CWE-823
89 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-823page 2 of 2
- CVE-2024-33041MEDIUMCVSS 6.7EG 6.72025-01-06
Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,
- CVE-2024-42383MEDIUMCVSS 4.2EG 4.22024-11-18
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field.
- CVE-2024-42386HIGHCVSS 8.2EG 8.22024-11-18
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.
- CVE-2024-42387MEDIUMCVSS 5.3EG 5.32024-11-18
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
- CVE-2024-42388MEDIUMCVSS 5.3EG 5.32024-11-18
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
- CVE-2024-42389MEDIUMCVSS 5.3EG 5.32024-11-18
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
- CVE-2024-42390MEDIUMCVSS 4.3EG 4.32024-11-18
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
- CVE-2024-42391MEDIUMCVSS 4.3EG 4.32024-11-18
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space.
- CVE-2024-42416HIGHCVSS 8.8EG 8.42024-09-05
The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtio_scs…
- CVE-2024-43060HIGHCVSS 7.8EG 7.82025-03-03
Memory corruption during voice activation, when sound model parameters are loaded from HLOS to ADSP.
- CVE-2024-45557HIGHCVSS 7.8EG 7.82025-04-07
Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation.
- CVE-2024-45570MEDIUMCVSS 6.6EG 6.62025-05-06
Memory corruption may occur during IO configuration processing when the IO port count is invalid.
- CVE-2024-45573HIGHCVSS 7.8EG 7.82025-02-03
Memory corruption may occour while generating test pattern due to negative indexing of display ID.
- CVE-2024-47893MEDIUMCVSS 6.5EG 6.52025-05-17
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to read and/or write data outside the Guest's virtualised GPU memory.
- CVE-2024-47894HIGHCVSS 7.1EG 7.12025-01-13
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory.
- CVE-2024-47895HIGHCVSS 7.1EG 7.12025-01-13
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory.
- CVE-2024-47896LOWCVSS 3.3EG 3.32025-02-22
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
- CVE-2024-47900HIGHCVSS 7.8EG 7.82025-01-31
Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.
- CVE-2024-49840HIGHCVSS 7.8EG 7.82025-02-03
Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality.
- CVE-2024-52935MEDIUMCVSS 4.1EG 4.12025-01-13
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
- CVE-2024-52936MEDIUMCVSS 4.4EG 4.42025-01-13
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest's virtualised GPU memory.
- CVE-2024-52937MEDIUMCVSS 6.7EG 6.72025-01-13
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
- CVE-2024-52938HIGHCVSS 7.8EG 7.82025-01-13
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to subvert reconstruction activities to trigger a write of data outside the Guest's virtualised GPU memory.
- CVE-2024-52939HIGHCVSS 7.8EG 7.82025-02-22
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to trigger a write data outside the Guest's virtualised GPU memory.
- CVE-2024-53017MEDIUMCVSS 6.6EG 6.62025-06-03
Memory corruption while handling test pattern generator IOCTL command.
- CVE-2024-6603HIGHCVSS 7.4EG 7.42024-07-09
In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunder…
- CVE-2025-0467HIGHCVSS 8.2EG 8.22025-04-18
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
- CVE-2025-11232HIGHCVSS 7.5EG 7.52025-10-29
To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must be empty (the default); and "ddns-qualif…
- CVE-2025-25180HIGHCVSS 7.8EG 7.82025-07-14
Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allo…
- CVE-2025-27059HIGHCVSS 8.8EG 8.82025-10-09
Memory corruption while performing SCM call.
- CVE-2025-46806MEDIUMCVSS 6.9EG 0.02025-06-02
A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4.
- CVE-2025-47349HIGHCVSS 7.8EG 7.82025-10-09
Memory corruption while processing an escape call.
- CVE-2025-54152MEDIUMCVSS 6.5EG 6.52026-02-11
A use of out-of-range pointer offset vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read sensitive portions of memory. We have already fixed t…
- CVE-2026-21487MEDIUMCVSS 6.1EG 6.12026-01-06
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have an Out-of-bounds Read, Use of Out-of-range Pointer Offset and have Improper Input Validation in its CIccProfile::L…
- CVE-2026-23764MEDIUMCVSS 6.8EG 0.02026-01-22
VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlie…
- CVE-2026-28764HIGHCVSS 7.8EG 7.82026-05-21
MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability
- CVE-2026-34193MEDIUMCVSS 4.3EG 0.02026-06-01
Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address translation allowed a compromised Host …
- CVE-2026-41907HIGHCVSS 7.5EG 7.52026-04-24
uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). This allows silent partial writes into caller-p…
- CVE-2026-42946MEDIUMCVSS 6.5EG 6.52026-05-13
A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with m…
Map vulnerabilities like CWE-823 to your infrastructure
EchelonGraph correlates every CVE — across CWE-823 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →