CWE-787
Out-of-bounds Write
Description
The product writes data past the end, or before the beginning, of the intended buffer.
Hierarchy (View 1000)
CVEs mapped to this weakness (2,513)
page 111 of 126| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-40160 | 0.00 | — | 0.01 | Oct 6, 2022 | ** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google… | |||
| CVE-2022-35939 | 0.00 | — | 0.00 | Sep 16, 2022 | TensorFlow is an open source platform for machine learning. The `ScatterNd` function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or… | |||
| CVE-2022-40152 | — | 0.00 | — | 0.20 | Sep 16, 2022 | Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a… | ||
| CVE-2022-40151 | — | 0.00 | — | 0.01 | Sep 16, 2022 | Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | ||
| CVE-2022-40149 | — | 0.00 | — | 0.01 | Sep 16, 2022 | Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of… | ||
| CVE-2022-38495 | — | 0.00 | — | 0.00 | Sep 13, 2022 | LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at /c/macho_reader.c. | ||
| CVE-2022-38306 | — | 0.00 | — | 0.00 | Sep 13, 2022 | LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc. | ||
| CVE-2022-38751 | 0.00 | — | 0.01 | Sep 5, 2022 | Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | |||
| CVE-2022-38750 | 0.00 | — | 0.01 | Sep 5, 2022 | Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | |||
| CVE-2022-38749 | 0.00 | — | 0.02 | Sep 5, 2022 | Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | |||
| CVE-2022-38752 | 0.00 | — | 0.02 | Sep 5, 2022 | Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. | |||
| CVE-2022-25903 | — | 0.00 | — | 0.01 | Aug 24, 2022 | The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed. | ||
| CVE-2022-31054 | 0.00 | — | 0.01 | Jun 13, 2022 | Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` reads all the data into memory. As such, an attacker who sends a large request… | |||
| CVE-2021-37404 | — | 0.00 | — | 0.03 | Jun 13, 2022 | There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. | ||
| CVE-2022-29210 | 0.00 | — | 0.00 | May 20, 2022 | TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). It also tried to access… | |||
| CVE-2022-29208 | 0.00 | — | 0.00 | May 20, 2022 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In… | |||
| CVE-2022-28990 | — | 0.00 | — | 0.00 | May 20, 2022 | WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm. | ||
| CVE-2018-25032 | 0.00 | — | 0.52 | Mar 25, 2022 | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | |||
| CVE-2020-36518 | — | 0.00 | — | 0.05 | Mar 11, 2022 | jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. | ||
| CVE-2022-23561 | 0.00 | — | 0.01 | Feb 4, 2022 | Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary… |
- CVE-2022-40160Oct 6, 2022risk 0.00cvss —epss 0.01
** DISPUTED ** This record was originally reported by the oss-fuzz project who failed to consider the security context in which JXPath is intended to be used and failed to contact the JXPath maintainers prior to requesting the CVE allocation. The CVE was then allocated by Google…
- CVE-2022-35939Sep 16, 2022risk 0.00cvss —epss 0.00
TensorFlow is an open source platform for machine learning. The `ScatterNd` function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or…
- CVE-2022-40152Sep 16, 2022risk 0.00cvss —epss 0.20
Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a…
- CVE-2022-40151Sep 16, 2022risk 0.00cvss —epss 0.01
Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.
- CVE-2022-40149Sep 16, 2022risk 0.00cvss —epss 0.01
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of…
- CVE-2022-38495Sep 13, 2022risk 0.00cvss —epss 0.00
LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at /c/macho_reader.c.
- CVE-2022-38306Sep 13, 2022risk 0.00cvss —epss 0.00
LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc.
- CVE-2022-38751Sep 5, 2022risk 0.00cvss —epss 0.01
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
- CVE-2022-38750Sep 5, 2022risk 0.00cvss —epss 0.01
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
- CVE-2022-38749Sep 5, 2022risk 0.00cvss —epss 0.02
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
- CVE-2022-38752Sep 5, 2022risk 0.00cvss —epss 0.02
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
- CVE-2022-25903Aug 24, 2022risk 0.00cvss —epss 0.01
The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed.
- CVE-2022-31054Jun 13, 2022risk 0.00cvss —epss 0.01
Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` reads all the data into memory. As such, an attacker who sends a large request…
- CVE-2021-37404Jun 13, 2022risk 0.00cvss —epss 0.03
There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
- CVE-2022-29210May 20, 2022risk 0.00cvss —epss 0.00
TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). It also tried to access…
- CVE-2022-29208May 20, 2022risk 0.00cvss —epss 0.00
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In…
- CVE-2022-28990May 20, 2022risk 0.00cvss —epss 0.00
WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm.
- CVE-2018-25032Mar 25, 2022risk 0.00cvss —epss 0.52
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
- CVE-2020-36518Mar 11, 2022risk 0.00cvss —epss 0.05
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
- CVE-2022-23561Feb 4, 2022risk 0.00cvss —epss 0.01
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary…