VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 13 of 549
  • CVE-2018-12918CriJun 27, 2018
    risk 0.64cvss 9.8epss 0.01

    In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcB_register_fields in bootstrap.c.

  • CVE-2018-12916CriJun 27, 2018
    risk 0.64cvss 9.8epss 0.01

    In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcP_message_default in proto.c.

  • CVE-2018-1000537CriJun 26, 2018
    risk 0.64cvss 9.8epss 0.03

    Marlin Firmware Marlin version 1.1.x and earlier contains a Buffer Overflow vulnerability in cardreader.cpp (Depending on branch/version) that can result in Arbitrary code execution. This attack appear to be exploitable via Crafted G-Code instruction/file is sent to the printer.

  • CVE-2018-0608CriJun 26, 2018
    risk 0.64cvss 9.8epss 0.04

    Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors.

  • CVE-2018-12640CriJun 23, 2018
    risk 0.64cvss 9.8epss 0.02

    The webService binary on Insteon HD IP Camera White 2864-222 devices has a Buffer Overflow via a crafted pid, pwd, or usr key in a GET request on port 34100.

  • CVE-2018-0314CriJun 20, 2018
    risk 0.64cvss 9.8epss 0.06

    A vulnerability in the Cisco Fabric Services (CFS) component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability exists because the affected software insufficiently…

  • CVE-2018-0312CriJun 20, 2018
    risk 0.64cvss 9.8epss 0.06

    A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because…

  • CVE-2018-0308CriJun 20, 2018
    risk 0.64cvss 9.8epss 0.06

    A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability exists because the affected software…

  • CVE-2018-10621CriJun 18, 2018
    risk 0.64cvss 9.8epss 0.04

    Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or…

  • CVE-2018-10617CriJun 18, 2018
    risk 0.64cvss 9.8epss 0.04

    Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or…

  • CVE-2018-12422CriJun 15, 2018
    risk 0.64cvss 9.8epss 0.02

    addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code…

  • CVE-2018-1151CriJun 12, 2018
    risk 0.64cvss 9.8epss 0.08

    The web server on Western Digital TV Media Player 1.03.07 and TV Live Hub 3.12.13 allow unauthenticated remote attackers to execute arbitrary code or cause denial of service via crafted HTTP requests to toServerValue.cgi.

  • CVE-2018-5183CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8.

  • CVE-2018-5151CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    Memory safety bugs were reported in Firefox 59. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 60.

  • CVE-2018-5150CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects…

  • CVE-2018-5145CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.

  • CVE-2018-5126CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.02

    Memory safety bugs were reported in Firefox 58. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 59.

  • CVE-2018-5090CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.02

    Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 58.

  • CVE-2018-5089CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox…

  • CVE-2017-7827CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    Memory safety bugs were reported in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57.