CWE-787
Out-of-bounds Write
Description
The product writes data past the end, or before the beginning, of the intended buffer.
Hierarchy (View 1000)
CVEs mapped to this weakness (1,906)
page 76 of 96| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-52309 | 0.00 | — | 0.00 | Jan 3, 2024 | Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible. | |||
| CVE-2023-52307 | 0.00 | — | 0.00 | Jan 3, 2024 | Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. | |||
| CVE-2023-52304 | 0.00 | — | 0.00 | Jan 3, 2024 | Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. | |||
| CVE-2023-50711 | 0.00 | — | 0.00 | Jan 2, 2024 | vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the `FamStructWrapper::deserialize` implementation provided by the crate for… | |||
| CVE-2023-50572 | — | 0.00 | — | 0.00 | Dec 29, 2023 | An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error. | ||
| CVE-2023-51084 | — | 0.00 | — | 0.00 | Dec 27, 2023 | hyavijava v6.0.07.1 was discovered to contain a stack overflow via the ResultConverter.convert2Xml method. | ||
| CVE-2023-51080 | — | 0.00 | — | 0.00 | Dec 27, 2023 | The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow. | ||
| CVE-2023-51074 | — | 0.00 | — | 0.00 | Dec 27, 2023 | json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method. | ||
| CVE-2023-49800 | — | 0.00 | — | 0.01 | Dec 8, 2023 | `nuxt-api-party` is an open source module to proxy API requests. The library allows the user to send many options directly to `ofetch`. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow.… | ||
| CVE-2023-42443 | 0.00 | — | 0.00 | Sep 18, 2023 | Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.9 and prior, under certain conditions, the memory used by the builtins `raw_call`, `create_from_blueprint` and `create_copy_of` can be corrupted. For `raw_call`, the argument… | |||
| CVE-2023-40889 | — | 0.00 | — | 0.01 | Aug 29, 2023 | A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or… | ||
| CVE-2022-34038 | — | 0.00 | — | 0.00 | Aug 22, 2023 | Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability. | ||
| CVE-2023-3894 | 0.00 | — | 0.00 | Aug 8, 2023 | Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of… | |||
| CVE-2023-38671 | 0.00 | — | 0.01 | Jul 26, 2023 | Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible. | |||
| CVE-2023-34615 | — | 0.00 | — | 0.00 | Jun 14, 2023 | An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | ||
| CVE-2023-34614 | — | 0.00 | — | 0.00 | Jun 14, 2023 | An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | ||
| CVE-2023-34613 | — | 0.00 | — | 0.00 | Jun 14, 2023 | An issue was discovered sojo thru 1.1.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | ||
| CVE-2023-34616 | — | 0.00 | — | 0.00 | Jun 14, 2023 | An issue was discovered pbjson thru 0.4.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | ||
| CVE-2023-34612 | — | 0.00 | — | 0.00 | Jun 14, 2023 | An issue was discovered ph-json thru 9.5.5 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. | ||
| CVE-2023-34610 | — | 0.00 | — | 0.00 | Jun 14, 2023 | An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. |
- CVE-2023-52309Jan 3, 2024risk 0.00cvss —epss 0.00
Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.
- CVE-2023-52307Jan 3, 2024risk 0.00cvss —epss 0.00
Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
- CVE-2023-52304Jan 3, 2024risk 0.00cvss —epss 0.00
Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
- CVE-2023-50711Jan 2, 2024risk 0.00cvss —epss 0.00
vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the `FamStructWrapper::deserialize` implementation provided by the crate for…
- CVE-2023-50572Dec 29, 2023risk 0.00cvss —epss 0.00
An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error.
- CVE-2023-51084Dec 27, 2023risk 0.00cvss —epss 0.00
hyavijava v6.0.07.1 was discovered to contain a stack overflow via the ResultConverter.convert2Xml method.
- CVE-2023-51080Dec 27, 2023risk 0.00cvss —epss 0.00
The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow.
- CVE-2023-51074Dec 27, 2023risk 0.00cvss —epss 0.00
json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.
- CVE-2023-49800Dec 8, 2023risk 0.00cvss —epss 0.01
`nuxt-api-party` is an open source module to proxy API requests. The library allows the user to send many options directly to `ofetch`. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow.…
- CVE-2023-42443Sep 18, 2023risk 0.00cvss —epss 0.00
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.9 and prior, under certain conditions, the memory used by the builtins `raw_call`, `create_from_blueprint` and `create_copy_of` can be corrupted. For `raw_call`, the argument…
- CVE-2023-40889Aug 29, 2023risk 0.00cvss —epss 0.01
A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or…
- CVE-2022-34038Aug 22, 2023risk 0.00cvss —epss 0.00
Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability.
- CVE-2023-3894Aug 8, 2023risk 0.00cvss —epss 0.00
Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of…
- CVE-2023-38671Jul 26, 2023risk 0.00cvss —epss 0.01
Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.
- CVE-2023-34615Jun 14, 2023risk 0.00cvss —epss 0.00
An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
- CVE-2023-34614Jun 14, 2023risk 0.00cvss —epss 0.00
An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
- CVE-2023-34613Jun 14, 2023risk 0.00cvss —epss 0.00
An issue was discovered sojo thru 1.1.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
- CVE-2023-34616Jun 14, 2023risk 0.00cvss —epss 0.00
An issue was discovered pbjson thru 0.4.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
- CVE-2023-34612Jun 14, 2023risk 0.00cvss —epss 0.00
An issue was discovered ph-json thru 9.5.5 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
- CVE-2023-34610Jun 14, 2023risk 0.00cvss —epss 0.00
An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.