CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (10,979)
page 21 of 549| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14883 | Cri | 0.64 | 9.8 | 0.01 | Mar 30, 2018 | In the function wma_unified_power_debug_stats_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value param_buf->num_debug_register received from the FW command buffer is close to max of uint32, then the computation performed using… | ||
| CVE-2017-14912 | Cri | 0.64 | 9.8 | 0.02 | Mar 30, 2018 | In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile [VERSION]: MDM9206, MDM9607, MDM9650, MSM8909W, SD 200, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 835, the attributes of buffers in… | ||
| CVE-2018-9139 | Cri | 0.64 | 9.8 | 0.02 | Mar 30, 2018 | On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165. | ||
| CVE-2018-0175 | Hig | 0.64 | 8.0 | 0.04 | KEV | Mar 28, 2018 | Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with… | |
| CVE-2018-0541 | Cri | 0.64 | 9.8 | 0.03 | Mar 22, 2018 | Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to cause a denial-of-service (DoS) condition or execute arbitrary code via unspecified vectors. | ||
| CVE-2017-18067 | Cri | 0.64 | 9.8 | 0.03 | Mar 15, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation while processing an encrypted authentication management frame in lim_send_auth_mgmt_frame() leads to buffer overflow. | ||
| CVE-2017-17773 | Cri | 0.64 | 9.8 | 0.01 | Mar 15, 2018 | In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD 430,SD 450,SD 600,SD 602A,SD 615/16/SD 415,SD 617,SD 625,SD 650/52,SD 800,SD 808,SD 810,SD 820,SD 820Am,SD 835,SD 845,MSM8909W, improper… | ||
| CVE-2017-15815 | Cri | 0.64 | 9.8 | 0.01 | Mar 15, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a potential buffer overflow can happen when processing any 802.11 MGMT frames like Auth frame in limProcessAuthFrame. | ||
| CVE-2016-10393 | Cri | 0.64 | 9.8 | 0.01 | Mar 15, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a clip with large size values, integer arithmetic overflows, and allocated buffer size will be less than intended buffer size. The following buffer… | ||
| CVE-2018-6297 | Cri | 0.64 | 9.8 | 0.01 | Mar 13, 2018 | Buffer overflow in Hanwha Techwin Smartcams | ||
| CVE-2016-5179 | Cri | 0.64 | 9.8 | 0.02 | Mar 7, 2018 | Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot. | ||
| CVE-2018-7552 | Cri | 0.64 | 9.8 | 0.02 | Feb 28, 2018 | There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. | ||
| CVE-2017-18206 | Cri | 0.64 | 9.8 | 0.03 | Feb 27, 2018 | In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. | ||
| CVE-2014-10072 | Cri | 0.64 | 9.8 | 0.03 | Feb 27, 2018 | In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links. | ||
| CVE-2014-10071 | Cri | 0.64 | 9.8 | 0.03 | Feb 27, 2018 | In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax. | ||
| CVE-2018-7409 | Cri | 0.64 | 9.8 | 0.03 | Feb 22, 2018 | In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c. | ||
| CVE-2018-5473 | Cri | 0.64 | 9.8 | 0.06 | Feb 19, 2018 | An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote… | ||
| CVE-2016-8512 | Cri | 0.64 | 9.8 | 0.06 | Feb 15, 2018 | A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found. | ||
| CVE-2018-7039 | Cri | 0.64 | 9.8 | 0.01 | Feb 14, 2018 | CCN-lite 2.0.0 Beta allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because the ccnl_ndntlv_prependBlob function in ccnl-pkt-ndntlv.c can be called with wrong arguments. Specifically, there is an incorrect integer… | ||
| CVE-2018-6953 | Cri | 0.64 | 9.8 | 0.02 | Feb 13, 2018 | In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain component's length field matches the actual component length, which has a resultant buffer overflow and out-of-bounds memory accesses. |
- risk 0.64cvss 9.8epss 0.01
In the function wma_unified_power_debug_stats_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value param_buf->num_debug_register received from the FW command buffer is close to max of uint32, then the computation performed using…
- risk 0.64cvss 9.8epss 0.02
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile [VERSION]: MDM9206, MDM9607, MDM9650, MSM8909W, SD 200, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 835, the attributes of buffers in…
- risk 0.64cvss 9.8epss 0.02
On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165.
- risk 0.64cvss 8.0epss 0.04
Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with…
- risk 0.64cvss 9.8epss 0.03
Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to cause a denial-of-service (DoS) condition or execute arbitrary code via unspecified vectors.
- risk 0.64cvss 9.8epss 0.03
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation while processing an encrypted authentication management frame in lim_send_auth_mgmt_frame() leads to buffer overflow.
- risk 0.64cvss 9.8epss 0.01
In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD 430,SD 450,SD 600,SD 602A,SD 615/16/SD 415,SD 617,SD 625,SD 650/52,SD 800,SD 808,SD 810,SD 820,SD 820Am,SD 835,SD 845,MSM8909W, improper…
- risk 0.64cvss 9.8epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a potential buffer overflow can happen when processing any 802.11 MGMT frames like Auth frame in limProcessAuthFrame.
- risk 0.64cvss 9.8epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a clip with large size values, integer arithmetic overflows, and allocated buffer size will be less than intended buffer size. The following buffer…
- risk 0.64cvss 9.8epss 0.01
Buffer overflow in Hanwha Techwin Smartcams
- risk 0.64cvss 9.8epss 0.02
Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot.
- risk 0.64cvss 9.8epss 0.02
There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
- risk 0.64cvss 9.8epss 0.03
In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.
- risk 0.64cvss 9.8epss 0.03
In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.
- risk 0.64cvss 9.8epss 0.03
In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax.
- risk 0.64cvss 9.8epss 0.03
In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c.
- risk 0.64cvss 9.8epss 0.06
An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote…
- risk 0.64cvss 9.8epss 0.06
A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found.
- risk 0.64cvss 9.8epss 0.01
CCN-lite 2.0.0 Beta allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because the ccnl_ndntlv_prependBlob function in ccnl-pkt-ndntlv.c can be called with wrong arguments. Specifically, there is an incorrect integer…
- risk 0.64cvss 9.8epss 0.02
In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain component's length field matches the actual component length, which has a resultant buffer overflow and out-of-bounds memory accesses.