CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (10,979)
page 428 of 549| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-2270 | 0.00 | — | 0.04 | Mar 14, 2014 | softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. | |||
| CVE-2014-0467 | 0.00 | — | 0.05 | Mar 14, 2014 | Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. | |||
| CVE-2013-6474 | 0.00 | — | 0.03 | Mar 14, 2014 | Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file. | |||
| CVE-2013-6473 | 0.00 | — | 0.03 | Mar 14, 2014 | Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file. | |||
| CVE-2014-1294 | 0.00 | — | 0.02 | Mar 14, 2014 | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290,… | |||
| CVE-2014-1293 | 0.00 | — | 0.02 | Mar 14, 2014 | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290,… | |||
| CVE-2014-1292 | 0.00 | — | 0.02 | Mar 14, 2014 | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290,… | |||
| CVE-2014-1291 | 0.00 | — | 0.02 | Mar 14, 2014 | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290,… | |||
| CVE-2014-1290 | 0.00 | — | 0.02 | Mar 14, 2014 | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1291,… | |||
| CVE-2014-1289 | 0.00 | — | 0.02 | Mar 14, 2014 | WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1290, CVE-2014-1291,… | |||
| CVE-2014-1278 | 0.00 | — | 0.00 | Mar 14, 2014 | The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and device crash) via a crafted call. | |||
| CVE-2014-1275 | 0.00 | — | 0.03 | Mar 14, 2014 | Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document. | |||
| CVE-2014-0779 | 0.00 | — | 0.01 | Mar 14, 2014 | The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013… | |||
| CVE-2014-0505 | 0.00 | — | 0.05 | Mar 14, 2014 | Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2014-0004 | 0.00 | — | 0.00 | Mar 11, 2014 | Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point. | |||
| CVE-2014-2309 | 0.00 | — | 0.02 | Mar 11, 2014 | The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. | |||
| CVE-2014-2282 | 0.00 | — | 0.02 | Mar 11, 2014 | The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet. | |||
| CVE-2013-6665 | 0.00 | — | 0.01 | Mar 5, 2014 | Heap-based buffer overflow in the ResourceProvider::InitializeSoftware function in cc/resources/resource_provider.cc in Google Chrome before 33.0.1750.146 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large texture size that… | |||
| CVE-2013-3260 | 0.00 | — | 0.03 | Mar 3, 2014 | Heap-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 allows remote attackers to execute arbitrary code via a large biClrUsed value in a BMP file. | |||
| CVE-2013-3259 | 0.00 | — | 0.03 | Mar 3, 2014 | Stack-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 allows remote attackers to execute arbitrary code via a large biClrUsed value in a BMP file. |
- CVE-2014-2270Mar 14, 2014risk 0.00cvss —epss 0.04
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable.
- CVE-2014-0467Mar 14, 2014risk 0.00cvss —epss 0.05
Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion.
- CVE-2013-6474Mar 14, 2014risk 0.00cvss —epss 0.03
Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.
- CVE-2013-6473Mar 14, 2014risk 0.00cvss —epss 0.03
Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.
- CVE-2014-1294Mar 14, 2014risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290,…
- CVE-2014-1293Mar 14, 2014risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290,…
- CVE-2014-1292Mar 14, 2014risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290,…
- CVE-2014-1291Mar 14, 2014risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290,…
- CVE-2014-1290Mar 14, 2014risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1291,…
- CVE-2014-1289Mar 14, 2014risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1290, CVE-2014-1291,…
- CVE-2014-1278Mar 14, 2014risk 0.00cvss —epss 0.00
The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and device crash) via a crafted call.
- CVE-2014-1275Mar 14, 2014risk 0.00cvss —epss 0.03
Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
- CVE-2014-0779Mar 14, 2014risk 0.00cvss —epss 0.01
The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 component in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R2 build 71.4165, 2010 R2.1 build 71.4325, 2010 R3 build 72.4560, 2010 R3.1 build 72.4644, 2013 R1 build 73.4729, 2013 R1.1 build 73.4832, 2013…
- CVE-2014-0505Mar 14, 2014risk 0.00cvss —epss 0.05
Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
- CVE-2014-0004Mar 11, 2014risk 0.00cvss —epss 0.00
Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point.
- CVE-2014-2309Mar 11, 2014risk 0.00cvss —epss 0.02
The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.
- CVE-2014-2282Mar 11, 2014risk 0.00cvss —epss 0.02
The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet.
- CVE-2013-6665Mar 5, 2014risk 0.00cvss —epss 0.01
Heap-based buffer overflow in the ResourceProvider::InitializeSoftware function in cc/resources/resource_provider.cc in Google Chrome before 33.0.1750.146 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large texture size that…
- CVE-2013-3260Mar 3, 2014risk 0.00cvss —epss 0.03
Heap-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 allows remote attackers to execute arbitrary code via a large biClrUsed value in a BMP file.
- CVE-2013-3259Mar 3, 2014risk 0.00cvss —epss 0.03
Stack-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 allows remote attackers to execute arbitrary code via a large biClrUsed value in a BMP file.