CWE-787
Out-of-bounds Write
Description
The product writes data past the end, or before the beginning, of the intended buffer.
Hierarchy (View 1000)
CVEs mapped to this weakness (2,513)
page 12 of 126| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-7778 | Cri | 0.64 | 9.8 | 0.05 | Jun 11, 2018 | A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR <… | ||
| CVE-2017-5443 | Cri | 0.64 | 9.8 | 0.03 | Jun 11, 2018 | An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | ||
| CVE-2018-11575 | Cri | 0.64 | 9.8 | 0.02 | May 31, 2018 | ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg. | ||
| CVE-2018-11545 | Cri | 0.64 | 9.8 | 0.02 | May 29, 2018 | md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes. | ||
| CVE-2018-11536 | Cri | 0.64 | 9.8 | 0.02 | May 29, 2018 | md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits. | ||
| CVE-2018-11531 | Cri | 0.64 | 9.8 | 0.03 | May 29, 2018 | Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. | ||
| CVE-2018-8871 | Cri | 0.64 | 9.8 | 0.04 | May 25, 2018 | In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution. | ||
| CVE-2018-1000300 | Cri | 0.64 | 9.8 | 0.05 | May 24, 2018 | curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command… | ||
| CVE-2017-11308 | Cri | 0.64 | 9.8 | 0.08 | May 19, 2018 | Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current… | ||
| CVE-2018-11236 | Cri | 0.64 | 9.8 | 0.07 | May 18, 2018 | stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially,… | ||
| CVE-2018-8845 | Cri | 0.64 | 9.8 | 0.06 | May 15, 2018 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been… | ||
| CVE-2018-7499 | Cri | 0.64 | 9.8 | 0.04 | May 15, 2018 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities… | ||
| CVE-2018-11013 | Cri | 0.64 | 9.8 | 0.07 | May 13, 2018 | Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header. | ||
| CVE-2018-1000178 | Cri | 0.64 | 9.8 | 0.04 | May 8, 2018 | A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely. | ||
| CVE-2018-10771 | Cri | 0.64 | 9.8 | 0.03 | May 7, 2018 | Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | ||
| CVE-2018-10753 | Cri | 0.64 | 9.8 | 0.03 | May 5, 2018 | Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | ||
| CVE-2018-8865 | Cri | 0.64 | 9.8 | 0.06 | May 4, 2018 | In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | ||
| CVE-2016-10479 | Cri | 0.64 | 9.8 | 0.01 | Apr 18, 2018 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9607, MDM9615, MDM9635M, MDM9640, SD 210/SD 212/SD 205, SD 400, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 810, and SD 820, an arbitrary length value from an incoming… | ||
| CVE-2018-6797 | Cri | 0.64 | 9.8 | 0.07 | Apr 17, 2018 | An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written. | ||
| CVE-2017-9634 | Cri | 0.64 | 9.8 | 0.04 | Apr 17, 2018 | Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash. |
- risk 0.64cvss 9.8epss 0.05
A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR <…
- risk 0.64cvss 9.8epss 0.03
An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
- risk 0.64cvss 9.8epss 0.02
ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg.
- risk 0.64cvss 9.8epss 0.02
md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes.
- risk 0.64cvss 9.8epss 0.02
md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits.
- risk 0.64cvss 9.8epss 0.03
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.
- risk 0.64cvss 9.8epss 0.04
In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution.
- risk 0.64cvss 9.8epss 0.05
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command…
- risk 0.64cvss 9.8epss 0.08
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current…
- risk 0.64cvss 9.8epss 0.07
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially,…
- risk 0.64cvss 9.8epss 0.06
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a heap-based buffer overflow vulnerability has been…
- risk 0.64cvss 9.8epss 0.04
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities…
- risk 0.64cvss 9.8epss 0.07
Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header.
- risk 0.64cvss 9.8epss 0.04
A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code remotely.
- risk 0.64cvss 9.8epss 0.03
Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
- risk 0.64cvss 9.8epss 0.03
Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
- risk 0.64cvss 9.8epss 0.06
In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
- risk 0.64cvss 9.8epss 0.01
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9607, MDM9615, MDM9635M, MDM9640, SD 210/SD 212/SD 205, SD 400, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 810, and SD 820, an arbitrary length value from an incoming…
- risk 0.64cvss 9.8epss 0.07
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
- risk 0.64cvss 9.8epss 0.04
Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.