VYPR

CWE-787

Out-of-bounds Write

BaseDraftLikelihood: High

Description

The product writes data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

CVEs mapped to this weakness (2,513)

page 11 of 126
  • CVE-2018-12787CriJul 20, 2018
    risk 0.64cvss 9.8epss 0.09

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-12760CriJul 20, 2018
    risk 0.64cvss 9.8epss 0.09

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-12758CriJul 20, 2018
    risk 0.64cvss 9.8epss 0.09

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

  • CVE-2018-10620CriJul 19, 2018
    risk 0.64cvss 9.8epss 0.04

    AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with…

  • CVE-2018-12911CriJul 19, 2018
    risk 0.64cvss 9.8epss 0.02

    WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.

  • CVE-2018-8847CriJul 13, 2018
    risk 0.64cvss 9.8epss 0.07

    Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution.

  • CVE-2018-13876CriJul 10, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDread.

  • CVE-2018-13874CriJul 10, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDmemset.

  • CVE-2018-13872CriJul 10, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5G_ent_decode in H5Gent.c.

  • CVE-2018-13871CriJul 10, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5FL_blk_malloc in H5FL.c.

  • CVE-2018-13794CriJul 9, 2018
    risk 0.64cvss 9.8epss 0.02

    A heap-based buffer overflow exists in stbi__bmp_load_cont in stb_image.h in catimg 2.4.0.

  • CVE-2018-12933CriJun 28, 2018
    risk 0.64cvss 9.8epss 0.02

    PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact because the attacker controls the pCreatePen->ihPen array index.

  • CVE-2018-12932CriJun 28, 2018
    risk 0.64cvss 9.8epss 0.02

    PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by triggering a large pAlphaBlend->cbBitsSrc value.

  • CVE-2018-12889CriJun 26, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCacheRequest and in ccnl_populate_cache for an array lacking '\0' termination when reading a binary CCNx or NDN file. This can result in Heap Corruption. This was addressed by fixing…

  • CVE-2018-12699CriJun 23, 2018
    risk 0.64cvss 9.8epss 0.05

    finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.

  • CVE-2018-11560CriJun 23, 2018
    risk 0.64cvss 9.8epss 0.02

    The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.

  • CVE-2018-12601CriJun 20, 2018
    risk 0.64cvss 9.8epss 0.02

    There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.

  • CVE-2018-12578CriJun 19, 2018
    risk 0.64cvss 9.8epss 0.02

    There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.

  • CVE-2018-5147CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.02

    The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1.

  • CVE-2018-5122CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    A potential integer overflow in the "DoCrypt" function of WebCrypto was identified. If a means was found of exploiting it, it could result in an out-of-bounds write. This vulnerability affects Firefox < 58.