CWE-787
Out-of-bounds Write
Description
The product writes data past the end, or before the beginning, of the intended buffer.
Hierarchy (View 1000)
CVEs mapped to this weakness (2,513)
page 98 of 126| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-25476 | Med | 0.40 | 6.2 | 0.00 | Mar 11, 2026 | Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the User Name and… | ||
| CVE-2019-25475 | — | Med | 0.40 | 6.2 | 0.00 | Mar 11, 2026 | SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service… | |
| CVE-2019-25474 | Med | 0.40 | 6.2 | 0.00 | Mar 11, 2026 | Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. Attackers can generate a file containing 6000 'A' characters and paste the contents into the Unlock Code field… | ||
| CVE-2019-25469 | Med | 0.40 | 6.2 | 0.00 | Mar 11, 2026 | Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. Attackers can paste a 6000-byte buffer of arbitrary data into the 'Serial Number and… | ||
| CVE-2019-25463 | Med | 0.40 | 6.2 | 0.00 | Mar 11, 2026 | SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 256-character payload into the Key… | ||
| CVE-2018-25198 | Med | 0.40 | 6.2 | 0.00 | Mar 6, 2026 | eToolz 3.4.8.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying oversized input buffers. Attackers can create a payload file containing 255 bytes of data that triggers a buffer overflow condition when processed by the… | ||
| CVE-2026-20023 | Med | 0.40 | 6.1 | 0.00 | Mar 4, 2026 | A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to corrupt memory on an affected device, resulting in a denial of… | ||
| CVE-2025-15555 | Hig | 0.40 | 7.3 | 0.01 | Feb 4, 2026 | A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. The manipulation of the argument OGS_KEY_LEN results in stack-based buffer… | ||
| CVE-2025-0010 | — | Med | 0.40 | 6.1 | 0.00 | Sep 6, 2025 | An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability. | |
| CVE-2024-29222 | Med | 0.40 | 6.1 | 0.00 | May 13, 2025 | Out-of-bounds write for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable denial of service via local access. | ||
| CVE-2025-0690 | Med | 0.40 | 6.1 | 0.01 | Feb 24, 2025 | The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make… | ||
| CVE-2024-20496 | Med | 0.40 | 6.1 | 0.00 | Sep 25, 2024 | A vulnerability in the UDP packet validation code of Cisco SD-WAN vEdge Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to incorrect handling of a specific type of… | ||
| CVE-2023-22351 | Med | 0.40 | 6.1 | 0.00 | Sep 16, 2024 | Out-of-bounds write in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-43688 | Hig | 0.40 | 7.3 | 0.01 | Aug 20, 2024 | cron/entry.c in vixie cron before 9cc8ab1, as used in OpenBSD 7.4 and 7.5, allows a heap-based buffer underflow and memory corruption. NOTE: this issue was introduced during a May 2023 refactoring. | ||
| CVE-2026-43671 | hig | 0.39 | — | 0.00 | Jun 12, 2026 | ### Summary A program using swift-nio is vulnerable to a potential out-of-bounds write when attacker-controlled index or length values exceeding `UInt32.max` are passed to some `ByteBuffer` methods. This affects all swift-nio versions from 1.0.0 to 2.99.0. It is fixed in… | ||
| CVE-2026-43166 | Hig | 0.39 | 7.1 | 0.00 | May 6, 2026 | In the Linux kernel, the following vulnerability has been resolved: erofs: fix interlaced plain identification for encoded extents Only plain data whose start position and on-disk physical length are both aligned to the block size should be classified as interlaced plain… | ||
| CVE-2026-31707 | Hig | 0.39 | 7.1 | 0.00 | May 1, 2026 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate response sizes in ipc_validate_msg() ipc_validate_msg() computes the expected message size for each response type by adding (or multiplying) attacker-controlled fields from the daemon response… | ||
| CVE-2026-31699 | Hig | 0.39 | 7.1 | 0.00 | May 1, 2026 | In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving the PEK CSR, don't attempt to copy the blob to userspace if the firmware command failed. If the failure was due to an… | ||
| CVE-2026-31698 | Hig | 0.39 | 7.1 | 0.00 | May 1, 2026 | In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed When retrieving the PDH cert, don't attempt to copy the blobs to userspace if the firmware command failed. If the failure was due… | ||
| CVE-2026-31697 | Hig | 0.39 | 7.1 | 0.00 | May 1, 2026 | In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed When retrieving the ID for the CPU, don't attempt to copy the ID blob to userspace if the firmware command failed. If the failure was… |
- risk 0.40cvss 6.2epss 0.00
Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the User Name and…
- risk 0.40cvss 6.2epss 0.00
SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service…
- risk 0.40cvss 6.2epss 0.00
Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. Attackers can generate a file containing 6000 'A' characters and paste the contents into the Unlock Code field…
- risk 0.40cvss 6.2epss 0.00
Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. Attackers can paste a 6000-byte buffer of arbitrary data into the 'Serial Number and…
- risk 0.40cvss 6.2epss 0.00
SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 256-character payload into the Key…
- risk 0.40cvss 6.2epss 0.00
eToolz 3.4.8.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying oversized input buffers. Attackers can create a payload file containing 255 bytes of data that triggers a buffer overflow condition when processed by the…
- risk 0.40cvss 6.1epss 0.00
A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to corrupt memory on an affected device, resulting in a denial of…
- risk 0.40cvss 7.3epss 0.01
A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. The manipulation of the argument OGS_KEY_LEN results in stack-based buffer…
- risk 0.40cvss 6.1epss 0.00
An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability.
- risk 0.40cvss 6.1epss 0.00
Out-of-bounds write for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable denial of service via local access.
- risk 0.40cvss 6.1epss 0.01
The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make…
- risk 0.40cvss 6.1epss 0.00
A vulnerability in the UDP packet validation code of Cisco SD-WAN vEdge Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to incorrect handling of a specific type of…
- risk 0.40cvss 6.1epss 0.00
Out-of-bounds write in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
- risk 0.40cvss 7.3epss 0.01
cron/entry.c in vixie cron before 9cc8ab1, as used in OpenBSD 7.4 and 7.5, allows a heap-based buffer underflow and memory corruption. NOTE: this issue was introduced during a May 2023 refactoring.
- risk 0.39cvss —epss 0.00
### Summary A program using swift-nio is vulnerable to a potential out-of-bounds write when attacker-controlled index or length values exceeding `UInt32.max` are passed to some `ByteBuffer` methods. This affects all swift-nio versions from 1.0.0 to 2.99.0. It is fixed in…
- risk 0.39cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: erofs: fix interlaced plain identification for encoded extents Only plain data whose start position and on-disk physical length are both aligned to the block size should be classified as interlaced plain…
- risk 0.39cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate response sizes in ipc_validate_msg() ipc_validate_msg() computes the expected message size for each response type by adding (or multiplying) attacker-controlled fields from the daemon response…
- risk 0.39cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving the PEK CSR, don't attempt to copy the blob to userspace if the firmware command failed. If the failure was due to an…
- risk 0.39cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed When retrieving the PDH cert, don't attempt to copy the blobs to userspace if the firmware command failed. If the failure was due…
- risk 0.39cvss 7.1epss 0.00
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed When retrieving the ID for the CPU, don't attempt to copy the ID blob to userspace if the firmware command failed. If the failure was…