Vulnerabilities (CVE)

Filtered by CWE-787
Total 12282 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-30369 1 Tenda 2 Ac15, Ac15 Firmware 2025-02-04 N/A 9.8 CRITICAL
Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow.
CVE-2023-30368 1 Tenda 2 Ac5, Ac5 Firmware 2025-02-04 N/A 9.8 CRITICAL
Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWebs function.
CVE-2023-30414 1 Jerryscript 1 Jerryscript 2025-02-04 N/A 5.5 MEDIUM
Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vm_loop at /jerry-core/vm/vm.c.
CVE-2023-30373 1 Tenda 2 Ac15, Ac15 Firmware 2025-02-04 N/A 9.8 CRITICAL
In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a stack-based buffer overflow vulnerability.
CVE-2023-30372 1 Tenda 2 Ac15, Ac15 Firmware 2025-02-04 N/A 9.8 CRITICAL
In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack-based buffer overflow vulnerability.
CVE-2023-24819 1 Riot-os 1 Riot 2025-02-04 N/A 9.8 CRITICAL
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually.
CVE-2020-16010 1 Google 2 Android, Chrome 2025-02-04 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2019-5825 1 Google 1 Chrome 2025-02-04 4.3 MEDIUM 6.5 MEDIUM
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2023-20869 1 Vmware 2 Fusion, Workstation 2025-02-04 N/A 8.2 HIGH
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.
CVE-2024-32039 2 Fedoraproject, Freerdp 2 Fedora, Freerdp 2025-02-04 N/A 9.8 CRITICAL
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).
CVE-2024-22448 1 Dell 536 Alienware M15 R6, Alienware M15 R6 Firmware, Alienware M15 R7 and 533 more 2025-02-04 N/A 4.7 MEDIUM
Dell BIOS contains an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.
CVE-2024-25942 1 Dell 50 Nx3230, Nx3230 Firmware, Nx3330 and 47 more 2025-02-04 N/A 4.4 MEDIUM
Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM.
CVE-2024-22453 1 Dell 50 Nx3230, Nx3230 Firmware, Nx3330 and 47 more 2025-02-04 N/A 7.2 HIGH
Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privileged attacker could potentially exploit this vulnerability to write to otherwise unauthorized memory.
CVE-2024-0162 1 Dell 116 Emc Xc Core Xc450, Emc Xc Core Xc450 Firmware, Emc Xc Core Xc650 and 113 more 2025-02-04 N/A 5.3 MEDIUM
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM.
CVE-2024-32855 1 Dell 148 Inspiron 3480, Inspiron 3480 Firmware, Inspiron 3580 and 145 more 2025-02-04 N/A 3.8 LOW
Dell Client Platform BIOS contains an Out-of-bounds Write vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.
CVE-2023-2241 1 Podofo Project 1 Podofo 2025-02-04 4.3 MEDIUM 5.3 MEDIUM
A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability.
CVE-2023-29578 1 Mp4v2 Project 1 Mp4v2 2025-02-04 N/A 8.8 HIGH
mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the mp4v2::impl::MP4StringProperty::~MP4StringProperty() function at src/mp4property.cpp.
CVE-2023-20872 2 Apple, Vmware 3 Mac Os X, Fusion, Workstation 2025-02-04 N/A 8.8 HIGH
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.
CVE-2025-20639 2 Google, Mediatek 44 Android, Mt6739, Mt6761 and 41 more 2025-02-04 N/A 6.6 MEDIUM
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2060.
CVE-2025-20641 2 Google, Mediatek 44 Android, Mt6739, Mt6761 and 41 more 2025-02-04 N/A 6.6 MEDIUM
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2058.