VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 102 of 549
  • CVE-2016-0840HigApr 18, 2016
    risk 0.55cvss 8.4epss 0.02

    Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26399350.

  • CVE-2016-1340HigApr 16, 2016
    risk 0.55cvss 8.4epss 0.00

    Heap-based buffer overflow in Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted libclimeta.so filename arguments, aka Bug ID CSCux68837.

  • CVE-2016-0135HigApr 12, 2016
    risk 0.55cvss 8.4epss 0.02

    The Secondary Logon Service in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."

  • CVE-2016-2558HigApr 12, 2016
    risk 0.55cvss 8.4epss 0.00

    The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or gain privileges via unspecified vectors related…

  • CVE-2016-2857HigApr 12, 2016
    risk 0.55cvss 8.4epss 0.01

    The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.

  • CVE-2016-1768HigMar 24, 2016
    risk 0.55cvss 7.8epss 0.17

    QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767.

  • CVE-2016-0111HigMar 9, 2016
    risk 0.55cvss 7.5epss 0.44

    Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than…

  • CVE-2016-0108HigMar 9, 2016
    risk 0.55cvss 7.5epss 0.43

    Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0102, CVE-2016-0103,…

  • CVE-2011-1282HigJul 13, 2011
    risk 0.55cvss 8.4epss 0.02

    The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and…

  • CVE-2026-4734CriMar 24, 2026
    risk 0.54cvss epss 0.00

    Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in yoyofr modizer (libs/libopenmpt/openmpt-trunk/include/premake/contrib/curl/lib modules). This vulnerability is associated with program files imap.C‎. This issue affects modizer: before…

  • CVE-2023-31364HigFeb 26, 2026
    risk 0.54cvss epss 0.00

    Improper handling of direct memory writes in the input-output memory management unit could allow a malicious guest virtual machine (VM) to flood a host with writes, potentially causing a fatal machine check error resulting in denial of service.

  • CVE-2020-13934HigJul 14, 2020
    risk 0.54cvss 7.5epss 0.64

    An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial…

  • CVE-2018-9515HigOct 2, 2018
    risk 0.54cvss 7.8epss 0.01

    In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…

  • CVE-2017-1085HigSep 12, 2018
    risk 0.54cvss 7.8epss 0.02

    In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() to increase RLIMIT_STACK may turn a read-only memory region below the stack into a read-write region. A specially crafted executable could be exploited to execute arbitrary code in the user context.

  • CVE-2018-12897HigSep 7, 2018
    risk 0.54cvss 7.8epss 0.02

    SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow.

  • CVE-2017-2795HigSep 7, 2018
    risk 0.54cvss 8.3epss 0.01

    An exploitable heap corruption vulnerability exists in the Txo functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS…

  • CVE-2017-2792HigSep 7, 2018
    risk 0.54cvss 8.3epss 0.01

    An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious xls…

  • CVE-2018-16302HigSep 1, 2018
    risk 0.54cvss 7.8epss 0.04

    MediaComm Zip-n-Go before 4.95 has a Buffer Overflow via a crafted file.

  • CVE-2018-10873HigAug 17, 2018
    risk 0.54cvss 8.3epss 0.04

    A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a…

  • CVE-2018-4241HigJun 8, 2018
    risk 0.54cvss 7.8epss 0.08

    An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in mptcp_usr_connectx allows attackers…