CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (10,979)
page 409 of 549| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9328 | 0.00 | — | 0.03 | Feb 3, 2015 | ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition." | |||
| CVE-2015-1449 | 0.00 | — | 0.04 | Feb 2, 2015 | Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32… | |||
| CVE-2014-9200 | 0.00 | — | 0.06 | Feb 1, 2015 | Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library… | |||
| CVE-2014-9161 | 0.00 | — | 0.04 | Jan 30, 2015 | CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows, and 10.x through 10.1.13 and 11.x through 11.0.10 on OS X, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a… | |||
| CVE-2014-8830 | 0.00 | — | 0.04 | Jan 30, 2015 | Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file. | |||
| CVE-2014-8829 | 0.00 | — | 0.02 | Jan 30, 2015 | SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app. | |||
| CVE-2014-4487 | 0.00 | — | 0.04 | Jan 30, 2015 | Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||
| CVE-2014-4485 | 0.00 | — | 0.04 | Jan 30, 2015 | Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document. | |||
| CVE-2014-4483 | 0.00 | — | 0.04 | Jan 30, 2015 | Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document. | |||
| CVE-2014-4479 | 0.00 | — | 0.03 | Jan 30, 2015 | WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web… | |||
| CVE-2014-4477 | 0.00 | — | 0.03 | Jan 30, 2015 | WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web… | |||
| CVE-2014-4476 | 0.00 | — | 0.03 | Jan 30, 2015 | WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web… | |||
| CVE-2014-8920 | 0.00 | — | 0.00 | Jan 28, 2015 | Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified vectors. | |||
| CVE-2014-8154 | 0.00 | — | 0.03 | Jan 27, 2015 | The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a… | |||
| CVE-2014-5211 | 0.00 | — | 0.03 | Jan 27, 2015 | Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response. | |||
| CVE-2015-1360 | 0.00 | — | 0.01 | Jan 27, 2015 | Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and… | |||
| CVE-2014-9640 | 0.00 | — | 0.03 | Jan 23, 2015 | oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file. | |||
| CVE-2014-7947 | 0.00 | — | 0.02 | Jan 22, 2015 | OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c. | |||
| CVE-2014-7946 | 0.00 | — | 0.02 | Jan 22, 2015 | The RenderTable::simplifiedNormalFlowLayout function in core/rendering/RenderTable.cpp in Blink, as used in Google Chrome before 40.0.2214.91, skips captions during table layout in certain situations, which allows remote attackers to cause a denial of service (out-of-bounds… | |||
| CVE-2014-7945 | 0.00 | — | 0.02 | Jan 22, 2015 | OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c. |
- CVE-2014-9328Feb 3, 2015risk 0.00cvss —epss 0.03
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."
- CVE-2015-1449Feb 2, 2015risk 0.00cvss —epss 0.04
Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32…
- CVE-2014-9200Feb 1, 2015risk 0.00cvss —epss 0.06
Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library…
- CVE-2014-9161Jan 30, 2015risk 0.00cvss —epss 0.04
CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows, and 10.x through 10.1.13 and 11.x through 11.0.10 on OS X, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a…
- CVE-2014-8830Jan 30, 2015risk 0.00cvss —epss 0.04
Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted accessor element in a Collada file.
- CVE-2014-8829Jan 30, 2015risk 0.00cvss —epss 0.02
SceneKit in Apple OS X before 10.10.2 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.
- CVE-2014-4487Jan 30, 2015risk 0.00cvss —epss 0.04
Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.
- CVE-2014-4485Jan 30, 2015risk 0.00cvss —epss 0.04
Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
- CVE-2014-4483Jan 30, 2015risk 0.00cvss —epss 0.04
Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.
- CVE-2014-4479Jan 30, 2015risk 0.00cvss —epss 0.03
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web…
- CVE-2014-4477Jan 30, 2015risk 0.00cvss —epss 0.03
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web…
- CVE-2014-4476Jan 30, 2015risk 0.00cvss —epss 0.03
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web…
- CVE-2014-8920Jan 28, 2015risk 0.00cvss —epss 0.00
Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified vectors.
- CVE-2014-8154Jan 27, 2015risk 0.00cvss —epss 0.03
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a…
- CVE-2014-5211Jan 27, 2015risk 0.00cvss —epss 0.03
Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response.
- CVE-2015-1360Jan 27, 2015risk 0.00cvss —epss 0.01
Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and…
- CVE-2014-9640Jan 23, 2015risk 0.00cvss —epss 0.03
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.
- CVE-2014-7947Jan 22, 2015risk 0.00cvss —epss 0.02
OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c.
- CVE-2014-7946Jan 22, 2015risk 0.00cvss —epss 0.02
The RenderTable::simplifiedNormalFlowLayout function in core/rendering/RenderTable.cpp in Blink, as used in Google Chrome before 40.0.2214.91, skips captions during table layout in certain situations, which allows remote attackers to cause a denial of service (out-of-bounds…
- CVE-2014-7945Jan 22, 2015risk 0.00cvss —epss 0.02
OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c.