CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (10,979)
page 503 of 549| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-2880 | 0.00 | — | 0.04 | Aug 26, 2010 | DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at… | |||
| CVE-2010-2870 | 0.00 | — | 0.05 | Aug 26, 2010 | DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a certain chunk size in the mmap chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie. | |||
| CVE-2010-2869 | 0.00 | — | 0.05 | Aug 26, 2010 | IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at… | |||
| CVE-2010-2868 | 0.00 | — | 0.05 | Aug 26, 2010 | IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a… | |||
| CVE-2010-2867 | 0.00 | — | 0.05 | Aug 26, 2010 | DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly handle a certain return value associated with the rcsL chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted… | |||
| CVE-2010-2864 | 0.00 | — | 0.05 | Aug 26, 2010 | IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at… | |||
| CVE-2010-2863 | 0.00 | — | 0.04 | Aug 26, 2010 | Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. | |||
| CVE-2010-3121 | 0.00 | — | 0.02 | Aug 25, 2010 | Buffer overflow in tm-console-bin in the DevonIT thin-client management tool might allow remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2010-2360 | 0.00 | — | 0.03 | Aug 25, 2010 | Multiple buffer overflows in Winny 2.0b7.1 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-2007. | |||
| CVE-2010-1808 | 0.00 | — | 0.03 | Aug 25, 2010 | Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document. | |||
| CVE-2010-1801 | 0.00 | — | 0.03 | Aug 25, 2010 | Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file. | |||
| CVE-2010-3120 | 0.00 | — | 0.02 | Aug 24, 2010 | Google Chrome before 5.0.375.127 does not properly implement the Geolocation feature, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2010-3119 | 0.00 | — | 0.01 | Aug 24, 2010 | Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not properly support the Ruby language, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2010-3113 | 0.00 | — | 0.03 | Aug 24, 2010 | Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to state changes when using… | |||
| CVE-2010-3112 | 0.00 | — | 0.01 | Aug 24, 2010 | Google Chrome before 5.0.375.127 does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2010-2947 | 0.00 | — | 0.06 | Aug 24, 2010 | Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a string that is inconsistent with the expected number of fields. | |||
| CVE-2010-3109 | 0.00 | — | 0.05 | Aug 23, 2010 | Stack-based buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code via a long operation parameter. | |||
| CVE-2010-3108 | 0.00 | — | 0.05 | Aug 23, 2010 | Buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code by using EMBED elements to pass parameters with long names. | |||
| CVE-2010-3105 | 0.00 | — | 0.03 | Aug 23, 2010 | The PluginGetDriverFile function in Novell iPrint Client before 5.44 interprets an uninitialized memory location as a pointer value, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details… | |||
| CVE-2010-3064 | 0.00 | — | 0.02 | Aug 20, 2010 | Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument… |
- CVE-2010-2880Aug 26, 2010risk 0.00cvss —epss 0.04
DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at…
- CVE-2010-2870Aug 26, 2010risk 0.00cvss —epss 0.05
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a certain chunk size in the mmap chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
- CVE-2010-2869Aug 26, 2010risk 0.00cvss —epss 0.05
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at…
- CVE-2010-2868Aug 26, 2010risk 0.00cvss —epss 0.05
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a…
- CVE-2010-2867Aug 26, 2010risk 0.00cvss —epss 0.05
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly handle a certain return value associated with the rcsL chunk in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted…
- CVE-2010-2864Aug 26, 2010risk 0.00cvss —epss 0.05
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at…
- CVE-2010-2863Aug 26, 2010risk 0.00cvss —epss 0.04
Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
- CVE-2010-3121Aug 25, 2010risk 0.00cvss —epss 0.02
Buffer overflow in tm-console-bin in the DevonIT thin-client management tool might allow remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2010-2360Aug 25, 2010risk 0.00cvss —epss 0.03
Multiple buffer overflows in Winny 2.0b7.1 and earlier might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-2007.
- CVE-2010-1808Aug 25, 2010risk 0.00cvss —epss 0.03
Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.
- CVE-2010-1801Aug 25, 2010risk 0.00cvss —epss 0.03
Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file.
- CVE-2010-3120Aug 24, 2010risk 0.00cvss —epss 0.02
Google Chrome before 5.0.375.127 does not properly implement the Geolocation feature, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
- CVE-2010-3119Aug 24, 2010risk 0.00cvss —epss 0.01
Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not properly support the Ruby language, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
- CVE-2010-3113Aug 24, 2010risk 0.00cvss —epss 0.03
Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to state changes when using…
- CVE-2010-3112Aug 24, 2010risk 0.00cvss —epss 0.01
Google Chrome before 5.0.375.127 does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
- CVE-2010-2947Aug 24, 2010risk 0.00cvss —epss 0.06
Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a string that is inconsistent with the expected number of fields.
- CVE-2010-3109Aug 23, 2010risk 0.00cvss —epss 0.05
Stack-based buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code via a long operation parameter.
- CVE-2010-3108Aug 23, 2010risk 0.00cvss —epss 0.05
Buffer overflow in the browser plugin in Novell iPrint Client before 5.42 allows remote attackers to execute arbitrary code by using EMBED elements to pass parameters with long names.
- CVE-2010-3105Aug 23, 2010risk 0.00cvss —epss 0.03
The PluginGetDriverFile function in Novell iPrint Client before 5.44 interprets an uninitialized memory location as a pointer value, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details…
- CVE-2010-3064Aug 20, 2010risk 0.00cvss —epss 0.02
Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument…