VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (12,280)

page 275 of 614
  • CVE-2020-12365MedFeb 17, 2021
    risk 0.36cvss 5.5epss 0.00

    Untrusted pointer dereference in some Intel(R) Graphics Drivers before versions 15.33.51.5146, 15.45.32.5145, 15.36.39.5144 and 15.40.46.5143 may allow an authenticated user to potentially denial of service via local access.

  • CVE-2020-12370MedFeb 17, 2021
    risk 0.36cvss 5.5epss 0.00

    Untrusted pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access.

  • CVE-2020-13524MedDec 3, 2020
    risk 0.36cvss 5.5epss 0.01

    An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this…

  • CVE-2020-13497MedDec 2, 2020
    risk 0.36cvss 5.5epss 0.01

    An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in String Type Index. This vulnerability could be used to bypass mitigations and aid…

  • CVE-2020-14392MedSep 16, 2020
    risk 0.36cvss 5.5epss 0.01

    An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.

  • CVE-2020-1574MedAug 17, 2020
    risk 0.36cvss 5.5epss 0.03

    A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a…

  • CVE-2020-8230MedAug 17, 2020
    risk 0.36cvss 5.5epss 0.00

    A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory.

  • CVE-2020-15584MedJul 7, 2020
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can trigger an out-of-bounds access and device reset via a 4K wallpaper image because ImageProcessHelper mishandles boundary checks. The Samsung ID is SVE-2020-18056 (July 2020).

  • CVE-2020-15582MedJul 7, 2020
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 7885 chipsets) software. The Bluetooth Low Energy (BLE) component has a buffer overflow with a resultant deadlock or crash. The Samsung ID is SVE-2020-16870 (July 2020).

  • CVE-2020-9598MedJun 25, 2020
    risk 0.36cvss 5.5epss 0.03

    Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an invalid memory access vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2020-9595MedJun 25, 2020
    risk 0.36cvss 5.5epss 0.03

    Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an invalid memory access vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2020-9593MedJun 25, 2020
    risk 0.36cvss 5.5epss 0.03

    Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an invalid memory access vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2019-10626MedJun 22, 2020
    risk 0.36cvss 5.5epss 0.00

    Payload size is not validated before reading memory that may cause issue of accessing invalid pointer or some garbage data in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music,…

  • CVE-2020-3344MedMay 22, 2020
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An…

  • CVE-2020-3343MedMay 22, 2020
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An…

  • CVE-2020-12038MedMay 19, 2020
    risk 0.36cvss 5.5epss 0.03

    Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer…

  • CVE-2020-6867MedApr 30, 2020
    risk 0.36cvss 5.5epss 0.00

    ZTE's SDON controller is impacted by the resource management error vulnerability. When RPC is frequently called by other applications in the case of mass traffic data in the system, it will result in no response for a long time and memory overflow risk. This affects: ZENIC ONE…

  • CVE-2016-11035MedApr 7, 2020
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered on Samsung mobile devices with software through 2016-05-27 (Exynos AP chipsets). A local graphics user can cause a Kernel Crash via the fb0(DECON) frame buffer interface. The Samsung ID is SVE-2016-7011 (October 2016).

  • CVE-2020-0020MedFeb 13, 2020
    risk 0.36cvss 5.5epss 0.00

    In getAttributeRange of ExifInterface.java, there is a possible failure to redact location information from media files due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for…

  • CVE-2019-20053MedDec 27, 2019
    risk 0.36cvss 5.5epss 0.01

    An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.