VYPR

CWE-787

Out-of-bounds Write

BaseDraftLikelihood: High

Description

The product writes data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

CVEs mapped to this weakness (2,513)

page 111 of 126
  • CVE-2022-40160Oct 6, 2022
    risk 0.00cvss epss 0.01

    ** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google…

  • CVE-2022-35939Sep 16, 2022
    risk 0.00cvss epss 0.00

    TensorFlow is an open source platform for machine learning. The `ScatterNd` function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or…

  • CVE-2022-40152Sep 16, 2022
    risk 0.00cvss epss 0.20

    Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a…

  • CVE-2022-40151Sep 16, 2022
    risk 0.00cvss epss 0.01

    Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

  • CVE-2022-40149Sep 16, 2022
    risk 0.00cvss epss 0.01

    Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of…

  • CVE-2022-38495Sep 13, 2022
    risk 0.00cvss epss 0.00

    LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at /c/macho_reader.c.

  • CVE-2022-38306Sep 13, 2022
    risk 0.00cvss epss 0.00

    LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc.

  • CVE-2022-38751Sep 5, 2022
    risk 0.00cvss epss 0.01

    Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

  • CVE-2022-38750Sep 5, 2022
    risk 0.00cvss epss 0.01

    Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

  • CVE-2022-38749Sep 5, 2022
    risk 0.00cvss epss 0.02

    Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

  • CVE-2022-38752Sep 5, 2022
    risk 0.00cvss epss 0.02

    Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.

  • CVE-2022-25903Aug 24, 2022
    risk 0.00cvss epss 0.01

    The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed.

  • CVE-2022-31054Jun 13, 2022
    risk 0.00cvss epss 0.01

    Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` reads all the data into memory. As such, an attacker who sends a large request…

  • CVE-2021-37404Jun 13, 2022
    risk 0.00cvss epss 0.03

    There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.

  • CVE-2022-29210May 20, 2022
    risk 0.00cvss epss 0.00

    TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). It also tried to access…

  • CVE-2022-29208May 20, 2022
    risk 0.00cvss epss 0.00

    TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In…

  • CVE-2022-28990May 20, 2022
    risk 0.00cvss epss 0.00

    WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm.

  • CVE-2018-25032Mar 25, 2022
    risk 0.00cvss epss 0.52

    zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

  • CVE-2020-36518Mar 11, 2022
    risk 0.00cvss epss 0.05

    jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

  • CVE-2022-23561Feb 4, 2022
    risk 0.00cvss epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary…