CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (9,861)
page 476 of 494| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-3429 | 0.00 | — | 0.04 | Jul 31, 2008 | Buffer overflow in URI processing in HTTrack and WinHTTrack before 3.42-3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL. | ||
| CVE-2008-3247 | 0.00 | — | 0.00 | Jul 24, 2008 | The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 on x86_64 platforms uses an incorrect size for ldt_desc, which allows local users to cause a denial of service (system crash) or possibly gain privileges via unspecified vectors. | ||
| CVE-2008-3229 | 0.00 | — | 0.00 | Jul 18, 2008 | Stack-based buffer overflow in op before Changeset 563, when xauth support is enabled, allows local users to gain privileges via a long XAUTHORITY environment variable. | ||
| CVE-2008-3169 | 0.00 | — | 0.03 | Jul 14, 2008 | Multiple heap-based buffer overflows in Empire Server before 4.3.15 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to a "coordinate normalization bug." NOTE: some of these details are obtained from third party information. | ||
| CVE-2008-3126 | 0.00 | — | 0.02 | Jul 10, 2008 | Multiple stack-based buffer overflows in the ServerView web interface (SnmpGetMibValues.exe) in Fujitsu Siemens Computers ServerView 04.60.07 and earlier allow remote authenticated users to execute arbitrary code via a crafted URL. | ||
| CVE-2008-2880 | 0.00 | — | 0.06 | Jun 26, 2008 | Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1 and 3.2.1.1 allows remote attackers to execute arbitrary code via a long SRC property value. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||
| CVE-2008-2851 | 0.00 | — | 0.01 | Jun 25, 2008 | Multiple buffer overflows in OFF System before 0.19.14 allow remote attackers to have an unknown impact via unspecified vectors related to "parsing of http headers." | ||
| CVE-2008-2828 | 0.00 | — | 0.03 | Jun 23, 2008 | Stack-based buffer overflow in tmsnc allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an MSN packet with a UBX command containing a large UBX payload length field. | ||
| CVE-2008-1952 | 0.00 | — | 0.00 | Jun 23, 2008 | The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service (crash) by mapping an arbitrary amount of guest memory. | ||
| CVE-2008-2786 | 0.00 | — | 0.00 | Jun 19, 2008 | Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. NOTE: due to lack of details as of 20080619, it is not clear whether this is the same issue as CVE-2008-2785. A CVE identifier has been assigned for tracking purposes. | ||
| CVE-2008-2709 | 0.00 | — | 0.00 | Jun 16, 2008 | Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service (task halt and main storage dump) via unspecified vectors involving the running of diagnostics on a modem port. NOTE: there might be limited attack scenarios. | ||
| CVE-2008-1518 | 0.00 | — | 0.00 | Jun 5, 2008 | Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call. | ||
| CVE-2008-2100 | 0.00 | — | 0.00 | Jun 5, 2008 | Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors. | ||
| CVE-2008-2097 | 0.00 | — | 0.04 | Jun 5, 2008 | Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length." | ||
| CVE-2008-1109 | 0.00 | — | 0.04 | Jun 4, 2008 | Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window). | ||
| CVE-2008-1108 | 0.00 | — | 0.04 | Jun 4, 2008 | Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment. | ||
| CVE-2008-2514 | 0.00 | — | 0.00 | Jun 2, 2008 | Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors. | ||
| CVE-2008-2363 | 0.00 | — | 0.06 | Jun 2, 2008 | The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based buffer overflow. | ||
| CVE-2008-2513 | 0.00 | — | 0.00 | Jun 2, 2008 | Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows local users to execute arbitrary code in kernel mode via unknown attack vectors. | ||
| CVE-2008-1031 | 0.00 | — | 0.03 | Jun 2, 2008 | CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable. |
- CVE-2008-3429Jul 31, 2008risk 0.00cvss —epss 0.04
Buffer overflow in URI processing in HTTrack and WinHTTrack before 3.42-3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL.
- CVE-2008-3247Jul 24, 2008risk 0.00cvss —epss 0.00
The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 on x86_64 platforms uses an incorrect size for ldt_desc, which allows local users to cause a denial of service (system crash) or possibly gain privileges via unspecified vectors.
- CVE-2008-3229Jul 18, 2008risk 0.00cvss —epss 0.00
Stack-based buffer overflow in op before Changeset 563, when xauth support is enabled, allows local users to gain privileges via a long XAUTHORITY environment variable.
- CVE-2008-3169Jul 14, 2008risk 0.00cvss —epss 0.03
Multiple heap-based buffer overflows in Empire Server before 4.3.15 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to a "coordinate normalization bug." NOTE: some of these details are obtained from third party information.
- CVE-2008-3126Jul 10, 2008risk 0.00cvss —epss 0.02
Multiple stack-based buffer overflows in the ServerView web interface (SnmpGetMibValues.exe) in Fujitsu Siemens Computers ServerView 04.60.07 and earlier allow remote authenticated users to execute arbitrary code via a crafted URL.
- CVE-2008-2880Jun 26, 2008risk 0.00cvss —epss 0.06
Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1 and 3.2.1.1 allows remote attackers to execute arbitrary code via a long SRC property value. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- CVE-2008-2851Jun 25, 2008risk 0.00cvss —epss 0.01
Multiple buffer overflows in OFF System before 0.19.14 allow remote attackers to have an unknown impact via unspecified vectors related to "parsing of http headers."
- CVE-2008-2828Jun 23, 2008risk 0.00cvss —epss 0.03
Stack-based buffer overflow in tmsnc allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an MSN packet with a UBX command containing a large UBX payload length field.
- CVE-2008-1952Jun 23, 2008risk 0.00cvss —epss 0.00
The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service (crash) by mapping an arbitrary amount of guest memory.
- CVE-2008-2786Jun 19, 2008risk 0.00cvss —epss 0.00
Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. NOTE: due to lack of details as of 20080619, it is not clear whether this is the same issue as CVE-2008-2785. A CVE identifier has been assigned for tracking purposes.
- CVE-2008-2709Jun 16, 2008risk 0.00cvss —epss 0.00
Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service (task halt and main storage dump) via unspecified vectors involving the running of diagnostics on a modem port. NOTE: there might be limited attack scenarios.
- CVE-2008-1518Jun 5, 2008risk 0.00cvss —epss 0.00
Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and 7.0 and Internet Security 6.0 and 7.0 allows local users to gain privileges via an IOCTL 0x800520e8 call.
- CVE-2008-2100Jun 5, 2008risk 0.00cvss —epss 0.00
Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors.
- CVE-2008-2097Jun 5, 2008risk 0.00cvss —epss 0.04
Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length."
- CVE-2008-1109Jun 4, 2008risk 0.00cvss —epss 0.04
Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).
- CVE-2008-1108Jun 4, 2008risk 0.00cvss —epss 0.04
Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.
- CVE-2008-2514Jun 2, 2008risk 0.00cvss —epss 0.00
Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors.
- CVE-2008-2363Jun 2, 2008risk 0.00cvss —epss 0.06
The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based buffer overflow.
- CVE-2008-2513Jun 2, 2008risk 0.00cvss —epss 0.00
Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows local users to execute arbitrary code in kernel mode via unknown attack vectors.
- CVE-2008-1031Jun 2, 2008risk 0.00cvss —epss 0.03
CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable.