VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 186 of 549
  • CVE-2014-9497HigAug 29, 2017
    risk 0.49cvss 7.5epss 0.02

    Buffer overflow in mpg123 before 1.18.0.

  • CVE-2015-2675HigAug 18, 2017
    risk 0.49cvss 7.5epss 0.03

    The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the…

  • CVE-2015-1783HigAug 11, 2017
    risk 0.49cvss 7.5epss 0.03

    The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors.

  • CVE-2017-3091HigAug 11, 2017
    risk 0.49cvss 7.5epss 0.08

    Adobe Digital Editions 4.5.4 and earlier versions 4.5.4 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-11280HigAug 11, 2017
    risk 0.49cvss 7.5epss 0.06

    Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-11278HigAug 11, 2017
    risk 0.49cvss 7.5epss 0.06

    Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-11277HigAug 11, 2017
    risk 0.49cvss 7.5epss 0.06

    Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-11276HigAug 11, 2017
    risk 0.49cvss 7.5epss 0.06

    Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-8674HigAug 8, 2017
    risk 0.49cvss 7.5epss 0.09

    Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption…

  • CVE-2017-8672HigAug 8, 2017
    risk 0.49cvss 7.5epss 0.09

    Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka…

  • CVE-2017-8669HigAug 8, 2017
    risk 0.49cvss 7.5epss 0.08

    Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to…

  • CVE-2017-8661HigAug 8, 2017
    risk 0.49cvss 7.5epss 0.06

    Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory…

  • CVE-2017-8655HigAug 8, 2017
    risk 0.49cvss 7.5epss 0.09

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka…

  • CVE-2017-8653HigAug 8, 2017
    risk 0.49cvss 7.5epss 0.09

    Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current…

  • CVE-2017-8651HigAug 8, 2017
    risk 0.49cvss 7.5epss 0.06

    Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows Server 2012 allows an attacker to execute arbitrary code in the context of the current user due to Internet Explorer improperly accessing objects in memory, aka "Internet Explorer Memory Corruption Vulnerability".

  • CVE-2017-8647HigAug 8, 2017
    risk 0.49cvss 7.5epss 0.09

    Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This…

  • CVE-2017-8639HigAug 8, 2017
    risk 0.49cvss 7.5epss 0.09

    Microsoft Edge in Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory…

  • CVE-2017-8638HigAug 8, 2017
    risk 0.49cvss 7.5epss 0.09

    Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption…

  • CVE-2017-6745HigAug 7, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the cache server within Cisco Videoscape Distribution Suite (VDS) for Television 3.2(5)ES1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted appliance. The vulnerability is due to excessive mapped…

  • CVE-2017-11592HigJul 24, 2017
    risk 0.49cvss 7.5epss 0.02

    There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via crafted input.