Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-32766

Summary
Assigner-fortinet
Assigner Org ID-6abe59d8-c742-4dff-8ce8-9b0ca1073da8
Published At-12 Aug, 2025 | 18:59
Updated At-26 Feb, 2026 | 17:48
Rejected At-
Credits

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:fortinet
Assigner Org ID:6abe59d8-c742-4dff-8ce8-9b0ca1073da8
Published At:12 Aug, 2025 | 18:59
Updated At:26 Feb, 2026 | 17:48
Rejected At:
▼CVE Numbering Authority (CNA)

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands

Affected Products
Vendor
Fortinet, Inc.Fortinet
Product
FortiWeb
Default Status
unaffected
Versions
Affected
  • From 7.6.0 through 7.6.3 (semver)
  • From 7.4.1 through 7.4.8 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-121Execute unauthorized code or commands
Type: CWE
CWE ID: CWE-121
Description: Execute unauthorized code or commands
Metrics
VersionBase scoreBase severityVector
3.16.3MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Please upgrade to FortiWeb version 8.0.0 or above Please upgrade to FortiWeb version 7.6.4 or above Please upgrade to FortiWeb version 7.4.9 or above

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://fortiguard.fortinet.com/psirt/FG-IR-25-383
N/A
Hyperlink: https://fortiguard.fortinet.com/psirt/FG-IR-25-383
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@fortinet.com
Published At:12 Aug, 2025 | 19:15
Updated At:14 Aug, 2025 | 01:21

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.4MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Fortinet, Inc.
fortinet
>>fortiweb>>Versions from 7.4.1(inclusive) to 7.4.9(exclusive)
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortiweb>>Versions from 7.6.0(inclusive) to 7.6.4(exclusive)
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-121Primarypsirt@fortinet.com
CWE ID: CWE-121
Type: Primary
Source: psirt@fortinet.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://fortiguard.fortinet.com/psirt/FG-IR-25-383psirt@fortinet.com
Vendor Advisory
Hyperlink: https://fortiguard.fortinet.com/psirt/FG-IR-25-383
Source: psirt@fortinet.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

112Records found
CVE-2023-41842
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.22% / 13.08%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 15:09
Updated-14 Jan, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortianalyzer_big_datafortimanagerfortiportalfortianalyzerFortiAnalyzerFortiManagerFortiPortalFortiAnalyzer-BigDatafortiportalfortimanagerfortianalyzer
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2023-40716
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 15.81%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 06:44
Updated-02 Aug, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command vulnerability [CWE-78]  in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup .

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortitesterFortiTester
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-40721
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.23% / 14.20%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 16:09
Updated-14 Jan, 2026 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiosfortiswitchmanagerfortipamfortiproxyFortiPAMFortiProxyFortiSwitchManagerFortiOS
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2023-36640
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 19.32%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 16:19
Updated-12 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0.0 through 6.0.16, FortiPAM 1.1.0, FortiPAM 1.0 all versions, FortiProxy 7.2.0 through 7.2.5, FortiProxy 7.0.0 through 7.0.11, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions allows attacker to execute unauthorized code or commands via specially crafted commands

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortipamfortiosfortiproxyFortiOSFortiProxyFortiPAMfortipamfortiswitchmanagerfortiosfortiproxy
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2023-36642
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 9.58%
||
7 Day CHG~0.00%
Published-13 Sep, 2023 | 12:29
Updated-25 Sep, 2024 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortitesterFortiTesterfortitester
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-41021
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-7.8||HIGH
EPSS-0.25% / 16.24%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 17:48
Updated-25 Oct, 2024 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortinacFortinet FortiNAC
CVE-2024-32118
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.61% / 44.57%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 18:53
Updated-17 Jan, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer-BigData before 7.4.0 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortianalyzerfortimanagerfortianalyzer_big_dataFortiManagerFortiAnalyzer
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-29177
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.24% / 15.47%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 18:07
Updated-30 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiadcfortiddos-fFortiADCFortiDDoS-F
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-26012
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.68% / 47.49%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 14:09
Updated-31 Jan, 2025 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 allow a local authenticated attacker to execute unauthorized code via the CLI.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiapfortiap-w2fortiap-sFortiAPFortiAP-SFortiAP-W2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-47542
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.27% / 18.48%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 14:24
Updated-26 Feb, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortimanagerFortiManagerfortimanager
CWE ID-CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-45325
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 37.71%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 13:50
Updated-10 Sep, 2025 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiDDoS-F version 7.0.0 through 7.02 and before 6.6.3 may allow a privileged attacker to execute unauthorized code or commands via crafted CLI requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiddos-fFortiDDoS-F
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-42757
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.48% / 37.73%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 11:01
Updated-16 Oct, 2025 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortivoicefortianalyzerfortiwebfortiportalfortiproxyfortimanagerfortiswitchfortirecorder_firmwarefortios-6k7kfortiadcfortiosfortindrfortimailFortiManagerFortiRecorderFortiPortalFortiSwitchFortiADCFortiVoiceFortiDDoS-FFortiDDoSFortiNDRFortiMailFortiAnalyzerFortiOSFortiProxyFortiWeb
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-24022
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.22% / 12.25%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 10:32
Updated-25 Oct, 2024 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortianalyzerfortimanagerFortinet FortiAnalyzer, FortiManager
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-22298
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.46% / 36.25%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 16:49
Updated-18 Sep, 2024 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiisolatorFortiIsolatorfortiisolator
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-44170
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.20% / 9.79%
||
7 Day CHG~0.00%
Published-18 Jul, 2022 | 16:35
Updated-25 Oct, 2024 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiproxyfortiosFortinet FortiProxy, FortiOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-43072
Matching Score-8
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-8
Assigner-Fortinet, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.18% / 7.62%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 00:01
Updated-17 Sep, 2024 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI `execute restore image` and `execute certificate remote` operations with the tFTP protocol.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortimanagerfortiproxyfortianalyzerfortiosFortiManagerFortiAnalyzer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-58413
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.30% / 21.76%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 17:01
Updated-09 Jun, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiSASE 25.3.b allows attacker to execute unauthorized code or commands via specially crafted packets

Action-Not Available
Vendor-Fortinet, Inc.Siemens AG
Product-fortisasefortiosFortiOSFortiSASERUGGEDCOM APE1808
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-54820
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7||HIGH
EPSS-0.87% / 54.16%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 16:44
Updated-12 Mar, 2026 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortimanagerFortiManager
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-53843
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.56% / 42.27%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 17:01
Updated-09 Jun, 2026 | 10:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted packets

Action-Not Available
Vendor-Fortinet, Inc.Siemens AG
Product-fortiosFortiOSRUGGEDCOM APE1808
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-30897
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.63% / 45.64%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 16:44
Updated-12 Mar, 2026 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortiWeb
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-24640
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.63% / 45.64%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 16:44
Updated-12 Mar, 2026 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through 7.0.12 may allow a remote authenticated attacker who can bypass stack protection and ASLR to execute arbitrary code or commands via crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortiWeb
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-35276
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-5||MEDIUM
EPSS-0.40% / 31.89%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 14:08
Updated-31 Jan, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker to execute unauthorized code or commands via specially crafted packets.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortianalyzerfortianalyzer_cloudfortimanager_cloudfortimanagerFortiManagerFortiAnalyzer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-35279
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.7||HIGH
EPSS-0.94% / 56.32%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 16:09
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary code or commands via crafted UDP packets through the CAPWAP control, provided the attacker were able to evade FortiOS stack protections and provided the fabric service is running on the exposed interface.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiosFortiOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-23110
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.4||HIGH
EPSS-0.28% / 19.81%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 14:31
Updated-23 Aug, 2024 | 02:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0 all versions allows attacker to execute unauthorized code or commands via specially crafted commands

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiosFortiOSfortios
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25602
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.4||HIGH
EPSS-0.19% / 9.06%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 18:05
Updated-23 Oct, 2024 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier, FortiWeb versions 5.9.1 and earlier, FortiWeb 5.8 all versions, FortiWeb 5.7 all versions, FortiWeb 5.6 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortiWeb
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-23781
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.70% / 48.40%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 18:06
Updated-23 Oct, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortiWeb
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-23780
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.6||HIGH
EPSS-0.79% / 51.62%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 18:05
Updated-23 Oct, 2024 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of privilege via specifically crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortiWeb
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-42756
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-9.3||CRITICAL
EPSS-36.41% / 98.29%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 18:05
Updated-23 Oct, 2024 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortiWeb
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-32756
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-9.6||CRITICAL
EPSS-31.42% / 98.06%
||
7 Day CHG+1.29%
Published-13 May, 2025 | 14:46
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-06-04||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie.

Action-Not Available
Vendor-Fortinet, Inc.
Product-forticamera_firmwarefortivoiceforticamerafortimailfortindrfortirecorderFortiRecorderFortiVoiceFortiCameraFortiNDRFortiMailMultiple Products
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-33871
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.94% / 56.41%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 18:06
Updated-23 Oct, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI `execute backup-local rename` and `execute backup-local show` operations.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortiWeb
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-12820
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.86% / 53.91%
||
7 Day CHG+0.01%
Published-19 Dec, 2024 | 10:57
Updated-21 Jan, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiosFortiOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-30306
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.97% / 57.43%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 18:06
Updated-23 Oct, 2024 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortiWeb
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-46714
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.40% / 69.04%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 16:19
Updated-02 Aug, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiosFortiOSfortios
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-42790
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-7.7||HIGH
EPSS-1.07% / 60.68%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 15:09
Updated-17 Sep, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiproxyfortiosFortiOSFortiProxy
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-33308
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.87% / 76.70%
||
7 Day CHG~0.00%
Published-26 Jul, 2023 | 14:00
Updated-23 Oct, 2024 | 13:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiproxyfortiosFortiOSFortiProxy
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-26010
Matching Score-6
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-6
Assigner-Fortinet, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.79% / 51.43%
||
7 Day CHG~0.00%
Published-11 Jun, 2024 | 14:32
Updated-27 Aug, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specially crafted packets.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiswitchmanagerfortiosfortipamfortiproxyFortiOSFortiSwitchManagerFortiProxyFortiPAM
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-21556
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.31% / 22.17%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 19:10
Updated-17 Sep, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.

Action-Not Available
Vendor-Dell Inc.
Product-poweredge_r740_firmwarepoweredge_r940xapoweredge_mx740c_firmwarepoweredge_r640_firmwarepoweredge_r940xa_firmwarepoweredge_r640poweredge_t640_firmwarepoweredge_r840poweredge_mx840cpoweredge_t640poweredge_mx740cpoweredge_r940_firmwarepoweredge_r840_firmwarepoweredge_r740xd_firmwarepoweredge_r940poweredge_r740poweredge_mx840c_firmwarepoweredge_r740xdPowerEdge BIOS Intel 15G
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-27749
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.57% / 42.94%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 16:40
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Action-Not Available
Vendor-n/aRed Hat, Inc.NetApp, Inc.GNUFedora Project
Product-enterprise_linux_server_eusontap_select_deploy_administration_utilityenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxfedoraenterprise_linux_server_tusgrub2grub2
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-59612
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 0.19%
||
7 Day CHG~0.00%
Published-01 Jun, 2026 | 22:05
Updated-02 Jun, 2026 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow in Windows Compute

Memory corruption in windows drivers while sending incorrect trusted application request

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-x2000094_firmwarewcd9378c_firmwarewcd9385x2000094x2000092wcd9380colognewcd9375_firmwareqcm5430_firmwarewcd9375wcd9380_firmwarewsa8840_firmwareiqx7181_firmwarewsa8840sc8380xp_firmwareiqx5121wsa8845h_firmwareqcm5430fastconnect_6700fastconnect_7800qcm6490snapdragon_8cx_gen_3_compute_platformvideo_collaboration_vc3_platformwcd9370wcd9378cx2000077_firmwarexg101032x2000077fastconnect_7800_firmwareqca0000wsa8835_firmwaresnapdragon_7c\+_gen_3_compute_firmwarefastconnect_6900_firmwareqcm6490_firmwareqca0000_firmwarevideo_collaboration_vc3_platform_firmwarexg101002_firmwarewcd9370_firmwarex2000086xg101039fastconnect_6700_firmwarecologne_firmwarewcd9385_firmwarewsa8845hfastconnect_6900xg101002xg101039_firmwaresnapdragon_8cx_gen_3_compute_platform_firmwarex2000090_firmwareiqx5121_firmwarex2000092_firmwarewsa8835wsa8830_firmwareiqx7181wsa8845xg101032_firmwarewsa8830sc8380xpsnapdragon_7c\+_gen_3_computex2000086_firmwarex2000090wsa8845_firmwareSnapdragon
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-35553
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.4||HIGH
EPSS-0.15% / 4.30%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 04:03
Updated-13 Apr, 2026 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability. An attacker may execute arbitrary code by modifying certain registry values.

Action-Not Available
Vendor-Dynabook Inc.
Product-TOSRFEC.SYSDRFEC.SYS
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2022-44448
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-4
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.09% / 0.56%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 05:27
Updated-26 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.

Action-Not Available
Vendor-Unisoc (Shanghai) Technologies Co., Ltd.Google LLC
Product-t610t820sc9832et760t606s8000t616t310androidt618sc7731et612sc9863at770SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T610/T618/T606/T612/T616/T760/T770/T820/S8000
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-4550
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.7||MEDIUM
EPSS-0.21% / 10.86%
||
7 Day CHG-0.00%
Published-13 Sep, 2024 | 17:26
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-P360 Workstation (ThinkStation) BIOSST58 V2 (ThinkSystem) BIOSST50 (ThinkSystem) BIOSST58 (ThinkSystem) BIOSST50 V2 (ThinkSystem) BIOSthinksystem_st50_v2_firmwarethinkstation_p360_workstation_firmwarethinksystem_st58_v2_firmwarethinksystem_st58_firmwarethinksystem_st50_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-26951
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.13% / 2.91%
||
7 Day CHG~0.00%
Published-20 Apr, 2026 | 16:44
Updated-28 Apr, 2026 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges.

Action-Not Available
Vendor-Dell Inc.
Product-powerprotect_dp_series_appliancedata_domain_operating_systemPowerProtect Data Domain
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-28924
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.57% / 42.68%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:01
Updated-03 May, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Secure Boot Security Feature Bypass Vulnerability

Secure Boot Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_server_2016windows_10_1809windows_server_2012windows_11_22h2windows_10_21h2windows_server_2022_23h2windows_11_21h2windows_10_22h2windows_10_1507windows_server_2022windows_10_1607windows_server_2019Windows 11 version 22H3Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2016Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-23374
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 1.54%
||
7 Day CHG~0.00%
Published-07 Oct, 2024 | 12:58
Updated-16 Oct, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow in Power Management IC

Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800qca9377_firmwaresnapdragon_8_gen_1_mobile_platformsa6155p_firmwarewsa8830wcd9380_firmwaresa6150p_firmwareqca9367_firmwaresa8145p_firmwareqca6584ausw5100pqca6698aqsnapdragon_w5\+_gen_1_wearable_platformqca9367fastconnect_6900fastconnect_6900_firmwarewcn3988_firmwareqca6574ausa8155p_firmwarewsa8835sa6145p_firmwaresa8195pwcd9380sa8150p_firmwarefastconnect_7800_firmwaresw5100sa6155psw5100p_firmwaresnapdragon_8_gen_1_mobile_platform_firmwaresnapdragon_auto_5g_modem-rf_gen_2qca6698aq_firmwaresa6145pqca6174a_firmwareqca6174asnapdragon_auto_5g_modem-rf_gen_2_firmwareqca6584au_firmwareqca6696_firmwarewcn3980qca9377sa8145pqca6696sa8150psa6150psa8155pwsa8830_firmwarewcn3988wsa8835_firmwareqca6574au_firmwaresa8195p_firmwaresw5100_firmwarewcn3980_firmwaresnapdragon_w5\+_gen_1_wearable_platform_firmwareSnapdragonqca9377_firmwareqca6174a_firmwaresa6155p_firmwareqca9367_firmwarewcd9380_firmwaresa6150p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresa8145p_firmwareqca6584au_firmwareqca6696_firmwarefastconnect_6900_firmwarewcn3988_firmwarewsa8830_firmwaresa6145p_firmwaresa8155p_firmwarewsa8835_firmwaresa8150p_firmwarefastconnect_7800_firmwareqca6574au_firmwaresa8195p_firmwaresw5100_firmwarewcn3980_firmwaresw5100p_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareqca6698aq_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23594
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.24% / 14.51%
||
7 Day CHG~0.00%
Published-15 Apr, 2024 | 18:01
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to execute arbitrary code.

Action-Not Available
Vendor-Lenovo Group Limited
Product-Windows 7 and 8 PC Preloadspreload_directory
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-20130
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 0.22%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 03:07
Updated-22 Apr, 2025 | 13:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09193374; Issue ID: MSV-1982.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt8195mt6989mt6885mt6889mt6768mt6855mt6877mt6886mt8796mt8678mt6781mt6897mt6878mt6833mt6893mt6765mt6835mt8676mt6896mt6739mt6761mt6853androidmt6983mt6879mt6789mt6883mt6895mt8696mt6985MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8195, MT8676, MT8678, MT8696, MT8796mt6896mt6855mt6985mt6893mt6833mt6886mt6885mt6983mt6989mt6877mt6878mt6781mt6765mt8195mt6853mt6883mt8676mt8696mt6895mt6789mt6835mt6739mt6761mt6889mt8796mt6768mt6897mt6879mt8678
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-59613
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 0.19%
||
7 Day CHG~0.00%
Published-01 Jun, 2026 | 22:05
Updated-02 Jun, 2026 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Buffer Overflow in Windows Compute

Memory Corruption when output buffer size is smaller than input buffer size during data copying operation.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3988_firmwaresxr2230pwcd9385x2000094wcd9380wcd9375_firmwaresnapdragon_460_mobile_platformwcd9380_firmwarewsa8840_firmwaresnapdragon_460_mobile_platform_firmwareiqx7181_firmwaresc8380xp_firmwareqcm5430fastconnect_6700wcn3950qcm6490snapdragon_662_mobile_platform_firmwarevideo_collaboration_vc3_platformwcd9370x2000077_firmwarexg101032snapdragon_xr2\+_gen_1_platformsnapdragon_7c\+_gen_3_compute_firmwarevideo_collaboration_vc3_platform_firmwarex2000086wsa8815_firmwaresxr2230p_firmwarefastconnect_6700_firmwarexg101002fastconnect_6900iqx5121_firmwarewsa8832wsa8830_firmwaresc8380xpwsa8845_firmwarewsa8845wsa8832_firmwaresnapdragon_xr2_5g_platformx2000094_firmwarewcd9378c_firmwarex2000092sd865_5g_firmwaresxr2250pcologneqcm5430_firmwarewcd9375snapdragon_ar1_gen_1_platform_firmwarewsa8840snapdragon_662_mobile_platformwsa8845h_firmwareiqx5121fastconnect_7800snapdragon_8cx_gen_3_compute_platformwcd9378cwsa8810_firmwarex2000077fastconnect_7800_firmwareqca0000wsa8835_firmwareqcm6490_firmwarefastconnect_6900_firmwareqca0000_firmwarexg101002_firmwarewsa8810wcd9370_firmwaresd865_5gxg101039cologne_firmwarewcd9385_firmwarewsa8845hxg101039_firmwaresnapdragon_8cx_gen_3_compute_platform_firmwarewcn3950_firmwarex2000090_firmwaresnapdragon_xr2_5g_platform_firmwarex2000092_firmwarewsa8835wsa8815iqx7181xg101032_firmwarewsa8830snapdragon_7c\+_gen_3_computesxr2250p_firmwaresnapdragon_ar1_gen_1_platformsnapdragon_xr2\+_gen_1_platform_firmwarex2000086_firmwarex2000090wcn3988Snapdragon
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2022-35867
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.5||HIGH
EPSS-0.30% / 21.22%
||
7 Day CHG~0.00%
Published-03 Aug, 2022 | 15:22
Updated-03 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-15056.

Action-Not Available
Vendor-xhyve_projectxhyve
Product-xhyvexhyve
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-29988
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.9||MEDIUM
EPSS-0.15% / 4.23%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 02:25
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Client Platform BIOS contains a Stack-based Buffer Overflow Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

Action-Not Available
Vendor-Dell Inc.
Product-latitude_3410_firmwareprecision_3590_firmwarelatitude_5430_rugged_laptop_firmwarealienware_m16_r2inspiron_14_7441_firmwareoptiplex_micro_7020inspiron_14_5410latitude_5521_firmwarealienware_m18_r1vostro_3500_firmwareoptiplex_xe4_towerinspiron_14_5440latitude_7420_firmwareinspiron_14_5420_firmwareinspiron_7710_all-in-one_firmwareoptiplex_5490_all-in-one_firmwareoptiplex_5000_small_form_factoroptiplex_tower_plus_7010chengming_3911optiplex_3000_small_form_factor_firmwarelatitude_7650precision_5550_firmwarelatitude_7450_firmwarexps_9315_2-in-1latitude_5520_firmwareprecision_3560vostro_16_5640precision_7780_firmwarexps_16_9640pro_14_premium_pa14250pro_14_plus_pb14250_firmwareprecision_3490optiplex_3000_microoptiplex_all-in-one_7410_firmwareinspiron_15_5518_firmwarelatitude_3410latitude_3550latitude_3340_firmwareprecision_5770_firmwareinspiron_3030sinspiron_7710_all-in-oneprecision_5750_firmwareoptiplex_7000_xe_micro_firmwarexps_15_9520_firmwarevostro_5620_firmwarevostro_14_3430_firmwarelatitude_3450_firmwarelatitude_5421precision_5470_firmwareprecision_3561optiplex_3000_thin_clientvostro_14_3420_firmwareprecision_3580_firmwarelatitude_7330_rugged_laptopprecision_5760vostro_5620latitude_7320_detachable_firmwareoptiplex_5090_tower_firmwarelatitude_7640precision_3591_firmwarealienware_x16_r2_firmwarelatitude_3320_firmwarelatitude_5540g16_7620_firmwarelatitude_7320_detachableprecision_3260_compactinspiron_13_5330optiplex_small_form_factor_plus_7010alienware_m18_r2_firmwareinspiron_14_5410_2-in-1latitude_3510_firmwareprecision_7760xps_15_9510inspiron_15_3511_firmwarealienware_area-51_aat2250_firmwarelatitude_3540vostro_5320optiplex_5400_all-in-one_firmwarealienware_x16_r1latitude_7350_firmwarealienware_m15_r7latitude_3330_firmwareoptiplex_5000_microxps_13_9310_2-in-1pro_rugged_13_ra13250vostro_3030precision_7770xps_17_9710_firmwarevostro_14_3420latitude_7455_firmwareprecision_3260_xe_compactoptiplex_5000_small_form_factor_firmware16_plus_2-in-1_db06250_firmwareprecision_7780latitude_7350_detachable_firmwareprecision_3260_xe_compact_firmwareoptiplex_3000_thin_client_firmwarelatitude_9330_firmwareinspiron_16_7620_2-in-1precision_3460_xe_small_form_factorxps_9320_firmwarelatitude_3440_firmwarelatitude_9420_firmwareg15_5510_firmwarelatitude_5520inspiron_14_5410_firmwarevostro_3020_tower_desktop_firmwareprecision_7680vostro_13_5310_firmwarevostro_14_5410_firmwareinspiron_16_plus_7630latitude_5450latitude_5455_firmwareprecision_3470inspiron_24_5430_all-in-one_firmwarexps_17_9710latitude_3330optiplex_micro_plus_7010g15_5520latitude_5431_firmwareoptiplex_xe4_tower_firmwareinspiron_16_7640_2-in-1optiplex_7000_towerprecision_3260_compact_firmwarepro_rugged_14_rb14250latitude_7650_firmwareprecision_7875_towervostro_16_5630_firmwarevostro_15_7510_firmwareoptiplex_micro_7010inspiron_3020_small_desktopoptiplex_7090_ultra_firmwarelatitude_7530_firmwarelatitude_3320precision_5760_firmwareinspiron_14_5410_2-in-1_firmwarealienware_aurora_act1250_firmware14_plus_db14250vostro_3020_small_desktop_firmwareinspiron_13_5310precision_5470vostro_3500precision_5860_towerpro_14_premium_pa14250_firmwarexps_13_9305latitude_9450inspiron_16_plus_7640_firmwarevostro_15_5510_firmwarelatitude_7320_firmwareoptiplex_7400_all-in-one_firmwarelatitude_7455inspiron_14_7440_2-in-1vostro_3030s_firmwareoptiplex_7000_microinspiron_15_5510_firmwareoptiplex_3090_ultralatitude_5540_firmwareoptiplex_5000_towerprecision_5770inspiron_16_7610latitude_5455latitude_7340_firmwarelatitude_7330_firmwareinspiron_16_7610_firmwareoptiplex_7490_all-in-one_firmwarexps_17_9720_firmwarelatitude_5531vostro_3400inspiron_14_7430_2-in-1_firmwareinspiron_3020_small_desktop_firmwarelatitude_9520precision_5680_firmwareinspiron_14_plus_7430_firmwareprecision_7770_firmwarexps_15_9530latitude_7430inspiron_16_5630_firmwarepro_14_pc14250_firmware16_plus_db16250_firmwarevostro_3910inspiron_3030s_firmwareg15_5530optiplex_small_form_factor_plus_7010_firmwareoptiplex_aio_7420latitude_7030_rugged_extreme_firmwareoptiplex_tower_7020precision_3660_firmwarevostro_15_3510_firmwarevostro_15_3510precision_3480_firmwarelatitude_5320inspiron_14_7420_2-in-1inspiron_13_5330_firmwareoptiplex_5090_small_form_factor_firmwarelatitude_7430_firmware27_all-in-one_ec27250pro_laptop_pc16250_firmwareprecision_3591alienware_x16_r2optiplex_7400_all-in-oneinspiron_27_7730_all-in-one_firmwarelatitude_9430precision_3570precision_7680_firmware14_plus_db14250_firmwareinspiron_3501_firmwarechengming_3911_firmwarelatitude_5320_firmwarelatitude_3540_firmwareinspiron_3030_firmwareprecision_3581_firmwarealienware_m15_r7_firmwareinspiron_14_5420inspiron_14_5430_firmwarevostro_3020_small_desktoplatitude_3550_firmwarelatitude_7330_rugged_laptop_firmwareg15_5530_firmwareinspiron_3891_firmwarelatitude_7520_firmwarexps_9315_2-in-1_firmwarevostro_15_5510optiplex_sff_7020optiplex_tower_7020_firmwarepro_16_plus_pb16250latitude_7230_rugged_extremeoptiplex_7000_tower_firmwarelatitude_3440precision_3280_cff_firmwarealienware_m16_r1precision_3280_cffvostro_3020_tower_desktopoptiplex_3000_small_form_factorlatitude_5530inspiron_15_7510inspiron_16_plus_7630_firmwareinspiron_24_5420_all-in-one_firmwarelatitude_7330precision_7560inspiron_16_5630latitude_7640_firmwareinspiron_16_5620_firmwareinspiron_13_5320xps_13_9315_firmwareinspiron_5410_all-in-one_firmwarelatitude_9440_2-in-1xps_15_9510_firmwarevostro_15_3520_firmwarelatitude_5430_firmwareprecision_3460_small_form_factoralienware_m18_r2latitude_5430precision_7560_firmwareoptiplex_5090_towerinspiron_16_7620_2-in-1_firmwareg16_7630optiplex_7090_ultralatitude_3430_firmwareprecision_5570vostro_5890_firmware24_all-in-one_ec24250_firmwareinspiron_14_544114_plus_2-in-1_db04250vostro_7620latitude_3140optiplex_7090_tower_firmwareoptiplex_tower_7010vostro_15_7510latitude_7530precision_575016_plus_2-in-1_db06250vostro_3710_firmwarelatitude_5330latitude_5420chengming_3910latitude_5350latitude_5530_firmwareinspiron_24_5420_all-in-oneinspiron_15_3520_firmwareprecision_3490_firmwareoptiplex_5000_micro_firmwareinspiron_14_7430_2-in-1latitude_5550_firmwarelatitude_5340_firmwareinspiron_15_5510optiplex_3000_micro_firmwarexps_13_9345xps_13_plus_9320_firmwarexps_15_9500pro_14_plus_pb14250precision_3450_firmwarevostro_5320_firmwarelatitude_3520vostro_14_5410alienware_m15_r6optiplex_3000_towerinspiron_13_5320_firmwarexps_13_9345_firmwareprecision_3571xps_13_9340_firmwarevostro_16_5630latitude_7420optiplex_5490_all-in-onealienware_x14_r2latitude_7350_detachableinspiron_16_plus_7640vostro_3710precision_5860_tower_firmwarelatitude_5450_firmwareprecision_7875_tower_firmwarevostro_14_3440_firmwarevostro_3890_firmwarevostro_5890latitude_5440optiplex_5090_small_form_factorvostro_13_5310vostro_14_3440inspiron_14_plus_7420_firmwareg16_7620optiplex_xe4_sfflatitude_7350xps_16_9640_firmwarexps_13_9310precision_3581vostro_15_3530_firmwareinspiron_5410_all-in-onelatitude_3140_2in1_firmwarelatitude_3140_2in1xps_14_9440_firmwarelatitude_7030_rugged_extremexps_13_934027_all-in-one_ec27250_firmwareoptiplex_tower_7010_firmwareprecision_5680latitude_3430precision_3480latitude_9420alienware_area-51_aat2250pro_16_plus_pb16250_firmwarelatitude_5350_firmwarealienware_m18_r1_firmwarexps_17_9720inspiron_16_plus_7620_firmwareoptiplex_7000_small_form_factor_firmwareoptiplex_tower_plus_7010_firmwareprecision_5560_firmwareg16_7630_firmwareoptiplex_7000_micro_firmwarexps_13_plus_9320vostro_3890g15_5520_firmwareinspiron_14_5440_firmwareoptiplex_7490_all-in-oneinspiron_16_7640_2-in-1_firmwarepro_14_pc14250latitude_5550alienware_x14_r2_firmwareprecision_5490xps_13_9305_firmwareinspiron_15_7510_firmwareg15_5511xps_17_9730_firmwareprecision_5570_firmwareg15_5511_firmwarelatitude_5420_firmwarealienware_x16_r1_firmwarepro_13_plus_pb13250alienware_aurora_act1250latitude_7520latitude_5440_firmwarelatitude_3450chengming_3900_firmwarepro_16_pc16250optiplex_micro_7020_firmwaretower_plus_ebt2250precision_7670chengming_3900pro_rugged_14_rb14250_firmwarepro_13_plus_pb13250_firmwareprecision_7670_firmwareoptiplex_5090_microoptiplex_small_form_factor_7010precision_5690precision_5550latitude_7320pro_laptop_pc14250_firmwareinspiron_27_7720_all-in-oneinspiron_14_plus_7420xps_13_9315vostro_3030slatitude_3530xps_15_9520optiplex_7000_xe_microinspiron_27_7720_all-in-one_firmwareoptiplex_7000_small_form_factoroptiplex_all-in-one_7410inspiron_3030latitude_9330latitude_9520_firmwareprecision_3570_firmwarepro_rugged_13_ra13250_firmwareinspiron_14_plus_7430inspiron_3891pro_16_pc16250_firmwarepro_laptop_pc16250xps_14_9440vostro_3910_firmwareoptiplex_micro_7010_firmwareinspiron_3020_desktop_firmwareoptiplex_aio_7420_firmwareoptiplex_xe4_sff_firmwarexps_13_9350precision_tower_7865_firmwaretower_plus_ebt2250_firmwareprecision_3460_small_form_factor_firmwarelatitude_7340precision_3560_firmwareg15_5510optiplex_7090_towerlatitude_3510latitude_3140_firmwarevostro_15_3530precision_5490_firmwarexps_13_9350_firmware24_all-in-one_ec24250optiplex_sff_7020_firmwareoptiplex_micro_plus_7010_firmwarelatitude_9440_2-in-1_firmwareinspiron_16_7630_2-in-1precision_556014_plus_2-in-1_db04250_firmwarevostro_3400_firmwareinspiron_14_5441_firmwareinspiron_14_7440_2-in-1_firmwarelatitude_9450_firmwarexps_9320latitude_3340precision_7760_firmwarevostro_14_3430precision_5480_firmwareprecision_5690_firmwareinspiron_13_5310_firmwareprecision_7960_tower_firmwareinspiron_16_5640latitude_7440_firmwarexps_15_9500_firmwareinspiron_14_5418precision_7960_towerprecision_tower_7865vostro_15_3520inspiron_15_3511latitude_5431inspiron_14_5430pro_13_premium_pa13250_firmwarelatitude_5531_firmwarealienware_m16_r2_firmwarepro_laptop_pc14250vostro_3690inspiron_16_plus_7620xps_17_9730inspiron_16_7630_2-in-1_firmwarelatitude_9430_firmwareprecision_3680_tower_firmwareprecision_3450latitude_3420_firmwarealienware_m15_r6_firmwareinspiron_3020_desktopvostro_16_5640_firmwarealienware_m16_r1_firmwarelatitude_5421_firmwareinspiron_24_5430_all-in-oneprecision_3660latitude_7450vostro_3690_firmwarexps_13_9310_2-in-1_firmwareprecision_3580precision_5480precision_3460_xe_small_form_factor_firmwareprecision_3650_towervostro_7620_firmwarelatitude_5330_firmwarexps_13_9310_firmwareoptiplex_small_form_factor_7010_firmwarelatitude_3420precision_3650_tower_firmwarepro_13_premium_pa13250precision_3571_firmwarelatitude_3530_firmwareinspiron_15_5518latitude_7440precision_3470_firmwareoptiplex_3090_ultra_firmwarelatitude_5430_rugged_laptopprecision_3561_firmwarexps_15_9530_firmwareprecision_3590inspiron_15_3520latitude_5340inspiron_16_5640_firmwareinspiron_27_7730_all-in-onevostro_3030_firmwareinspiron_3910_firmwareoptiplex_5400_all-in-oneinspiron_14_7420_2-in-1_firmwarelatitude_3520_firmwareinspiron_14_5418_firmwareoptiplex_5000_tower_firmwareinspiron_15_3530inspiron_14_plus_7440_firmwareinspiron_15_3530_firmwarelatitude_7230_rugged_extreme_firmwareoptiplex_3000_tower_firmwarelatitude_5521inspiron_16_5620precision_3680_tower16_plus_db16250optiplex_5090_micro_firmwareinspiron_3910inspiron_14_plus_7440inspiron_14_7441inspiron_3501chengming_3910_firmwareDell Client Platform BIOS
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found