CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (10,979)
page 486 of 549| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-4308 | 0.00 | — | 0.04 | Aug 11, 2011 | Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4309. | |||
| CVE-2011-2589 | 0.00 | — | 0.04 | Aug 9, 2011 | Heap-based buffer overflow in the SendLogAction method in the UUPlayer ActiveX control 6.0.0.1 in UUSee 2010 6.11.0609.2 might allow remote attackers to execute arbitrary code via a long argument. | |||
| CVE-2011-2591 | 0.00 | — | 0.05 | Aug 5, 2011 | Multiple buffer overflows in the Provideo ActiveX controls allow remote attackers to execute arbitrary code via crafted input fields, as demonstrated by (1) a long strIp argument to the voice method in 2way.dll in the alarm 1.0.3.1 ActiveX control, (2) a network response to… | |||
| CVE-2011-0252 | 0.00 | — | 0.05 | Aug 4, 2011 | Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STTS atoms in a QuickTime movie file. | |||
| CVE-2011-0251 | 0.00 | — | 0.05 | Aug 4, 2011 | Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSZ atoms in a QuickTime movie file. | |||
| CVE-2011-0250 | 0.00 | — | 0.05 | Aug 4, 2011 | Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSS atoms in a QuickTime movie file. | |||
| CVE-2011-0249 | 0.00 | — | 0.05 | Aug 4, 2011 | Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSC atoms in a QuickTime movie file. | |||
| CVE-2011-0248 | 0.00 | — | 0.03 | Aug 4, 2011 | Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTL file. | |||
| CVE-2011-0247 | 0.00 | — | 0.05 | Aug 4, 2011 | Multiple stack-based buffer overflows in Apple QuickTime before 7.7 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie. | |||
| CVE-2011-0246 | 0.00 | — | 0.04 | Aug 4, 2011 | Heap-based buffer overflow in Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file. | |||
| CVE-2011-0245 | 0.00 | — | 0.04 | Aug 4, 2011 | Buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pict file. | |||
| CVE-2011-2704 | 0.00 | — | 0.05 | Aug 1, 2011 | Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding. | |||
| CVE-2011-2962 | 0.00 | — | 0.05 | Jul 29, 2011 | Multiple stack-based buffer overflows in Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via two unspecified ActiveX controls. | |||
| CVE-2011-2696 | 0.00 | — | 0.05 | Jul 27, 2011 | Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow. | |||
| CVE-2011-2588 | 0.00 | — | 0.04 | Jul 27, 2011 | Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file. | |||
| CVE-2011-2587 | 0.00 | — | 0.04 | Jul 27, 2011 | Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real Media file. | |||
| CVE-2011-1797 | 0.00 | — | 0.04 | Jul 21, 2011 | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | |||
| CVE-2011-1462 | 0.00 | — | 0.04 | Jul 21, 2011 | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | |||
| CVE-2011-1457 | 0.00 | — | 0.04 | Jul 21, 2011 | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | |||
| CVE-2011-1453 | 0.00 | — | 0.04 | Jul 21, 2011 | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
- CVE-2010-4308Aug 11, 2011risk 0.00cvss —epss 0.04
Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4309.
- CVE-2011-2589Aug 9, 2011risk 0.00cvss —epss 0.04
Heap-based buffer overflow in the SendLogAction method in the UUPlayer ActiveX control 6.0.0.1 in UUSee 2010 6.11.0609.2 might allow remote attackers to execute arbitrary code via a long argument.
- CVE-2011-2591Aug 5, 2011risk 0.00cvss —epss 0.05
Multiple buffer overflows in the Provideo ActiveX controls allow remote attackers to execute arbitrary code via crafted input fields, as demonstrated by (1) a long strIp argument to the voice method in 2way.dll in the alarm 1.0.3.1 ActiveX control, (2) a network response to…
- CVE-2011-0252Aug 4, 2011risk 0.00cvss —epss 0.05
Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STTS atoms in a QuickTime movie file.
- CVE-2011-0251Aug 4, 2011risk 0.00cvss —epss 0.05
Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSZ atoms in a QuickTime movie file.
- CVE-2011-0250Aug 4, 2011risk 0.00cvss —epss 0.05
Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSS atoms in a QuickTime movie file.
- CVE-2011-0249Aug 4, 2011risk 0.00cvss —epss 0.05
Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSC atoms in a QuickTime movie file.
- CVE-2011-0248Aug 4, 2011risk 0.00cvss —epss 0.03
Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTL file.
- CVE-2011-0247Aug 4, 2011risk 0.00cvss —epss 0.05
Multiple stack-based buffer overflows in Apple QuickTime before 7.7 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie.
- CVE-2011-0246Aug 4, 2011risk 0.00cvss —epss 0.04
Heap-based buffer overflow in Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.
- CVE-2011-0245Aug 4, 2011risk 0.00cvss —epss 0.04
Buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pict file.
- CVE-2011-2704Aug 1, 2011risk 0.00cvss —epss 0.05
Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.
- CVE-2011-2962Jul 29, 2011risk 0.00cvss —epss 0.05
Multiple stack-based buffer overflows in Invensys Wonderware Information Server 3.1, 4.0, and 4.0 SP1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via two unspecified ActiveX controls.
- CVE-2011-2696Jul 27, 2011risk 0.00cvss —epss 0.05
Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file that triggers a heap-based buffer overflow.
- CVE-2011-2588Jul 27, 2011risk 0.00cvss —epss 0.04
Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file.
- CVE-2011-2587Jul 27, 2011risk 0.00cvss —epss 0.04
Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real Media file.
- CVE-2011-1797Jul 21, 2011risk 0.00cvss —epss 0.04
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
- CVE-2011-1462Jul 21, 2011risk 0.00cvss —epss 0.04
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
- CVE-2011-1457Jul 21, 2011risk 0.00cvss —epss 0.04
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
- CVE-2011-1453Jul 21, 2011risk 0.00cvss —epss 0.04
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.