VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 4 of 549
  • CVE-2017-3076CriJun 20, 2017
    risk 0.69cvss 9.8epss 0.25

    Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the MPEG-4 AVC module. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-4901CriJun 8, 2017
    risk 0.69cvss 9.9epss 0.20

    The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion.

  • CVE-2017-8798CriMay 11, 2017
    risk 0.69cvss 9.8epss 0.24

    Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.

  • CVE-2017-3061CriApr 12, 2017
    risk 0.69cvss 9.8epss 0.25

    Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-6187CriFeb 22, 2017
    risk 0.69cvss 9.8epss 0.33

    Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request.

  • CVE-2016-9150CriNov 19, 2016
    risk 0.69cvss 9.8epss 0.35

    Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2016-4203CriJul 13, 2016
    risk 0.69cvss 9.8epss 0.27

    Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via…

  • CVE-2016-5108CriJun 8, 2016
    risk 0.69cvss 9.8epss 0.25

    Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.

  • CVE-2016-2851CriApr 7, 2016
    risk 0.69cvss 9.8epss 0.25

    Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.

  • CVE-2016-2563CriApr 7, 2016
    risk 0.69cvss 9.8epss 0.34

    Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download…

  • CVE-2013-3660HigKEVMay 24, 2013
    risk 0.69cvss 7.8epss 0.40

    The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a…

  • CVE-2018-12706CriJun 24, 2018
    risk 0.68cvss 9.8epss 0.10

    DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header.

  • CVE-2018-6481CriFeb 27, 2018
    risk 0.68cvss 9.8epss 0.20

    A buffer overflow vulnerability in the control protocol of Disk Savvy Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9124.

  • CVE-2018-5701CriJan 31, 2018
    risk 0.68cvss 9.8epss 0.18

    In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerability due to not validating input values from IOCtl 0x00226003.

  • CVE-2017-18047CriJan 22, 2018
    risk 0.68cvss 9.8epss 0.20

    Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply.

  • CVE-2017-17849CriDec 27, 2017
    risk 0.68cvss 9.8epss 0.19

    A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response.

  • CVE-2017-3195CriDec 16, 2017
    risk 0.68cvss 9.8epss 0.21

    Commvault Edge Communication Service (cvd) prior to version 11 SP7 or version 11 SP6 with hotfix 590 is prone to a stack-based buffer overflow vulnerability that could lead to arbitrary code execution with administrative privileges.

  • CVE-2017-14980CriOct 10, 2017
    risk 0.68cvss 9.8epss 0.22

    Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attackers to have unspecified impact via a long username parameter to /login.

  • CVE-2017-13708CriAug 31, 2017
    risk 0.68cvss 9.8epss 0.12

    Buffer overflow in the web server service in VX Search Enterprise 10.0.14 allows remote attackers to execute arbitrary code via a crafted GET request.

  • CVE-2017-12785CriAug 22, 2017
    risk 0.68cvss 9.8epss 0.16

    The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root)…