CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (10,979)
page 305 of 549| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-2439 | 0.03 | — | 0.06 | Jun 24, 2010 | Stack-based buffer overflow in MoreAmp allows remote attackers to execute arbitrary code via a long line in a song list (.maf file). | |||
| CVE-2010-2348 | 0.03 | — | 0.06 | Jun 21, 2010 | Stack-based buffer overflow in Batch Audio Converter Lite Edition 1.0.0.0 and earlier allows remote attackers to execute arbitrary code via a long line in a .WAV file. | |||
| CVE-2010-2331 | 0.03 | — | 0.06 | Jun 18, 2010 | Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to execute arbitrary code via a long HEAD request. | |||
| CVE-2010-2311 | 0.03 | — | 0.06 | Jun 16, 2010 | Stack-based buffer overflow in Power Tab Editor 1.7 build 80 allows user-assisted remote attackers to execute arbitrary code via a .ptb file with a long font name. | |||
| CVE-2010-2159 | 0.03 | — | 0.03 | Jun 8, 2010 | Dameng DM Database Server allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors related to the SP_DEL_BAK_EXPIRED procedure in wdm_dll.dll, which triggers memory corruption. | |||
| CVE-2010-2031 | 0.03 | — | 0.01 | May 24, 2010 | KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield 3.5.1.2 and earlier, allows local users to overwrite arbitrary kernel memory via a crafted request to IOCTL 0x830020d4 on the KAVSafe device. | |||
| CVE-2009-4867 | 0.03 | — | 0.04 | May 11, 2010 | Buffer overflow in Tuniac 090517c allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long URL in a .m3u playlist file. | |||
| CVE-2009-4863 | 0.03 | — | 0.06 | May 11, 2010 | Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows remote attackers to execute arbitrary code via a long string in a .usk file. | |||
| CVE-2010-1686 | 0.03 | — | 0.05 | May 5, 2010 | Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC Backup Pro 5.20 and ABC Backup 5.50, allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP archive. | |||
| CVE-2010-1687 | 0.03 | — | 0.05 | May 4, 2010 | Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted "recieve jobs" request. NOTE: some of these details are obtained from third party information. | |||
| CVE-2010-1685 | 0.03 | — | 0.05 | May 4, 2010 | Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows user-assisted remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename. | |||
| CVE-2010-1458 | 0.03 | — | 0.05 | Apr 20, 2010 | Stack-based buffer overflow in Create and Extract Zips TweakFS Zip Utility 1.0 for Flight Simulator X (FSX) allows remote attackers to execute arbitrary code via a long filename in a ZIP archive. | |||
| CVE-2009-4761 | 0.03 | — | 0.06 | Mar 29, 2010 | Stack-based buffer overflow in Mini-stream RM Downloader allows remote attackers to execute arbitrary code via a long string in a .smi file. | |||
| CVE-2009-4759 | 0.03 | — | 0.05 | Mar 29, 2010 | Buffer overflow in BrotherSoft BMXPlay 0.4.4b allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .BMX file. | |||
| CVE-2009-4758 | 0.03 | — | 0.06 | Mar 29, 2010 | Stack-based buffer overflow in dicas Mpegable Player 2.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .YUV file. | |||
| CVE-2009-4757 | 0.03 | — | 0.05 | Mar 29, 2010 | Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: some of these details are obtained from third… | |||
| CVE-2009-4754 | 0.03 | — | 0.06 | Mar 29, 2010 | Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file. | |||
| CVE-2009-4753 | 0.03 | — | 0.03 | Mar 29, 2010 | Multiple buffer overflows in the FTP server on the Addonics NAS Adapter NASU2FW41 with loader 1.17 allow remote attackers to cause a denial of service (TCP/IP outage) via long arguments to the (1) XRMD, (2) delete, (3) RNFR, or (4) RNTO command. | |||
| CVE-2010-0619 | 0.03 | — | 0.05 | Mar 24, 2010 | Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser printers and multi-function printers allows remote attackers to execute arbitrary code or cause a denial of service (device hang)… | |||
| CVE-2009-4676 | 0.03 | — | 0.04 | Mar 5, 2010 | Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long title in a FLAC file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… |
- CVE-2010-2439Jun 24, 2010risk 0.03cvss —epss 0.06
Stack-based buffer overflow in MoreAmp allows remote attackers to execute arbitrary code via a long line in a song list (.maf file).
- CVE-2010-2348Jun 21, 2010risk 0.03cvss —epss 0.06
Stack-based buffer overflow in Batch Audio Converter Lite Edition 1.0.0.0 and earlier allows remote attackers to execute arbitrary code via a long line in a .WAV file.
- CVE-2010-2331Jun 18, 2010risk 0.03cvss —epss 0.06
Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to execute arbitrary code via a long HEAD request.
- CVE-2010-2311Jun 16, 2010risk 0.03cvss —epss 0.06
Stack-based buffer overflow in Power Tab Editor 1.7 build 80 allows user-assisted remote attackers to execute arbitrary code via a .ptb file with a long font name.
- CVE-2010-2159Jun 8, 2010risk 0.03cvss —epss 0.03
Dameng DM Database Server allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors related to the SP_DEL_BAK_EXPIRED procedure in wdm_dll.dll, which triggers memory corruption.
- CVE-2010-2031May 24, 2010risk 0.03cvss —epss 0.01
KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield 3.5.1.2 and earlier, allows local users to overwrite arbitrary kernel memory via a crafted request to IOCTL 0x830020d4 on the KAVSafe device.
- CVE-2009-4867May 11, 2010risk 0.03cvss —epss 0.04
Buffer overflow in Tuniac 090517c allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long URL in a .m3u playlist file.
- CVE-2009-4863May 11, 2010risk 0.03cvss —epss 0.06
Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows remote attackers to execute arbitrary code via a long string in a .usk file.
- CVE-2010-1686May 5, 2010risk 0.03cvss —epss 0.05
Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC Backup Pro 5.20 and ABC Backup 5.50, allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP archive.
- CVE-2010-1687May 4, 2010risk 0.03cvss —epss 0.05
Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted "recieve jobs" request. NOTE: some of these details are obtained from third party information.
- CVE-2010-1685May 4, 2010risk 0.03cvss —epss 0.05
Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows user-assisted remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename.
- CVE-2010-1458Apr 20, 2010risk 0.03cvss —epss 0.05
Stack-based buffer overflow in Create and Extract Zips TweakFS Zip Utility 1.0 for Flight Simulator X (FSX) allows remote attackers to execute arbitrary code via a long filename in a ZIP archive.
- CVE-2009-4761Mar 29, 2010risk 0.03cvss —epss 0.06
Stack-based buffer overflow in Mini-stream RM Downloader allows remote attackers to execute arbitrary code via a long string in a .smi file.
- CVE-2009-4759Mar 29, 2010risk 0.03cvss —epss 0.05
Buffer overflow in BrotherSoft BMXPlay 0.4.4b allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .BMX file.
- CVE-2009-4758Mar 29, 2010risk 0.03cvss —epss 0.06
Stack-based buffer overflow in dicas Mpegable Player 2.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .YUV file.
- CVE-2009-4757Mar 29, 2010risk 0.03cvss —epss 0.05
Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: some of these details are obtained from third…
- CVE-2009-4754Mar 29, 2010risk 0.03cvss —epss 0.06
Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.
- CVE-2009-4753Mar 29, 2010risk 0.03cvss —epss 0.03
Multiple buffer overflows in the FTP server on the Addonics NAS Adapter NASU2FW41 with loader 1.17 allow remote attackers to cause a denial of service (TCP/IP outage) via long arguments to the (1) XRMD, (2) delete, (3) RNFR, or (4) RNTO command.
- CVE-2010-0619Mar 24, 2010risk 0.03cvss —epss 0.05
Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser printers and multi-function printers allows remote attackers to execute arbitrary code or cause a denial of service (device hang)…
- CVE-2009-4676Mar 5, 2010risk 0.03cvss —epss 0.04
Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long title in a FLAC file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…