VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 90 of 549
  • CVE-2017-2539HigMay 22, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application…

  • CVE-2017-2538HigMay 22, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application…

  • CVE-2017-2530HigMay 22, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iCloud before 6.2.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute…

  • CVE-2017-2526HigMay 22, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application…

  • CVE-2017-2525HigMay 22, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service…

  • CVE-2017-2506HigMay 22, 2017
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application…

  • CVE-2017-2505HigMay 22, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service…

  • CVE-2017-2496HigMay 22, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application…

  • CVE-2017-8325HigApr 29, 2017
    risk 0.57cvss 8.8epss 0.03

    The iw_process_cols_to_intermediate function in imagew-main.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image.

  • CVE-2017-2155HigApr 28, 2017
    risk 0.57cvss 8.8epss 0.03

    Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage.

  • CVE-2017-2113HigApr 28, 2017
    risk 0.57cvss 8.8epss 0.02

    Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier,…

  • CVE-2017-6037HigApr 27, 2017
    risk 0.57cvss 8.8epss 0.02

    A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow when a maliciously crafted project file is run by the system.

  • CVE-2017-6035HigApr 27, 2017
    risk 0.57cvss 8.8epss 0.02

    A Stack-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow, which could result in denial of service when a malicious project file is run on the system.

  • CVE-2011-3438HigApr 24, 2017
    risk 0.57cvss 8.8epss 0.02

    WebKit, as used in Safari 5.0.6, allows remote attackers to cause a denial of service (process crash) or arbitrary code execution.

  • CVE-2017-6956HigApr 5, 2017
    risk 0.57cvss 8.8epss 0.02

    On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point that sends a long R0KH-ID field in a Fast BSS Transition Information Element…

  • CVE-2017-2481HigApr 2, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory…

  • CVE-2017-2465HigApr 2, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory…

  • CVE-2017-2444HigApr 2, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or…

  • CVE-2017-2433HigApr 2, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash)…

  • CVE-2017-2405HigApr 2, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and…