VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 183 of 549
  • CVE-2017-11901HigDec 12, 2017
    risk 0.49cvss 7.5epss 0.08

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how…

  • CVE-2017-11895HigDec 12, 2017
    risk 0.49cvss 7.5epss 0.08

    ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to…

  • CVE-2017-11894HigDec 12, 2017
    risk 0.49cvss 7.5epss 0.08

    ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer adn Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an…

  • CVE-2017-11888HigDec 12, 2017
    risk 0.49cvss 7.5epss 0.08

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability".

  • CVE-2017-11886HigDec 12, 2017
    risk 0.49cvss 7.5epss 0.09

    Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how…

  • CVE-2017-17497HigDec 10, 2017
    risk 0.49cvss 7.5epss 0.01

    In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value.

  • CVE-2017-8821HigDec 3, 2017
    risk 0.49cvss 7.5epss 0.02

    In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which…

  • CVE-2017-10901HigDec 1, 2017
    risk 0.49cvss 7.5epss 0.01

    Buffer overflow in PTW-WMS1 firmware version 2.000.012 allows remote attackers to conduct denial-of-service attacks via unspecified vectors.

  • CVE-2017-1000198HigNov 17, 2017
    risk 0.49cvss 7.5epss 0.01

    tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service

  • CVE-2017-9696HigNov 16, 2017
    risk 0.49cvss 7.5epss 0.00

    In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer over-read is possible in camera driver function msm_isp_stop_stats_stream. Variable stream_cfg_cmd->num_streams is from userspace, and it is not checked against…

  • CVE-2017-11866HigNov 15, 2017
    risk 0.49cvss 7.5epss 0.08

    ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine…

  • CVE-2017-11858HigNov 15, 2017
    risk 0.49cvss 7.5epss 0.08

    ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server,…

  • CVE-2017-11856HigNov 15, 2017
    risk 0.49cvss 7.5epss 0.06

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights…

  • CVE-2017-11846HigNov 15, 2017
    risk 0.49cvss 7.5epss 0.08

    ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server,…

  • CVE-2017-11845HigNov 15, 2017
    risk 0.49cvss 7.5epss 0.08

    Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability".

  • CVE-2017-11843HigNov 15, 2017
    risk 0.49cvss 7.5epss 0.08

    ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server,…

  • CVE-2017-11838HigNov 15, 2017
    risk 0.49cvss 7.5epss 0.09

    ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version…

  • CVE-2017-11837HigNov 15, 2017
    risk 0.49cvss 7.5epss 0.09

    ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version…

  • CVE-2017-11836HigNov 15, 2017
    risk 0.49cvss 7.5epss 0.08

    ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine…

  • CVE-2017-11827HigNov 15, 2017
    risk 0.49cvss 7.5epss 0.08

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows…