Vulnerabilities > Write-what-where Condition

DATE CVE VULNERABILITY TITLE RISK
2024-01-04 CVE-2021-45465 Write-what-where Condition vulnerability in Siemens-Healthineers Syngo Fastview
A vulnerability has been identified in syngo fastView (All versions).
local
low complexity
siemens-healthineers CWE-123
7.8
2022-12-22 CVE-2022-38143 Write-what-where Condition vulnerability in Openimageio 2.3.19.0
A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images.
network
low complexity
openimageio CWE-123
critical
9.8
2022-05-05 CVE-2021-38441 Write-what-where Condition vulnerability in Eclipse Cyclonedds
Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.
network
low complexity
eclipse CWE-123
7.5
2021-10-22 CVE-2021-42540 Write-what-where Condition vulnerability in Emerson products
The affected product is vulnerable to a unsanitized extract folder for system configuration.
network
low complexity
emerson CWE-123
6.5
2021-10-22 CVE-2021-38449 Write-what-where Condition vulnerability in Auvesy Versiondog
Some API functions permit by-design writing or copying data into a given buffer.
network
low complexity
auvesy CWE-123
7.5
2021-05-06 CVE-2021-1520 Write-what-where Condition vulnerability in Cisco products
A vulnerability in the internal message processing of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, local attacker to run arbitrary commands with root privileges on the underlying operating system (OS).
local
low complexity
cisco CWE-123
6.7
2021-03-24 CVE-2021-1390 Write-what-where Condition vulnerability in Cisco IOS XE
A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device.
local
low complexity
cisco CWE-123
6.7
2020-12-11 CVE-2020-7560 Write-what-where Condition vulnerability in Schneider-Electric Ecostruxure Control Expert and Unity PRO
A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control Expert software.
6.8
2018-10-25 CVE-2018-3971 Write-what-where Condition vulnerability in Sophos Hitmanpro.Alert 3.7.6.744
An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744.
local
low complexity
sophos CWE-123
7.8
2018-10-05 CVE-2018-15376 Write-what-where Condition vulnerability in Cisco IOS 15.5(2.21)T/15.6(3)M
A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device.
local
low complexity
cisco CWE-123
7.2