CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (10,979)
page 200 of 549| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-7522 | Med | 0.44 | 6.7 | 0.00 | May 4, 2018 | In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states. | ||
| CVE-2018-6242 | Med | 0.44 | 6.8 | 0.03 | May 1, 2018 | Some NVIDIA Tegra mobile processors released prior to 2016 contain a buffer overflow vulnerability in BootROM Recovery Mode (RCM). An attacker with physical access to the device's USB and the ability to force the device to reboot into RCM could exploit the vulnerability to… | ||
| CVE-2017-16534 | Med | 0.44 | 6.8 | 0.00 | Nov 4, 2017 | The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. | ||
| CVE-2017-12732 | Med | 0.44 | 6.8 | 0.01 | Oct 5, 2017 | A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution. | ||
| CVE-2017-10814 | Med | 0.44 | 6.8 | 0.01 | Sep 15, 2017 | Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors. | ||
| CVE-2014-1235 | Hig | 0.44 | 7.8 | 0.03 | Aug 7, 2017 | Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978. | ||
| CVE-2017-2282 | Med | 0.44 | 6.8 | 0.01 | Aug 2, 2017 | Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. | ||
| CVE-2017-0706 | Med | 0.44 | 6.8 | 0.00 | Jul 6, 2017 | A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-35195787. References: B-RB#120532. | ||
| CVE-2017-0236 | Hig | 0.44 | 7.5 | 0.32 | May 12, 2017 | A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229,… | ||
| CVE-2007-6761 | Hig | 0.44 | 7.8 | 0.00 | Apr 24, 2017 | drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobuf_mapping data structures, which allows local users to trigger an incorrect count value and videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321. | ||
| CVE-2017-6975 | Med | 0.44 | 6.8 | 0.01 | Apr 5, 2017 | Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from CVE-2017-6956 exploitation without patching Broadcom firmware functions, there… | ||
| CVE-2016-8775 | Med | 0.44 | 6.7 | 0.00 | Apr 2, 2017 | Touch Panel (TP) driver in Huawei NEM phones with software Versions before NEM-AL10C00B130, Versions before NEM-UL10C17B160, Versions before NEM-UL10C00B160, Versions before NEM-TL00C01B160 allows attackers to get root privilege or crash the system or execute arbitrary code,… | ||
| CVE-2016-8774 | Med | 0.44 | 6.7 | 0.00 | Apr 2, 2017 | The HIFI driver in Huawei Mate 8 phones with software versions before NXT-AL10C00B386, versions before NXT-CL00C92B386, versions before NXT-DL00C17B386, versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368,… | ||
| CVE-2015-8026 | Hig | 0.44 | 7.8 | 0.04 | Mar 27, 2017 | Heap-based buffer overflow in the verify_vbr_checksum function in exfatfsck in exfat-utils before 1.2.1 allows remote attackers to cause a denial of service (infinite loop) or possibly execute arbitrary code via a crafted filesystem. | ||
| CVE-2016-10272 | Hig | 0.44 | 7.8 | 0.02 | Mar 24, 2017 | LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9. | ||
| CVE-2016-10271 | Hig | 0.44 | 7.8 | 0.02 | Mar 24, 2017 | tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13. | ||
| CVE-2016-10059 | Hig | 0.44 | 7.8 | 0.02 | Mar 23, 2017 | Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file. | ||
| CVE-2016-10057 | Hig | 0.44 | 7.8 | 0.02 | Mar 23, 2017 | Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | ||
| CVE-2016-10056 | Hig | 0.44 | 7.8 | 0.02 | Mar 23, 2017 | Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | ||
| CVE-2016-10055 | Hig | 0.44 | 7.8 | 0.02 | Mar 23, 2017 | Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. |
- risk 0.44cvss 6.7epss 0.00
In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states.
- risk 0.44cvss 6.8epss 0.03
Some NVIDIA Tegra mobile processors released prior to 2016 contain a buffer overflow vulnerability in BootROM Recovery Mode (RCM). An attacker with physical access to the device's USB and the ability to force the device to reboot into RCM could exploit the vulnerability to…
- risk 0.44cvss 6.8epss 0.00
The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
- risk 0.44cvss 6.8epss 0.01
A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution.
- risk 0.44cvss 6.8epss 0.01
Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors.
- risk 0.44cvss 7.8epss 0.03
Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978.
- risk 0.44cvss 6.8epss 0.01
Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.
- risk 0.44cvss 6.8epss 0.00
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-35195787. References: B-RB#120532.
- risk 0.44cvss 7.5epss 0.32
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229,…
- risk 0.44cvss 7.8epss 0.00
drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobuf_mapping data structures, which allows local users to trigger an incorrect count value and videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321.
- risk 0.44cvss 6.8epss 0.01
Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from CVE-2017-6956 exploitation without patching Broadcom firmware functions, there…
- risk 0.44cvss 6.7epss 0.00
Touch Panel (TP) driver in Huawei NEM phones with software Versions before NEM-AL10C00B130, Versions before NEM-UL10C17B160, Versions before NEM-UL10C00B160, Versions before NEM-TL00C01B160 allows attackers to get root privilege or crash the system or execute arbitrary code,…
- risk 0.44cvss 6.7epss 0.00
The HIFI driver in Huawei Mate 8 phones with software versions before NXT-AL10C00B386, versions before NXT-CL00C92B386, versions before NXT-DL00C17B386, versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92B368,…
- risk 0.44cvss 7.8epss 0.04
Heap-based buffer overflow in the verify_vbr_checksum function in exfatfsck in exfat-utils before 1.2.1 allows remote attackers to cause a denial of service (infinite loop) or possibly execute arbitrary code via a crafted filesystem.
- risk 0.44cvss 7.8epss 0.02
LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "WRITE of size 2048" and libtiff/tif_next.c:64:9.
- risk 0.44cvss 7.8epss 0.02
tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 1" and libtiff/tif_fax3.c:413:13.
- risk 0.44cvss 7.8epss 0.02
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows remote attackers to cause a denial of service (application crash) or have unspecified other impact via a crafted TIFF file.
- risk 0.44cvss 7.8epss 0.02
Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
- risk 0.44cvss 7.8epss 0.02
Buffer overflow in the sixel_decode function in coders/sixel.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
- risk 0.44cvss 7.8epss 0.02
Buffer overflow in the WritePDBImage function in coders/pdb.c in ImageMagick before 6.9.5-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.