VYPR

CWE-787

Out-of-bounds Write

BaseDraftLikelihood: High

Description

The product writes data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

CVEs mapped to this weakness (2,513)

page 124 of 126
  • CVE-2012-0773Mar 28, 2012
    risk 0.00cvss epss 0.05

    The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070…

  • CVE-2011-3019Feb 16, 2012
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska video (aka MKV) file.

  • CVE-2011-3018Feb 16, 2012
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to path rendering.

  • CVE-2012-0753Feb 16, 2012
    risk 0.00cvss epss 0.04

    Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption)…

  • CVE-2012-0751Feb 16, 2012
    risk 0.00cvss epss 0.04

    The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

  • CVE-2011-3972Feb 9, 2012
    risk 0.00cvss epss 0.01

    The shader translator implementation in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

  • CVE-2011-3926Jan 24, 2012
    risk 0.00cvss epss 0.02

    Heap-based buffer overflow in the tree builder in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2011-3922Jan 7, 2012
    risk 0.00cvss epss 0.02

    Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to glyph handling.

  • CVE-2011-3919Jan 7, 2012
    risk 0.00cvss epss 0.02

    Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2011-3917Dec 13, 2011
    risk 0.00cvss epss 0.01

    Stack-based buffer overflow in FileWatcher in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2011-3914Dec 13, 2011
    risk 0.00cvss epss 0.01

    The internationalization (aka i18n) functionality in Google V8, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.

  • CVE-2011-4315Dec 8, 2011
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.

  • CVE-2011-3900Nov 17, 2011
    risk 0.00cvss epss 0.01

    Google V8, as used in Google Chrome before 15.0.874.121, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write operation.

  • CVE-2011-3439Nov 11, 2011
    risk 0.00cvss epss 0.05

    FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.

  • CVE-2011-3895Nov 11, 2011
    risk 0.00cvss epss 0.02

    Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.

  • CVE-2011-3889Oct 25, 2011
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow in the Web Audio implementation in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2011-2828Aug 29, 2011
    risk 0.00cvss epss 0.01

    Google V8, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.

  • CVE-2011-2896Aug 19, 2011
    risk 0.00cvss epss 0.13

    The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the…

  • CVE-2011-2791Aug 3, 2011
    risk 0.00cvss epss 0.01

    The International Components for Unicode (ICU) functionality in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.

  • CVE-2011-1782Jul 27, 2011
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image…