Przykłady dla CWE-119: Improper Restriction of Operations within the Bounds of a ...

	Tytuł	Data	Autor
High	Circontrol Raption Buffer Overflow / Command Injection	30.03.2024	Dariusz Gonda
High	KiTTY 0.76.1.13 Start Duplicated Session Hostname Buffer Overflow	28.03.2024	DEFCESCO
High	TP-Link TL-WR740N Buffer Overflow / Denial Of Service	11.03.2024	Anish Feroz
High	PCMan FTP Server 2.0 Buffer Overflow	06.02.2024	Waqas Ahmed Faroouqi
High	glibc syslog() Heap-Based Buffer Overflow	01.02.2024	Qualys Security Adviso...
Med.	Intrasrv Simple Web Server 1.0 - Denial of Service (DoS)	10.01.2024	Fernando Mengali
Med.	PSOProxy 0.5 - Denial of Service (DoS)	10.01.2024	Fernando Mengali
Med.	Easy Chat Server 3.1 - Denial of Service (DoS)	07.01.2024	Fernando Mengali
Med.	Easy Chat Server 3.1 - Denial of Service (DoS)	06.01.2024	Fernando Mengali
High	XAMPP 3.3.0 Buffer Overflow	27.10.2023	Talson
High	Elasticsearch 8.5.3 Stack Overflow	24.09.2023	Touhami Kasbaoui
High	Ivanti Avalanche MDM Buffer Overflow	18.09.2023	Ege Balci
High	OpenPLC Webserver 3 Denial Of Service / Buffer Overflow	13.09.2023	Kai Feng
High	GOM Player 2.3.90.5360 Buffer Overflow	10.09.2023	Ahmet Umit Bayram
High	NVClient 5.0 Stack Buffer Overflow	04.09.2023	Ahmet Umit Bayram
High	Xlight FTP Server 3.9.3.6 Stack Buffer Overflow (DOS)	06.08.2023	Yehia Elghaly
High	Xlight FTP Server 3.9.3.6 Stack Buffer Overflow	05.08.2023	Yehia Elghaly
High	Savant Web Server 3.1 Remote Buffer Overflow	03.08.2023	0xBOF90
High	General Device Manager 2.5.2.2 Buffer Overflow	02.08.2023	Ahmet Umit Bayram
High	RaidenFTPD 2.4.4005 Buffer Overflow	21.07.2023	Andre Nogueira
High	TP-Link TL-WR940N 4 Buffer Overflow	05.07.2023	Amirhossein Bahramizad...
High	Polycom BToE Connector 4.4.0.0 Buffer Overflow / Man-In-The-Middle	19.06.2023	secbugs3
High	TP-Link Archer AX10(EU)_V1.2_230220 Buffer Overflow	18.06.2023	Giuseppe Compare
High	Widevine Trustlet 5.x / 6.x / 7.x PRDiagVerifyProvisioning Buffer Overflow	30.05.2023	CyberIntel Team
High	Widevine Trustlet 5.x drm_save_keys Buffer Overflow	30.05.2023	CyberIntel Team
High	Advantech EKI-15XX Series Command Injection / Buffer Overflow	13.05.2023	T. Weber
Med.	Fortigate 7.0.1 Stack Overflow	03.05.2023	Cody Sixteen
High	Rocket Software Unidata 8.2.4 Build 3003 Buffer Overflow	14.04.2023	Ron Bowes
High	Grand Theft Auto III Vice City Skin File 1.1 Buffer Overflow	03.04.2023	Knursoft
High	Explorer32++ 1.3.5.531 Buffer Overflow	27.03.2023	Rafael Pedrero
Med.	Scdbg 1.0 Buffer overflow DoS	27.03.2023	Rafael Pedrero
High	SOUND4 LinkAndShare Transmitter 1.1.2 Format String Stack Buffer Overflow	12.02.2023	LiquidWorm
High	NetChess 2.1 Buffer Overflow	21.01.2023	Ugur Eminli
High	ZTE ZXHN-H108NS Stack Buffer Overflow / Denial Of Service	21.11.2022	George Tsimpidas
High	wolfSSL Buffer Overflow	31.10.2022	Maximilian Ammann
High	AVS Audio Converter 10.3 Stack Overflow	19.10.2022	Yehia Elghaly
High	Netfilter nft_set_elem_init Heap Overflow Privilege Escalation	28.09.2022	Redouane Niboucha
High	COVESA 2.18.8 NULL Pointer Dereference / Heap Buffer Over-Read	27.09.2022	T. Weber
High	123elf Project Buffer Overflow	06.09.2022	Tavis Ormandy
High	10-Strike Network Inventory Explorer 9.3 Buffer Overflow	23.08.2022	Ricardo Jose Ruiz Fern...
High	Windows sxs!CNodeFactory::XMLParser_Element_doc_assembly_assemblyIdentity Heap Buffer Overflow	15.08.2022	Google Security Resear...
High	Windows sxssrv!BaseSrvActivationContextCacheDuplicateUnicodeString Heap Buffer Overflow	14.08.2022	Google Security Resear...
High	Easy Chat Server 3.1 Buffer Overflow	02.08.2022	r00tpgp
High	Patlite 1.46 Buffer Overflow	25.07.2022	Samy Younsi
High	Ransom Lockbit 3.0 MVID-2022-0620 Buffer Overflow	04.07.2022	malvuln
High	Zyxel Buffer Overflow / Format String / Command Injection	20.06.2022	Marco Ivaldi
High	Kitty 0.76.0.8 Stack Buffer Overflow	20.06.2022	Yehia Elghaly
High	GtkRadiant 1.6.6 Buffer Overflow	05.06.2022	Jeremy Brown
High	libMeshb Buffer Overflow	04.06.2022	Jeremy Brown
High	Small HTTP Server 3.06 Remote Buffer Overflow	07.04.2022	Yehia Elghaly
High	ALLMediaServer 1.6 Buffer Overflow	04.04.2022	Hejap Zairy
High	Xlight FTP 3.9.3.2 Buffer Overflow	22.03.2022	Hejap Zairy
High	Amazing CD Ripper 1.2 Buffer Overflow	22.03.2022	Hejap Zairy
High	Audio Conversion Wizard 2.01 Buffer Overflow	10.03.2022	Hejap Zairy
High	VUPlayer 2.49 Buffer Overflow	10.01.2022	Bryan Leong
High	Accu-Time Systems MAXIMUS 1.0 Buffer Overflow / Denial Of Service	23.12.2021	Yehia Elghaly
High	Pinkie 2.15 TFTP Remote Buffer Overflow (PoC)	30.11.2021	Yehia
High	Serva 4.4.0 TFTP Remote Buffer Overflow	24.11.2021	Yehia Elghaly
High	Pinkie 2.15 Remote Buffer Overflow	22.11.2021	Yehia Elghaly
High	Modbus Slave 7.3.1 Buffer Overflow	22.11.2021	Yehia Elghaly
High	Xlight FTP 3.9.3.1 Buffer Overflow (PoC)	17.11.2021	Yehia Elghaly
High	Xlight FTP 3.9.3.1 Buffer Overflow	14.11.2021	Yehia Elghaly
High	zlog 1.2.15 Buffer Overflow	09.11.2021	LIWEI
High	YouTube Video Grabber 1.9.9.1 Buffer Overflow	02.11.2021	Achilles
High	Mini-XML 3.2 Heap Overflow	29.10.2021	LIWEI
High	Ether MP3 CD Burner 1.3.8 Buffer Overflow	27.09.2021	Achilles
High	Microsoft Windows cmd.exe Stack Buffer Overflow	19.09.2021	hyp3rlinx
High	COMMAX WebViewer ActiveX Control 2.1.4.5 Commax_WebViewer.ocx Buffer Overflow	01.09.2021	LiquidWorm
High	COMMAX UMS Client ActiveX Control 1.7.0.2 CNC_Ctrl.dll Heap Buffer Overflow	29.08.2021	LiquidWorm
High	crossfire-server 1.9.0 SetUp() Remote Buffer Overflow	18.08.2021	Khaled Salem
High	Crossfire Server 1.0 Buffer Overflow	18.08.2021	Khaled Salem
High	IcoFX 2.6 Buffer Overflow	08.06.2021	Austin Babcock
High	Exim base64d Buffer Overflow	06.06.2021	Johnny Yu
Med.	VMware ESXi OpenSLP Heap Overflow	06.06.2021	Johnny Yu
High	Epic Games Rocket League 1.95 Stack Buffer Overrun	15.05.2021	LiquidWorm
High	Shenzhen Skyworth RN510 Buffer Overflow	05.05.2021	Kaustubh G. Padwad
High	D-Link DSL-320B-D1 Pre-Authentication Buffer Overflow	08.04.2021	Gabriele Gristina
High	DD-WRT 45723 Buffer Overflow	01.04.2021	Selim Enes Karaduman
High	SyncBreeze 10.1.16 Buffer Overflow	29.03.2021	Rafael Machado
High	FastStone Image Viewer 7.5 Buffer Overflow	18.03.2021	Paolo Stagno
High	Golden FTP Server 4.70 Buffer Overflow	10.03.2021	Craig Freyman
High	dataSIMS Avionics ARINC 664-1 Local Buffer Overflow (PoC)	19.02.2021	Kağan Çapar
High	Sudo Heap-Based Buffer Overflow	29.01.2021	Qualys Security Adviso...
High	10-Strike Network Inventory Explorer Pro 9.05 Buffer Overflow	24.12.2020	Florian Gassner
High	Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow	18.12.2020	wvu
High	MiniWeb HTTP Server 0.8.19 Buffer Overflow (PoC)	14.12.2020	securityforeveryone
High	Dup Scout Enterprise 10.0.18 Buffer Overflow	09.12.2020	sickness
High	libupnp 1.6.18 Stack-based buffer overflow (DoS)	27.11.2020	Patrik Lantz
High	SyncBreeze 10.0.28 password Remote Buffer Overflow	25.11.2020	Abdessalam king(A.sala...
High	Boxoft Audio Converter 2.3.0 Buffer Overflow	23.11.2020	Luis Martinez
High	Internet Download Manager 6.38.12 Scheduler Downloads Scheduler Buffer Overflow (PoC)	22.11.2020	Vincent Wolterman
High	IBM Tivoli Storage Manager 5.2.0.1 Buffer Overflow	21.11.2020	Paolo Stagno
High	Nidesoft 3GP Video Converter 2.6.18 Local Stack Buffer Overflow	12.11.2020	Felipe Winsnes
High	Sony IPELA Network Camera 1.82.01 ftpclient.cgi Remote Stack Buffer Overflow	07.10.2020	LiquidWorm
High	Sony IPELA Network Camera Remote Stack Buffer Overflow	01.10.2020	LiquidWorm
High	BlazeDVD 7.0 Professional Buffer Overflow	31.08.2020	emalp
High	ASX To MP3 Converter 3.1.3.7.2010.11.05 Buffer Overflow	28.08.2020	Paras Bhatia
High	Socusoft Photo to Video Converter Professional 8.07 Output Folder Buffer Overflow (SEH Egghunter)	14.08.2020	MasterVlad
High	Free MP3 CD Ripper 2.8 Stack Buffer Overflow (SEH + Egghunter)	06.08.2020	Eduard Palisek
Med.	CA Unified Infrastructure Management Nimsoft 7.80 Buffer Overflow	01.08.2020	wetw0rk

Common Weakness Enumeration (CWE)

CVE

Szczegóły

Opis

2024-04-06

CVE-2024-25029

Updating...

IBM Personal Communications 14.0.6 through 15.0.1 includes a Windows service that is vulnerable to remote code execution (RCE) and local privilege escalation (LPE). The vulnerability allows any unprivileged user with network access to a target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to move laterally to affected systems and to escalate their privileges. IBM X-Force ID: 281619.

2024-03-13

CVE-2024-0162

Updating...

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM.

2024-03-12

CVE-2024-22041

Updating...

A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution (All versions < V4.3.5617), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems improperly handles memory buffers when parsing X.509 certificates. This could allow an unauthenticated remote attacker to crash the network service.

2024-03-04

CVE-2023-32331

Updating...

IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979.

2024-02-13

CVE-2024-24921

Updating...

A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application is vulnerable to memory corruption while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21712)

2024-02-02

	CVE-2024-0338	Updating...	A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH).
	CVE-2024-24560	Updating...	Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 (overlapping with the input buffer). When checking RETURNDATASIZE for dynamic types, the size is compared only to the minimum allowed size for that type, and not to the returned value's length. As a result, malformed return data can cause the contract to mistake data from the input buffer for returndata. When the called contract returns invalid ABIv2 encoded data, the calling contract can read different invalid data (from the dirty buffer) than the called contract returned.

2024-02-01

CVE-2024-24561

Updating...

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue can be used to do OOB access to storage, memory or calldata addresses. It can also be used to corrupt the length slot of the respective array.

2024-01-31

CVE-2024-1112

Updating...

Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument.

2024-01-22

CVE-2024-0772

Updating...

A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

30.03.2024

28.03.2024

11.03.2024

06.02.2024

01.02.2024

10.01.2024

10.01.2024

07.01.2024

06.01.2024

27.10.2023

24.09.2023

18.09.2023

13.09.2023

10.09.2023

04.09.2023

06.08.2023

05.08.2023

03.08.2023

02.08.2023

21.07.2023

05.07.2023

19.06.2023

18.06.2023

30.05.2023

30.05.2023

13.05.2023

03.05.2023

14.04.2023

03.04.2023

27.03.2023

27.03.2023

12.02.2023

21.01.2023

21.11.2022

31.10.2022

19.10.2022

28.09.2022

27.09.2022

06.09.2022

23.08.2022

15.08.2022

14.08.2022

02.08.2022

25.07.2022

04.07.2022

20.06.2022

20.06.2022

05.06.2022

04.06.2022

07.04.2022

04.04.2022

22.03.2022

22.03.2022

10.03.2022

10.01.2022

23.12.2021

30.11.2021

24.11.2021

22.11.2021

22.11.2021

17.11.2021

14.11.2021

09.11.2021

02.11.2021

29.10.2021

27.09.2021

19.09.2021

01.09.2021

29.08.2021

18.08.2021

18.08.2021

08.06.2021

06.06.2021

06.06.2021

15.05.2021