VYPR

CWE-787

Out-of-bounds Write

BaseDraftLikelihood: High

Description

The product writes data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

CVEs mapped to this weakness (2,513)

page 10 of 126
  • CVE-2018-14823CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.04

    Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.

  • CVE-2018-14815CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.04

    Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution.

  • CVE-2018-14813CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.04

    Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.

  • CVE-2018-17334CriSep 22, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in the svgGetNextPathField function in svg_string.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because a strncpy copy…

  • CVE-2018-17333CriSep 22, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in libsvg2 through 2012-10-19. A stack-based buffer overflow in svgStringToLength in svg_types.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because sscanf is misused.

  • CVE-2018-17174CriSep 21, 2018
    risk 0.64cvss 9.8epss 0.03

    A stack-based buffer overflow was discovered in the xtimor NMEA library (aka nmealib) 0.5.3. nmea_parse() in parser.c allows an attacker to trigger denial of service (even arbitrary code execution in a certain context) in a product using this library via malformed data.

  • CVE-2018-17141CriSep 21, 2018
    risk 0.64cvss 9.8epss 0.06

    HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.

  • CVE-2018-17067CriSep 15, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address.

  • CVE-2018-17065CriSep 15, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address.

  • CVE-2018-12808CriAug 29, 2018
    risk 0.64cvss 9.8epss 0.08

    Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2018-3904CriAug 27, 2018
    risk 0.64cvss 9.9epss 0.02

    An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a…

  • CVE-2018-3880CriAug 23, 2018
    risk 0.64cvss 9.9epss 0.01

    An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles existing records inside its…

  • CVE-2018-3866CriAug 23, 2018
    risk 0.64cvss 9.9epss 0.02

    An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a…

  • CVE-2018-3919CriAug 23, 2018
    risk 0.64cvss 9.9epss 0.01

    An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely extracts the fields from the "clips"…

  • CVE-2018-3903CriAug 23, 2018
    risk 0.64cvss 9.9epss 0.02

    On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability.…

  • CVE-2018-3902CriAug 23, 2018
    risk 0.64cvss 9.9epss 0.02

    An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts the URL field from a user-controlled JSON…

  • CVE-2018-3863CriAug 23, 2018
    risk 0.64cvss 9.9epss 0.02

    On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. A…

  • CVE-2017-14446CriAug 2, 2018
    risk 0.64cvss 9.9epss 0.01

    An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading to a buffer overflow on the stack. An attacker can send an HTTP GET request to…

  • CVE-2018-14551CriJul 23, 2018
    risk 0.64cvss 9.8epss 0.04

    The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.

  • CVE-2018-5021CriJul 20, 2018
    risk 0.64cvss 9.8epss 0.09

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.