CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (10,979)
page 527 of 549| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-2513 | 0.00 | — | 0.00 | Jun 2, 2008 | Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows local users to execute arbitrary code in kernel mode via unknown attack vectors. | |||
| CVE-2008-2426 | 0.00 | — | 0.06 | Jun 2, 2008 | Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in… | |||
| CVE-2008-2363 | 0.00 | — | 0.06 | Jun 2, 2008 | The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based… | |||
| CVE-2008-2098 | 0.00 | — | 0.00 | Jun 2, 2008 | Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used,… | |||
| CVE-2008-1573 | 0.00 | — | 0.02 | Jun 2, 2008 | The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read. | |||
| CVE-2008-2503 | 0.00 | — | 0.01 | May 29, 2008 | Buffer overflow in Uploadlist in eMule X-Ray before 1.4 has unknown impact and remote attack vectors. | |||
| CVE-2008-0959 | 0.00 | — | 0.06 | May 29, 2008 | Multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX control in NCTAudioInformation2.dll, as used in (1) Power Audio CD Grabber 1.0, (2) Power Audio CD Burner 1.02, (3) CinematicMP3 1.4.0.0, (4) Alive MP3 WAV Converter… | |||
| CVE-2008-2407 | 0.00 | — | 0.06 | May 23, 2008 | Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian before 3.1.10.0 allows user-assisted remote attackers to execute arbitrary code via a long attribute value in a FONT tag in a message. | |||
| CVE-2008-2409 | 0.00 | — | 0.06 | May 23, 2008 | Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message. | |||
| CVE-2008-2408 | 0.00 | — | 0.06 | May 23, 2008 | Heap-based buffer overflow in the XML parsing functionality in talk.dll in Cerulean Studios Trillian Pro before 3.1.10.0 allows remote attackers to execute arbitrary code via a malformed attribute in an IMG tag. | |||
| CVE-2008-2357 | 0.00 | — | 0.05 | May 21, 2008 | Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the… | |||
| CVE-2008-0957 | 0.00 | — | 0.03 | May 20, 2008 | Multiple stack-based buffer overflows in the PhotoStockPlus Uploader Tool ActiveX control (PSPUploader.ocx) allow remote attackers to execute arbitrary code via unspecified initialization parameters. | |||
| CVE-2008-1944 | 0.00 | — | 0.00 | May 14, 2008 | Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via "bogus screen updates," related to missing validation of… | |||
| CVE-2008-1943 | 0.00 | — | 0.00 | May 14, 2008 | Buffer overflow in the backend of XenSource Xen Para Virtualized Frame Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted description of a shared framebuffer. | |||
| CVE-2008-2218 | 0.00 | — | 0.02 | May 14, 2008 | Buffer overflow in the Multimedia PC Client in Nortel Multimedia Communication Server (MCS) before Maintenance Release 3.5.8.3 and 4.0.25.3 allows remote attackers to cause a denial of service (crash) via a flood of "extraneous" messages, as demonstrated by the Nessus "Generic… | |||
| CVE-2008-1922 | 0.00 | — | 0.04 | May 13, 2008 | Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log file. | |||
| CVE-2008-2149 | 0.00 | — | 0.04 | May 12, 2008 | Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2.1, and 3.0 might allow context-dependent attackers to execute arbitrary code via a long command line option. NOTE: this issue probably does not cross privilege boundaries except in cases in which Wordnet is… | |||
| CVE-2008-2145 | 0.00 | — | 0.00 | May 12, 2008 | Stack-based buffer overflow in Novell Client 4.91 SP4 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long username in the "forgotten password" dialog. | |||
| CVE-2008-2085 | 0.00 | — | 0.05 | May 12, 2008 | Multiple stack-based buffer overflows in the (1) get_remote_ip_media and (2) get_remote_ipv6_media functions in call.cpp in SIPp 3.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted SIP message. | |||
| CVE-2008-2080 | 0.00 | — | 0.04 | May 6, 2008 | Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags. |
- CVE-2008-2513Jun 2, 2008risk 0.00cvss —epss 0.00
Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows local users to execute arbitrary code in kernel mode via unknown attack vectors.
- CVE-2008-2426Jun 2, 2008risk 0.00cvss —epss 0.06
Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in…
- CVE-2008-2363Jun 2, 2008risk 0.00cvss —epss 0.06
The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based…
- CVE-2008-2098Jun 2, 2008risk 0.00cvss —epss 0.00
Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used,…
- CVE-2008-1573Jun 2, 2008risk 0.00cvss —epss 0.02
The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.
- CVE-2008-2503May 29, 2008risk 0.00cvss —epss 0.01
Buffer overflow in Uploadlist in eMule X-Ray before 1.4 has unknown impact and remote attack vectors.
- CVE-2008-0959May 29, 2008risk 0.00cvss —epss 0.06
Multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioInformation2 ActiveX control in NCTAudioInformation2.dll, as used in (1) Power Audio CD Grabber 1.0, (2) Power Audio CD Burner 1.02, (3) CinematicMP3 1.4.0.0, (4) Alive MP3 WAV Converter…
- CVE-2008-2407May 23, 2008risk 0.00cvss —epss 0.06
Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian before 3.1.10.0 allows user-assisted remote attackers to execute arbitrary code via a long attribute value in a FONT tag in a message.
- CVE-2008-2409May 23, 2008risk 0.00cvss —epss 0.06
Stack-based buffer overflow in Cerulean Studios Trillian before 3.1.10.0 allows remote attackers to execute arbitrary code via unspecified attributes in the X-MMS-IM-FORMAT header in an MSN message.
- CVE-2008-2408May 23, 2008risk 0.00cvss —epss 0.06
Heap-based buffer overflow in the XML parsing functionality in talk.dll in Cerulean Studios Trillian Pro before 3.1.10.0 allows remote attackers to execute arbitrary code via a malformed attribute in an IMG tag.
- CVE-2008-2357May 21, 2008risk 0.00cvss —epss 0.05
Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the…
- CVE-2008-0957May 20, 2008risk 0.00cvss —epss 0.03
Multiple stack-based buffer overflows in the PhotoStockPlus Uploader Tool ActiveX control (PSPUploader.ocx) allow remote attackers to execute arbitrary code via unspecified initialization parameters.
- CVE-2008-1944May 14, 2008risk 0.00cvss —epss 0.00
Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer (PVFB) Message 3.0 through 3.0.3 allows local users to cause a denial of service (SDL crash) and possibly execute arbitrary code via "bogus screen updates," related to missing validation of…
- CVE-2008-1943May 14, 2008risk 0.00cvss —epss 0.00
Buffer overflow in the backend of XenSource Xen Para Virtualized Frame Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted description of a shared framebuffer.
- CVE-2008-2218May 14, 2008risk 0.00cvss —epss 0.02
Buffer overflow in the Multimedia PC Client in Nortel Multimedia Communication Server (MCS) before Maintenance Release 3.5.8.3 and 4.0.25.3 allows remote attackers to cause a denial of service (crash) via a flood of "extraneous" messages, as demonstrated by the Nessus "Generic…
- CVE-2008-1922May 13, 2008risk 0.00cvss —epss 0.04
Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log file.
- CVE-2008-2149May 12, 2008risk 0.00cvss —epss 0.04
Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2.1, and 3.0 might allow context-dependent attackers to execute arbitrary code via a long command line option. NOTE: this issue probably does not cross privilege boundaries except in cases in which Wordnet is…
- CVE-2008-2145May 12, 2008risk 0.00cvss —epss 0.00
Stack-based buffer overflow in Novell Client 4.91 SP4 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long username in the "forgotten password" dialog.
- CVE-2008-2085May 12, 2008risk 0.00cvss —epss 0.05
Multiple stack-based buffer overflows in the (1) get_remote_ip_media and (2) get_remote_ipv6_media functions in call.cpp in SIPp 3.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted SIP message.
- CVE-2008-2080May 6, 2008risk 0.00cvss —epss 0.04
Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags.