CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (10,979)
page 532 of 549| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-0587 | 0.00 | — | 0.00 | Feb 5, 2008 | Buffer overflow in the uspchrp program in devices.chrp.base.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2008-0586 | 0.00 | — | 0.00 | Feb 5, 2008 | Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) lchangevg, (2) ldeletepv, (3) putlvodm, (4) lvaryoffvg, and (5) lvgenminor programs in bos.rte.lvm; and the (6) tellclvmd program in bos.clvm.enh. | |||
| CVE-2008-0509 | 0.00 | — | 0.01 | Jan 31, 2008 | Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to cause a denial of service (crash) or possibly gain privileges via a long argument to (1) piox25, related to piox25.c; or (2) piox25remote, related to piox25remote.sh. | |||
| CVE-2008-0064 | 0.00 | — | 0.05 | Jan 31, 2008 | Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file. | |||
| CVE-2007-5764 | 0.00 | — | 0.01 | Jan 25, 2008 | Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option. | |||
| CVE-2007-6425 | 0.00 | — | 0.04 | Jan 23, 2008 | Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via unknown vectors. | |||
| CVE-2008-0378 | 0.00 | — | 0.03 | Jan 22, 2008 | Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when "Resolve all names remotely" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname. | |||
| CVE-2008-0366 | 0.00 | — | 0.01 | Jan 18, 2008 | CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments. | |||
| CVE-2008-0006 | 0.00 | — | 0.05 | Jan 18, 2008 | Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in… | |||
| CVE-2008-0296 | 0.00 | — | 0.15 | Jan 16, 2008 | Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string. | |||
| CVE-2008-0295 | 0.00 | — | 0.11 | Jan 16, 2008 | Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description… | |||
| CVE-2008-0036 | 0.00 | — | 0.05 | Jan 16, 2008 | Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding. | |||
| CVE-2007-5655 | 0.00 | — | 0.06 | Jan 16, 2008 | TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers. | |||
| CVE-2008-0238 | 0.00 | — | 0.04 | Jan 11, 2008 | Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different… | |||
| CVE-2008-0227 | 0.00 | — | 0.02 | Jan 10, 2008 | yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp. | |||
| CVE-2008-0223 | 0.00 | — | 0.05 | Jan 10, 2008 | Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSystems products such as Ichitaro, allows remote attackers to execute arbitrary code via a crafted .JTD file. | |||
| CVE-2007-6532 | 0.00 | — | 0.04 | Jan 9, 2008 | Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name and working directory in session management." | |||
| CVE-2007-6531 | 0.00 | — | 0.03 | Jan 9, 2008 | Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via Launcher tooltips. NOTE: a second buffer overflow (over-read) in the xfce_mkdirhier function was also reported, but it might not be… | |||
| CVE-2008-0152 | 0.00 | — | 0.02 | Jan 9, 2008 | SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier allows user-assisted remote attackers to cause a denial of service (crash) via unspecified telnet options, which triggers a NULL pointer dereference. NOTE: the crash is not user-assisted when the server is… | |||
| CVE-2008-0098 | 0.00 | — | 0.06 | Jan 8, 2008 | Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: As of 20080103, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is… |
- CVE-2008-0587Feb 5, 2008risk 0.00cvss —epss 0.00
Buffer overflow in the uspchrp program in devices.chrp.base.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
- CVE-2008-0586Feb 5, 2008risk 0.00cvss —epss 0.00
Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) lchangevg, (2) ldeletepv, (3) putlvodm, (4) lvaryoffvg, and (5) lvgenminor programs in bos.rte.lvm; and the (6) tellclvmd program in bos.clvm.enh.
- CVE-2008-0509Jan 31, 2008risk 0.00cvss —epss 0.01
Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to cause a denial of service (crash) or possibly gain privileges via a long argument to (1) piox25, related to piox25.c; or (2) piox25remote, related to piox25remote.sh.
- CVE-2008-0064Jan 31, 2008risk 0.00cvss —epss 0.05
Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file.
- CVE-2007-5764Jan 25, 2008risk 0.00cvss —epss 0.01
Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option.
- CVE-2007-6425Jan 23, 2008risk 0.00cvss —epss 0.04
Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via unknown vectors.
- CVE-2008-0378Jan 22, 2008risk 0.00cvss —epss 0.03
Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when "Resolve all names remotely" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname.
- CVE-2008-0366Jan 18, 2008risk 0.00cvss —epss 0.01
CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments.
- CVE-2008-0006Jan 18, 2008risk 0.00cvss —epss 0.05
Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in…
- CVE-2008-0296Jan 16, 2008risk 0.00cvss —epss 0.15
Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string.
- CVE-2008-0295Jan 16, 2008risk 0.00cvss —epss 0.11
Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description…
- CVE-2008-0036Jan 16, 2008risk 0.00cvss —epss 0.05
Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding.
- CVE-2007-5655Jan 16, 2008risk 0.00cvss —epss 0.06
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers.
- CVE-2008-0238Jan 11, 2008risk 0.00cvss —epss 0.04
Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different…
- CVE-2008-0227Jan 10, 2008risk 0.00cvss —epss 0.02
yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp.
- CVE-2008-0223Jan 10, 2008risk 0.00cvss —epss 0.05
Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSystems products such as Ichitaro, allows remote attackers to execute arbitrary code via a crafted .JTD file.
- CVE-2007-6532Jan 9, 2008risk 0.00cvss —epss 0.04
Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name and working directory in session management."
- CVE-2007-6531Jan 9, 2008risk 0.00cvss —epss 0.03
Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via Launcher tooltips. NOTE: a second buffer overflow (over-read) in the xfce_mkdirhier function was also reported, but it might not be…
- CVE-2008-0152Jan 9, 2008risk 0.00cvss —epss 0.02
SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier allows user-assisted remote attackers to cause a denial of service (crash) via unspecified telnet options, which triggers a NULL pointer dereference. NOTE: the crash is not user-assisted when the server is…
- CVE-2008-0098Jan 8, 2008risk 0.00cvss —epss 0.06
Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: As of 20080103, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is…