | 12:55
Updated-11 May, 2026 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
media: venus: hfi: add a check to handle OOB in sfr region

In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check to handle OOB in sfr region sfr->buf_size is in shared memory and can be modified by malicious user. OOB write is possible when the size is made higher than actual sfr data buffer. Cap the size to allocated size for such cases.

Action-Not Available
Vendor-Debian GNU/LinuxLinux Kernel Organization, Inc
Product-debian_linuxlinux_kernelLinux
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-48350
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 0.27%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 02:44
Updated-20 Jun, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-t770t616androidt610t612s8000t310t760t820sc9832esc9863asc7731et606t618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-48368
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.24% / 14.87%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-27 Aug, 2025 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-media_sdkIntel(R) Media SDK softwaremedia_sdk
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 11
  • 12
  • Next
Details not found