Total
35 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1390 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 7.2 HIGH | 5.1 MEDIUM |
| A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege level 15. This vulnerability exists because the affected software permits modification of the run-time memory of an affected device under specific circumstances. An attacker could exploit this vulnerability by authenticating to the affected device and issuing a specific diagnostic test command at the CLI. A successful exploit could trigger a logic error in the code that was designed to restrict run-time memory modifications. The attacker could take advantage of this logic error to overwrite system memory locations and execute arbitrary code on the underlying Linux operating system (OS) of the affected device. | |||||
| CVE-2020-7560 | 1 Schneider-electric | 2 Ecostruxure Control Expert, Unity Pro | 2024-11-21 | 6.8 MEDIUM | 8.6 HIGH |
| A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control Expert software. | |||||
| CVE-2020-2001 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges. This issue affects: All PAN-OS 7.1 Panorama and 8.0 Panorama versions; PAN-OS 8.1 versions earlier than 8.1.12 on Panorama; PAN-OS 9.0 versions earlier than 9.0.6 on Panorama. | |||||
| CVE-2020-16225 | 1 Deltaww | 1 Tpeditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | |||||
| CVE-2018-3971 | 1 Sophos | 1 Hitmanpro.alert | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in memory corruption. An attacker can send IRP request to trigger this vulnerability. | |||||
| CVE-2018-16962 | 2 Apple, Webroot | 2 Macos, Secureanywhere | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges. | |||||
| CVE-2018-15376 | 1 Cisco | 1 Ios | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device. | |||||
| CVE-2018-15375 | 1 Cisco | 1 Ios | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device. | |||||
| CVE-2018-12036 | 1 Owasp | 1 Dependency-check | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames. | |||||
| CVE-2017-6282 | 2 Google, Nvidia | 3 Android, Shield Tv, Shield Tv Firmware | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an attacker has the ability to write an arbitrary value to an arbitrary location which may lead to an escalation of privileges. This issue is rated as high. | |||||
| CVE-2014-5435 | 1 Honeywell | 1 Experion Process Knowledge System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary memory write vulnerability exists in the dual_onsrv.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, that could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | |||||
| CVE-2024-47438 | 1 Adobe | 1 Substance 3d Painter | 2024-11-13 | N/A | 5.5 MEDIUM |
| Substance3D - Painter versions 10.1.0 and earlier are affected by a Write-what-where Condition vulnerability that could lead to a memory leak. This vulnerability allows an attacker to write a controlled value at a controlled memory location, which could result in the disclosure of sensitive memory content. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-45142 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-10-18 | N/A | 7.8 HIGH |
| Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability allows an attacker to write a controlled value to an arbitrary memory location, potentially leading to code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-44067 | 2024-08-20 | N/A | 8.4 HIGH | ||
| The T-Head XuanTie C910 CPU in the TH1520 SoC and the T-Head XuanTie C920 CPU in the SOPHON SG2042 have instructions that allow unprivileged attackers to write to arbitrary physical memory locations, aka GhostWrite. | |||||
| CVE-2024-42479 | 1 Ggerganov | 1 Llama.cpp | 2024-08-15 | N/A | 10.0 CRITICAL |
| llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561. | |||||