VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 514 of 549
  • CVE-2009-2281Oct 23, 2009
    risk 0.00cvss epss 0.06

    Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HTTP request, related to…

  • CVE-2008-3684Oct 22, 2009
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in aws_tmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to execute arbitrary code via crafted packet data to TCP port 2606.

  • CVE-2009-2970Oct 19, 2009
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in the GetUiDllVersion function in an ActiveX control in UiCheck.dll before 1.0.0.7 in UiTV UiPlayer, as used in BaiduX and other products, allows remote attackers to execute arbitrary code via the filename parameter.

  • CVE-2009-3571Oct 6, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However,…

  • CVE-2009-3537Oct 2, 2009
    risk 0.00cvss epss 0.05

    Multiple stack-based buffer overflows in EpicDJSoftware EpicDJ 1.3.9.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a (1) .m3u or (2) .mpl playlist file.

  • CVE-2009-3483Sep 30, 2009
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the Create New Site feature in GlobalSCAPE CuteFTP Professional, Home, and Lite 8.3.3 and 8.3.3.0054 allows user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a site list containing…

  • CVE-2009-3476Sep 29, 2009
    risk 0.00cvss epss 0.04

    Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and…

  • CVE-2009-2905Sep 29, 2009
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted text dialog box.

  • CVE-2009-2865Sep 28, 2009
    risk 0.00cvss epss 0.06

    Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a denial of service via crafted…

  • CVE-2009-3347Sep 24, 2009
    risk 0.00cvss epss 0.04

    Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable…

  • CVE-2009-3345Sep 24, 2009
    risk 0.00cvss epss 0.02

    Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the…

  • CVE-2009-3341Sep 24, 2009
    risk 0.00cvss epss 0.05

    Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable…

  • CVE-2009-3329Sep 23, 2009
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in Winplot 1.25.0.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Plot2D (.wp2) file.

  • CVE-2009-3288Sep 22, 2009
    risk 0.00cvss epss 0.00

    The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using…

  • CVE-2009-3280Sep 21, 2009
    risk 0.00cvss epss 0.03

    Integer signedness error in the find_ie function in net/wireless/scan.c in the cfg80211 subsystem in the Linux kernel before 2.6.31.1-rc1 allows remote attackers to cause a denial of service (soft lockup) via malformed packets.

  • CVE-2009-2140Sep 21, 2009
    risk 0.00cvss epss 0.06

    Multiple heap-based buffer overflows in cppcanvas/source/mtfrenderer/emfplus.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allow remote attackers to execute arbitrary code via a crafted EMF+ file, a similar issue to…

  • CVE-2009-3235Sep 17, 2009
    risk 0.00cvss epss 0.04

    Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as…

  • CVE-2009-3183Sep 14, 2009
    risk 0.00cvss epss 0.00

    Heap-based buffer overflow in w in Sun Solaris 8 through 10, and OpenSolaris before snv_124, allows local users to gain privileges via unspecified vectors.

  • CVE-2009-2807Sep 14, 2009
    risk 0.00cvss epss 0.00

    Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors.

  • CVE-2008-7227Sep 14, 2009
    risk 0.00cvss epss 0.01

    PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 attempts to flush buffer contents even when it is handling an "in memory buffer," which prevents the reporting of a service exception, with unknown impact and attack vectors.