CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (10,979)
page 533 of 549| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-6626 | 0.00 | — | 0.04 | Jan 4, 2008 | Multiple buffer overflows in the RTSP_valid_response_msg function in RTSP_state_machine.c in LScube Feng 0.1.15 and earlier allow remote attackers to execute arbitrary code via (1) a long first line of a response, as demonstrated by a long VER line; or (2) a long second line of… | |||
| CVE-2007-6562 | 0.00 | — | 0.02 | Dec 28, 2007 | Multiple stack-based buffer overflows in the use of FD_SET in TCPreen before 1.4.4 allow remote attackers to cause a denial of service via multiple concurrent connections, which result in overflows in the (1) SocketAddress::Connect function in libsolve/sockprot.cpp and (2)… | |||
| CVE-2007-6563 | 0.00 | — | 0.06 | Dec 28, 2007 | Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly other versions before 2.69, allows user-assisted remote attackers to execute arbitrary code via a long filename in a compressed UUE archive. | |||
| CVE-2007-6535 | 0.00 | — | 0.02 | Dec 27, 2007 | Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006.8.15.1 in Yahoo! Toolbar might allow attackers to execute arbitrary code via a long string to the IsTaggedBM method. | |||
| CVE-2007-6245 | 0.00 | — | 0.05 | Dec 20, 2007 | Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks. | |||
| CVE-2007-6336 | 0.00 | — | 0.04 | Dec 20, 2007 | Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file. | |||
| CVE-2007-6468 | 0.00 | — | 0.06 | Dec 20, 2007 | Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman.c and hexenworld/Client/huffman.c in Hammer of Thyrion 1.4.2 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted huffman encoded packet. NOTE: some of these details… | |||
| CVE-2007-6438 | 0.00 | — | 0.02 | Dec 19, 2007 | Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111. | |||
| CVE-2007-5848 | 0.00 | — | 0.01 | Dec 19, 2007 | Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service. | |||
| CVE-2007-5850 | 0.00 | — | 0.03 | Dec 19, 2007 | Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file. | |||
| CVE-2007-6436 | 0.00 | — | 0.04 | Dec 18, 2007 | Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are… | |||
| CVE-2007-4473 | 0.00 | — | 0.06 | Dec 17, 2007 | Gesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control (OPC) interface, probably related to free… | |||
| CVE-2007-6411 | 0.00 | — | 0.04 | Dec 17, 2007 | Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (gg.exe process crash) via a long string in an emots.txt file. | |||
| CVE-2007-6386 | 0.00 | — | 0.01 | Dec 15, 2007 | Stack-based buffer overflow in PccScan.dll before build 1451 in Trend Micro AntiVirus plus AntiSpyware 2008, Internet Security 2008, and Internet Security Pro 2008 allows user-assisted remote attackers to cause a denial of service (SfCtlCom.exe crash), and allows local users to… | |||
| CVE-2007-6151 | 0.00 | — | 0.01 | Dec 15, 2007 | The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffer overflow. | |||
| CVE-2007-4706 | 0.00 | — | 0.03 | Dec 15, 2007 | Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file. | |||
| CVE-2007-4707 | 0.00 | — | 0.04 | Dec 15, 2007 | Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie. | |||
| CVE-2007-5989 | 0.00 | — | 0.04 | Dec 13, 2007 | Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption. | |||
| CVE-2007-5007 | 0.00 | — | 0.04 | Dec 12, 2007 | Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command. | |||
| CVE-2007-6305 | 0.00 | — | 0.00 | Dec 10, 2007 | Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands." |
- CVE-2007-6626Jan 4, 2008risk 0.00cvss —epss 0.04
Multiple buffer overflows in the RTSP_valid_response_msg function in RTSP_state_machine.c in LScube Feng 0.1.15 and earlier allow remote attackers to execute arbitrary code via (1) a long first line of a response, as demonstrated by a long VER line; or (2) a long second line of…
- CVE-2007-6562Dec 28, 2007risk 0.00cvss —epss 0.02
Multiple stack-based buffer overflows in the use of FD_SET in TCPreen before 1.4.4 allow remote attackers to cause a denial of service via multiple concurrent connections, which result in overflows in the (1) SocketAddress::Connect function in libsolve/sockprot.cpp and (2)…
- CVE-2007-6563Dec 28, 2007risk 0.00cvss —epss 0.06
Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly other versions before 2.69, allows user-assisted remote attackers to execute arbitrary code via a long filename in a compressed UUE archive.
- CVE-2007-6535Dec 27, 2007risk 0.00cvss —epss 0.02
Buffer overflow in the YShortcut ActiveX control in YShortcut.dll 2006.8.15.1 in Yahoo! Toolbar might allow attackers to execute arbitrary code via a long string to the IsTaggedBM method.
- CVE-2007-6245Dec 20, 2007risk 0.00cvss —epss 0.05
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 allows remote attackers to modify HTTP headers for client requests and conduct HTTP Request Splitting attacks.
- CVE-2007-6336Dec 20, 2007risk 0.00cvss —epss 0.04
Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file.
- CVE-2007-6468Dec 20, 2007risk 0.00cvss —epss 0.06
Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman.c and hexenworld/Client/huffman.c in Hammer of Thyrion 1.4.2 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted huffman encoded packet. NOTE: some of these details…
- CVE-2007-6438Dec 19, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in the SMB dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service via unknown vectors. NOTE: this identifier originally included MP3 and NCP, but those issues are already covered by CVE-2007-6111.
- CVE-2007-5848Dec 19, 2007risk 0.00cvss —epss 0.01
Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.
- CVE-2007-5850Dec 19, 2007risk 0.00cvss —epss 0.03
Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file.
- CVE-2007-6436Dec 18, 2007risk 0.00cvss —epss 0.04
Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, 2006, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted document, as actively exploited in December 2007 by the Tarodrop.F trojan. NOTE: some of these details are…
- CVE-2007-4473Dec 17, 2007risk 0.00cvss —epss 0.06
Gesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control (OPC) interface, probably related to free…
- CVE-2007-6411Dec 17, 2007risk 0.00cvss —epss 0.04
Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (gg.exe process crash) via a long string in an emots.txt file.
- CVE-2007-6386Dec 15, 2007risk 0.00cvss —epss 0.01
Stack-based buffer overflow in PccScan.dll before build 1451 in Trend Micro AntiVirus plus AntiSpyware 2008, Internet Security 2008, and Internet Security Pro 2008 allows user-assisted remote attackers to cause a denial of service (SfCtlCom.exe crash), and allows local users to…
- CVE-2007-6151Dec 15, 2007risk 0.00cvss —epss 0.01
The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows local users to cause a denial of service via a crafted ioctl struct in which iocts is not null terminated, which triggers a buffer overflow.
- CVE-2007-4706Dec 15, 2007risk 0.00cvss —epss 0.03
Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file.
- CVE-2007-4707Dec 15, 2007risk 0.00cvss —epss 0.04
Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie.
- CVE-2007-5989Dec 13, 2007risk 0.00cvss —epss 0.04
Unspecified vulnerability in the skype4com URI handler in Skype before 3.6 GOLD allows remote attackers to execute arbitrary code via "short string values" that result in heap corruption.
- CVE-2007-5007Dec 12, 2007risk 0.00cvss —epss 0.04
Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.
- CVE-2007-6305Dec 10, 2007risk 0.00cvss —epss 0.00
Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands."