CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (10,979)
page 251 of 549| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-3838 | 0.09 | — | 0.73 | Jul 27, 2006 | Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and… | |||
| CVE-2006-2407 | 0.09 | — | 0.71 | May 16, 2006 | Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string. | |||
| CVE-2006-1148 | 0.09 | — | 0.72 | Mar 10, 2006 | Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which triggers the overflow in the… | |||
| CVE-2004-1211 | 0.09 | — | 0.72 | Jan 10, 2005 | Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS, (4) APPEND, (5) CHECK, (6)… | |||
| CVE-2004-2466 | 0.09 | — | 0.75 | Dec 31, 2004 | chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow. NOTE: it was later reported that 2.2 is also affected. | |||
| CVE-1999-0874 | 0.09 | — | 0.78 | Jun 16, 1999 | Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions. | |||
| CVE-2015-7768 | 0.08 | — | 0.63 | Oct 9, 2015 | Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code via a long CWD command. | |||
| CVE-2015-7243 | 0.08 | — | 0.58 | Sep 18, 2015 | Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted WAV file. | |||
| CVE-2015-1171 | 0.08 | — | 0.63 | Aug 28, 2015 | Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file. | |||
| CVE-2015-3088 | 0.08 | — | 0.62 | May 13, 2015 | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows… | |||
| CVE-2015-0014 | 0.08 | — | 0.97 | Jan 13, 2015 | Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets,… | |||
| CVE-2014-1635 | 0.08 | — | 0.67 | Nov 12, 2014 | Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter. | |||
| CVE-2013-7409 | 0.08 | — | 0.68 | Oct 30, 2014 | Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file. | |||
| CVE-2014-7187 | 0.08 | — | 0.58 | Sep 28, 2014 | Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the… | |||
| CVE-2014-7186 | 0.08 | — | 0.64 | Sep 28, 2014 | The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack"… | |||
| CVE-2014-2364 | 0.08 | — | 0.61 | Jul 19, 2014 | Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9)… | |||
| CVE-2014-3888 | 0.08 | — | 0.62 | Jul 10, 2014 | Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled,… | |||
| CVE-2014-1773 | 0.08 | — | 0.63 | Jun 11, 2014 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1783,… | |||
| CVE-2014-3913 | 0.08 | — | 0.61 | Jun 4, 2014 | Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file. | |||
| CVE-2014-0782 | 0.08 | — | 0.57 | May 16, 2014 | Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS… |
- CVE-2006-3838Jul 27, 2006risk 0.09cvss —epss 0.73
Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and…
- CVE-2006-2407May 16, 2006risk 0.09cvss —epss 0.71
Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string.
- CVE-2006-1148Mar 10, 2006risk 0.09cvss —epss 0.72
Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which triggers the overflow in the…
- CVE-2004-1211Jan 10, 2005risk 0.09cvss —epss 0.72
Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS, (4) APPEND, (5) CHECK, (6)…
- CVE-2004-2466Dec 31, 2004risk 0.09cvss —epss 0.75
chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow. NOTE: it was later reported that 2.2 is also affected.
- CVE-1999-0874Jun 16, 1999risk 0.09cvss —epss 0.78
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
- CVE-2015-7768Oct 9, 2015risk 0.08cvss —epss 0.63
Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code via a long CWD command.
- CVE-2015-7243Sep 18, 2015risk 0.08cvss —epss 0.58
Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted WAV file.
- CVE-2015-1171Aug 28, 2015risk 0.08cvss —epss 0.63
Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.
- CVE-2015-3088May 13, 2015risk 0.08cvss —epss 0.62
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows…
- CVE-2015-0014Jan 13, 2015risk 0.08cvss —epss 0.97
Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets,…
- CVE-2014-1635Nov 12, 2014risk 0.08cvss —epss 0.67
Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter.
- CVE-2013-7409Oct 30, 2014risk 0.08cvss —epss 0.68
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.
- CVE-2014-7187Sep 28, 2014risk 0.08cvss —epss 0.58
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the…
- CVE-2014-7186Sep 28, 2014risk 0.08cvss —epss 0.64
The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack"…
- CVE-2014-2364Jul 19, 2014risk 0.08cvss —epss 0.61
Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9)…
- CVE-2014-3888Jul 10, 2014risk 0.08cvss —epss 0.62
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled,…
- CVE-2014-1773Jun 11, 2014risk 0.08cvss —epss 0.63
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1783,…
- CVE-2014-3913Jun 4, 2014risk 0.08cvss —epss 0.61
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.
- CVE-2014-0782May 16, 2014risk 0.08cvss —epss 0.57
Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS…