CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (9,868)
page 445 of 494| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2011-0205 | 0.00 | — | 0.06 | Jun 24, 2011 | Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image. | ||
| CVE-2011-0204 | 0.00 | — | 0.04 | Jun 24, 2011 | Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image. | ||
| CVE-2011-2530 | 0.00 | — | 0.01 | Jun 22, 2011 | Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware Installation Tool 1.0.5.1 and earlier in Rockwell Automation RSLinx Classic before 2.58 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed .eds file. | ||
| CVE-2011-2119 | 0.00 | — | 0.04 | Jun 16, 2011 | Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, and CVE-2011-2122. | ||
| CVE-2011-2117 | 0.00 | — | 0.04 | Jun 16, 2011 | Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2114, CVE-2011-2124, CVE-2011-2127, and CVE-2011-2128. | ||
| CVE-2011-2114 | 0.00 | — | 0.04 | Jun 16, 2011 | Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2117, CVE-2011-2124, CVE-2011-2127, and CVE-2011-2128. | ||
| CVE-2011-2113 | 0.00 | — | 0.06 | Jun 16, 2011 | Multiple buffer overflows in the Shockwave3DAsset component in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2011-2104 | 0.00 | — | 0.02 | Jun 16, 2011 | Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors. | ||
| CVE-2011-0335 | 0.00 | — | 0.04 | Jun 16, 2011 | Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-2119, and CVE-2011-2122. | ||
| CVE-2011-0320 | 0.00 | — | 0.02 | Jun 16, 2011 | Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122. | ||
| CVE-2011-0319 | 0.00 | — | 0.02 | Jun 16, 2011 | Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122. | ||
| CVE-2011-0318 | 0.00 | — | 0.02 | Jun 16, 2011 | Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122. | ||
| CVE-2011-0317 | 0.00 | — | 0.02 | Jun 16, 2011 | Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122. | ||
| CVE-2011-1924 | 0.00 | — | 0.02 | Jun 14, 2011 | Buffer overflow in the policy_summarize function in or/policies.c in Tor before 0.2.1.30 allows remote attackers to cause a denial of service (directory authority crash) via a crafted policy that triggers creation of a long port list. | ||
| CVE-2011-1817 | 0.00 | — | 0.01 | Jun 9, 2011 | Google Chrome before 12.0.742.91 does not properly implement history deletion, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||
| CVE-2011-1959 | 0.00 | — | 0.02 | Jun 6, 2011 | The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read. | ||
| CVE-2011-1806 | 0.00 | — | 0.05 | May 26, 2011 | Google Chrome before 11.0.696.71 does not properly implement the GPU command buffer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||
| CVE-2011-0722 | 0.00 | — | 0.01 | May 20, 2011 | FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file. | ||
| CVE-2010-3908 | 0.00 | — | 0.02 | May 20, 2011 | FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file. | ||
| CVE-2011-0622 | 0.00 | — | 0.06 | May 13, 2011 | Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0621. |
- CVE-2011-0205Jun 24, 2011risk 0.00cvss —epss 0.06
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image.
- CVE-2011-0204Jun 24, 2011risk 0.00cvss —epss 0.04
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image.
- CVE-2011-2530Jun 22, 2011risk 0.00cvss —epss 0.01
Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware Installation Tool 1.0.5.1 and earlier in Rockwell Automation RSLinx Classic before 2.58 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed .eds file.
- CVE-2011-2119Jun 16, 2011risk 0.00cvss —epss 0.04
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, and CVE-2011-2122.
- CVE-2011-2117Jun 16, 2011risk 0.00cvss —epss 0.04
Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2114, CVE-2011-2124, CVE-2011-2127, and CVE-2011-2128.
- CVE-2011-2114Jun 16, 2011risk 0.00cvss —epss 0.04
Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2117, CVE-2011-2124, CVE-2011-2127, and CVE-2011-2128.
- CVE-2011-2113Jun 16, 2011risk 0.00cvss —epss 0.06
Multiple buffer overflows in the Shockwave3DAsset component in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors.
- CVE-2011-2104Jun 16, 2011risk 0.00cvss —epss 0.02
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors.
- CVE-2011-0335Jun 16, 2011risk 0.00cvss —epss 0.04
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-2119, and CVE-2011-2122.
- CVE-2011-0320Jun 16, 2011risk 0.00cvss —epss 0.02
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.
- CVE-2011-0319Jun 16, 2011risk 0.00cvss —epss 0.02
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.
- CVE-2011-0318Jun 16, 2011risk 0.00cvss —epss 0.02
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.
- CVE-2011-0317Jun 16, 2011risk 0.00cvss —epss 0.02
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.
- CVE-2011-1924Jun 14, 2011risk 0.00cvss —epss 0.02
Buffer overflow in the policy_summarize function in or/policies.c in Tor before 0.2.1.30 allows remote attackers to cause a denial of service (directory authority crash) via a crafted policy that triggers creation of a long port list.
- CVE-2011-1817Jun 9, 2011risk 0.00cvss —epss 0.01
Google Chrome before 12.0.742.91 does not properly implement history deletion, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
- CVE-2011-1959Jun 6, 2011risk 0.00cvss —epss 0.02
The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 does not properly handle certain virtualizable buffers, which allows remote attackers to cause a denial of service (application crash) via a large length value in a snoop file that triggers a stack-based buffer over-read.
- CVE-2011-1806May 26, 2011risk 0.00cvss —epss 0.05
Google Chrome before 11.0.696.71 does not properly implement the GPU command buffer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
- CVE-2011-0722May 20, 2011risk 0.00cvss —epss 0.01
FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file.
- CVE-2010-3908May 20, 2011risk 0.00cvss —epss 0.02
FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file.
- CVE-2011-0622May 13, 2011risk 0.00cvss —epss 0.06
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0620, and CVE-2011-0621.