VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 108 of 549
  • CVE-2025-5268HigMay 27, 2025
    risk 0.53cvss 8.1epss 0.00

    Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This…

  • CVE-2025-31234HigMay 12, 2025
    risk 0.53cvss 8.2epss 0.00

    The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.

  • CVE-2025-4093HigApr 29, 2025
    risk 0.53cvss 8.1epss 0.00

    Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox ESR 128.10 and Thunderbird…

  • CVE-2025-4091HigApr 29, 2025
    risk 0.53cvss 8.1epss 0.00

    Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability…

  • CVE-2024-8938HigNov 13, 2024
    risk 0.53cvss 8.1epss 0.01

    CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call to tamper with memory area…

  • CVE-2024-1174HigMar 1, 2024
    risk 0.53cvss 8.2epss 0.00

    Previous versions of HP ThinPro (prior to HP ThinPro 8.0 SP 8) could potentially contain security vulnerabilities. HP has released HP ThinPro 8.0 SP 8, which includes updates to mitigate potential vulnerabilities.

  • CVE-2020-36446HigAug 8, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in the signal-simple crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for SyncChannel.

  • CVE-2020-36445HigAug 8, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in the convec crate through 2020-11-24 for Rust. There are unconditional implementations of Send and Sync for ConVec.

  • CVE-2020-36444HigAug 8, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in the async-coap crate through 2020-12-08 for Rust. Send and Sync are implemented for ArcGuard<RC, T> without trait bounds on RC.

  • CVE-2020-36442HigAug 8, 2021
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in the beef crate before 0.5.0 for Rust. beef::Cow has no Sync bound on its Send trait.

  • CVE-2018-8423HigOct 10, 2018
    risk 0.53cvss 7.8epss 0.33

    A remote code execution vulnerability exists in the Microsoft JET Database Engine, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server…

  • CVE-2018-0423HigOct 5, 2018
    risk 0.53cvss 8.1epss 0.07

    A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or…

  • CVE-2017-1084HigSep 12, 2018
    risk 0.53cvss 7.5epss 0.15

    In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack overflow.

  • CVE-2018-14338HigJul 17, 2018
    risk 0.53cvss 8.1epss 0.01

    samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.

  • CVE-2018-5178HigJun 11, 2018
    risk 0.53cvss 8.1epss 0.05

    A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8,…

  • CVE-2018-10728HigMay 17, 2018
    risk 0.53cvss 8.1epss 0.02

    All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows (a different vulnerability than CVE-2018-10731).

  • CVE-2018-8872HigMay 4, 2018
    risk 0.53cvss 8.1epss 0.02

    In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory.

  • CVE-2016-10433HigApr 18, 2018
    risk 0.53cvss 8.1epss 0.01

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD…

  • CVE-2018-1003HigApr 12, 2018
    risk 0.53cvss 7.8epss 0.23

    A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1,…

  • CVE-2018-1218HigMar 19, 2018
    risk 0.53cvss 7.5epss 0.14

    In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. A remote unauthenticated attacker could potentially exploit this vulnerability…