CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (10,979)
page 538 of 549| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-4137 | 0.00 | — | 0.02 | Sep 18, 2007 | Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the… | |||
| CVE-2007-4943 | 0.00 | — | 0.03 | Sep 18, 2007 | Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of arguments or property values, a different DLL than CVE-2007-4816. NOTE: the… | |||
| CVE-2007-3739 | 0.00 | — | 0.00 | Sep 14, 2007 | mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors. | |||
| CVE-2007-4823 | 0.00 | — | 0.00 | Sep 11, 2007 | Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory. | |||
| CVE-2007-4730 | 0.00 | — | 0.01 | Sep 11, 2007 | Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap. | |||
| CVE-2007-4792 | 0.00 | — | 0.00 | Sep 10, 2007 | Buffer overflow in ibstat in devices.common.IBM.ib.rte in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2007-4794 | 0.00 | — | 0.00 | Sep 10, 2007 | Buffer overflow in fcstat in devices.common.IBM.fc.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long input parameter. | |||
| CVE-2007-4795 | 0.00 | — | 0.00 | Sep 10, 2007 | Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long ODM name. | |||
| CVE-2007-4791 | 0.00 | — | 0.00 | Sep 10, 2007 | Buffer overflow in the swcons command in bos.rte.console in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2005-3504 and CVE-2007-0978. | |||
| CVE-2007-4796 | 0.00 | — | 0.00 | Sep 10, 2007 | Buffer overflow in uucp in bos.net.uucp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2007-4797 | 0.00 | — | 0.00 | Sep 10, 2007 | Multiple buffer overflows in unspecified svprint (System V print) commands in bos.svprint.rte in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors. | |||
| CVE-2007-4793 | 0.00 | — | 0.00 | Sep 10, 2007 | Buffer overflow in xlplm in plm.server.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2007-4758 | 0.00 | — | 0.06 | Sep 8, 2007 | Multiple buffer overflows in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors. | |||
| CVE-2007-4759 | 0.00 | — | 0.02 | Sep 8, 2007 | Multiple unspecified vulnerabilities in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2007-4743 | 0.00 | — | 0.05 | Sep 6, 2007 | The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some… | |||
| CVE-2007-3752 | 0.00 | — | 0.06 | Sep 6, 2007 | Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file. | |||
| CVE-2007-0322 | 0.00 | — | 0.06 | Sep 5, 2007 | Multiple stack-based buffer overflows in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2007-4662 | 0.00 | — | 0.03 | Sep 4, 2007 | Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors. | |||
| CVE-2007-4657 | 0.00 | — | 0.03 | Sep 4, 2007 | Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an… | |||
| CVE-2007-4668 | 0.00 | — | 0.02 | Sep 4, 2007 | Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, aka CORE-1312. |
- CVE-2007-4137Sep 18, 2007risk 0.00cvss —epss 0.02
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the…
- CVE-2007-4943Sep 18, 2007risk 0.00cvss —epss 0.03
Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of arguments or property values, a different DLL than CVE-2007-4816. NOTE: the…
- CVE-2007-3739Sep 14, 2007risk 0.00cvss —epss 0.00
mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors.
- CVE-2007-4823Sep 11, 2007risk 0.00cvss —epss 0.00
Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.
- CVE-2007-4730Sep 11, 2007risk 0.00cvss —epss 0.01
Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.
- CVE-2007-4792Sep 10, 2007risk 0.00cvss —epss 0.00
Buffer overflow in ibstat in devices.common.IBM.ib.rte in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.
- CVE-2007-4794Sep 10, 2007risk 0.00cvss —epss 0.00
Buffer overflow in fcstat in devices.common.IBM.fc.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long input parameter.
- CVE-2007-4795Sep 10, 2007risk 0.00cvss —epss 0.00
Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long ODM name.
- CVE-2007-4791Sep 10, 2007risk 0.00cvss —epss 0.00
Buffer overflow in the swcons command in bos.rte.console in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2005-3504 and CVE-2007-0978.
- CVE-2007-4796Sep 10, 2007risk 0.00cvss —epss 0.00
Buffer overflow in uucp in bos.net.uucp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
- CVE-2007-4797Sep 10, 2007risk 0.00cvss —epss 0.00
Multiple buffer overflows in unspecified svprint (System V print) commands in bos.svprint.rte in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors.
- CVE-2007-4793Sep 10, 2007risk 0.00cvss —epss 0.00
Buffer overflow in xlplm in plm.server.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
- CVE-2007-4758Sep 8, 2007risk 0.00cvss —epss 0.06
Multiple buffer overflows in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors.
- CVE-2007-4759Sep 8, 2007risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service via unspecified vectors.
- CVE-2007-4743Sep 6, 2007risk 0.00cvss —epss 0.05
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some…
- CVE-2007-3752Sep 6, 2007risk 0.00cvss —epss 0.06
Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted album cover art in the covr atom of an MP4/AAC file.
- CVE-2007-0322Sep 5, 2007risk 0.00cvss —epss 0.06
Multiple stack-based buffer overflows in the Intuit QuickBooks Online Edition ActiveX control before 10 allow remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2007-4662Sep 4, 2007risk 0.00cvss —epss 0.03
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.
- CVE-2007-4657Sep 4, 2007risk 0.00cvss —epss 0.03
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an…
- CVE-2007-4668Sep 4, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, aka CORE-1312.