VYPR

CWE-787

Out-of-bounds Write

BaseDraftLikelihood: High

Description

The product writes data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

CVEs mapped to this weakness (2,513)

page 12 of 126
  • CVE-2017-7778CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.05

    A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR <…

  • CVE-2017-5443CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.03

    An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

  • CVE-2018-11575CriMay 31, 2018
    risk 0.64cvss 9.8epss 0.02

    ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg.

  • CVE-2018-11545CriMay 29, 2018
    risk 0.64cvss 9.8epss 0.02

    md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes.

  • CVE-2018-11536CriMay 29, 2018
    risk 0.64cvss 9.8epss 0.02

    md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits.

  • CVE-2018-11531CriMay 29, 2018
    risk 0.64cvss 9.8epss 0.03

    Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.

  • CVE-2018-8871CriMay 25, 2018
    risk 0.64cvss 9.8epss 0.04

    In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution.

  • CVE-2018-1000300CriMay 24, 2018
    risk 0.64cvss 9.8epss 0.05

    curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command…

  • CVE-2017-11308CriMay 19, 2018
    risk 0.64cvss 9.8epss 0.08

    Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current…

  • CVE-2018-11236CriMay 18, 2018
    risk 0.64cvss 9.8epss 0.07

    stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially,…

  • CVE-2018-8845CriMay 15, 2018
    risk 0.64cvss 9.8epss 0.06

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been…

  • CVE-2018-7499CriMay 15, 2018
    risk 0.64cvss 9.8epss 0.04

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities…

  • CVE-2018-11013CriMay 13, 2018
    risk 0.64cvss 9.8epss 0.07

    Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header.

  • CVE-2018-1000178CriMay 8, 2018
    risk 0.64cvss 9.8epss 0.04

    A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely.

  • CVE-2018-10771CriMay 7, 2018
    risk 0.64cvss 9.8epss 0.03

    Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

  • CVE-2018-10753CriMay 5, 2018
    risk 0.64cvss 9.8epss 0.03

    Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

  • CVE-2018-8865CriMay 4, 2018
    risk 0.64cvss 9.8epss 0.06

    In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

  • CVE-2016-10479CriApr 18, 2018
    risk 0.64cvss 9.8epss 0.01

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9607, MDM9615, MDM9635M, MDM9640, SD 210/SD 212/SD 205, SD 400, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 810, and SD 820, an arbitrary length value from an incoming…

  • CVE-2018-6797CriApr 17, 2018
    risk 0.64cvss 9.8epss 0.07

    An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

  • CVE-2017-9634CriApr 17, 2018
    risk 0.64cvss 9.8epss 0.04

    Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.