Vulnerabilities > Write-what-where Condition
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-04 | CVE-2021-45465 | Write-what-where Condition vulnerability in Siemens-Healthineers Syngo Fastview A vulnerability has been identified in syngo fastView (All versions). | 7.8 |
| 2022-12-22 | CVE-2022-38143 | Write-what-where Condition vulnerability in Openimageio 2.3.19.0 A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. | 9.8 |
| 2022-05-05 | CVE-2021-38441 | Write-what-where Condition vulnerability in Eclipse Cyclonedds Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser. | 7.5 |
| 2021-10-22 | CVE-2021-42540 | Write-what-where Condition vulnerability in Emerson products The affected product is vulnerable to a unsanitized extract folder for system configuration. | 6.5 |
| 2021-10-22 | CVE-2021-38449 | Write-what-where Condition vulnerability in Auvesy Versiondog Some API functions permit by-design writing or copying data into a given buffer. | 7.5 |
| 2021-05-06 | CVE-2021-1520 | Write-what-where Condition vulnerability in Cisco products A vulnerability in the internal message processing of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, local attacker to run arbitrary commands with root privileges on the underlying operating system (OS). | 6.7 |
| 2021-03-24 | CVE-2021-1390 | Write-what-where Condition vulnerability in Cisco IOS XE A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. | 6.7 |
| 2020-12-11 | CVE-2020-7560 | Write-what-where Condition vulnerability in Schneider-Electric Ecostruxure Control Expert and Unity PRO A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control Expert software. | 6.8 |
| 2018-10-25 | CVE-2018-3971 | Write-what-where Condition vulnerability in Sophos Hitmanpro.Alert 3.7.6.744 An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. | 7.8 |
| 2018-10-05 | CVE-2018-15376 | Write-what-where Condition vulnerability in Cisco IOS 15.5(2.21)T/15.6(3)M A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. | 7.2 |