Vulnerabilities > Write-what-where Condition

DATE CVE VULNERABILITY TITLE RISK
2022-05-05 CVE-2021-38441 Write-what-where Condition vulnerability in Eclipse Cyclonedds
Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.
network
low complexity
eclipse CWE-123
7.5
2021-10-22 CVE-2021-42540 Write-what-where Condition vulnerability in Emerson products
The affected product is vulnerable to a unsanitized extract folder for system configuration.
network
low complexity
emerson CWE-123
6.5
2021-10-22 CVE-2021-38449 Write-what-where Condition vulnerability in Auvesy Versiondog
Some API functions permit by-design writing or copying data into a given buffer.
network
low complexity
auvesy CWE-123
7.5
2021-09-01 CVE-2021-36057 Write-what-where Condition vulnerability in Adobe XMP Toolkit Software Development KIT 2020.1
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application's memory allocation process.
local
low complexity
adobe CWE-123
2.1
2021-05-06 CVE-2021-1520 Write-what-where Condition vulnerability in Cisco products
A vulnerability in the internal message processing of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, local attacker to run arbitrary commands with root privileges on the underlying operating system (OS).
local
low complexity
cisco CWE-123
7.2
2021-03-24 CVE-2021-1390 Write-what-where Condition vulnerability in Cisco IOS XE
A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device.
local
low complexity
cisco CWE-123
7.2
2020-12-11 CVE-2020-7560 Write-what-where Condition vulnerability in Schneider-Electric Ecostruxure Control Expert and Unity PRO
A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions), that could cause a crash of the software or unexpected code execution when opening a malicious file in EcoStruxure™ Control Expert software.
6.8
2018-10-25 CVE-2018-3971 Write-what-where Condition vulnerability in Sophos Hitmanpro.Alert 3.7.6.744
An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744.
local
low complexity
sophos CWE-123
7.2
2018-10-05 CVE-2018-15376 Write-what-where Condition vulnerability in Cisco IOS 15.5(2.21)T/15.6(3)M
A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device.
local
low complexity
cisco CWE-123
7.2
2018-10-05 CVE-2018-15375 Write-what-where Condition vulnerability in Cisco IOS 15.5(2.21)T/15.6(3)M
A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device.
local
low complexity
cisco CWE-123
7.2