CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-119

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-2281 119 Exec Code Overflow 2015-03-19 2015-03-24
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message Dispatcher on TCP port 8000.
2 CVE-2015-2154 119 DoS Overflow 2015-03-24 2015-03-26
5.0
None Remote Low Not required None None Partial
The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value.
3 CVE-2015-2153 119 DoS Overflow 2015-03-24 2015-03-26
5.0
None Remote Low Not required None None Partial
The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU).
4 CVE-2015-2097 119 Exec Code Overflow 2015-03-09 2015-03-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) ChangePassword function in the WESPCONFIGLib.UserItem control, Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control, or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.
5 CVE-2015-2095 119 Exec Code Overflow 2015-03-09 2015-03-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the SetConnectInfo function in the WESPPTZ.WESPPTZCtrl.1 ActiveX control in WebGate eDVR Manager allows remote attackers to execute arbitrary code via crafted arguments.
6 CVE-2015-2094 119 Exec Code Overflow 2015-03-09 2015-03-10
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the WESPPlayback.WESPPlaybackCtrl.1 control in WebGate WinRDS allows remote attackers to execute arbitrary code via unspecified vectors to the (1) PrintSiteImage, (2) PlaySiteAllChannel, (3) StopSiteAllChannel, or (4) SaveSiteImage function.
7 CVE-2015-2093 119 Exec Code Overflow 2015-03-09 2015-03-10
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the Connect function in the WebGate WebEyeAudio ActiveX control allows remote attackers to execute arbitrary code via a crafted value.
8 CVE-2015-2092 119 Exec Code Overflow 2015-03-09 2015-03-10
7.5
None Remote Low Not required Partial Partial Partial
The AnnotationX.AnnList.1 ActiveX control in Agilent Technologies Feature Extraction allows remote attackers to execute arbitrary code via a crafted object parameter in the Insert function, related to "Index Out-Of-Bounds."
9 CVE-2015-2061 119 Exec Code Overflow 2015-03-09 2015-03-10
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the browser plugin for PTC Creo View allows remote attackers to execute arbitrary code via vectors involving setting a large buffer to an unspecified attribute.
10 CVE-2015-2052 119 Exec Code Overflow 2015-02-23 2015-02-24
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface.
11 CVE-2015-1802 119 DoS Exec Code Overflow 2015-03-20 2015-03-26
8.5
None Remote Medium Single system Complete Complete Complete
The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.
12 CVE-2015-1572 119 Exec Code Overflow 2015-02-24 2015-03-23
4.6
None Local Low Not required Partial Partial Partial
Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.
13 CVE-2015-1548 119 Overflow +Info 2015-02-10 2015-02-11
5.0
None Remote Low Not required Partial None None
mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read.
14 CVE-2015-1500 119 Exec Code Overflow 2015-02-16 2015-02-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in the TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via unspecified vectors to (1) graphManager.load or (2) factory.load.
15 CVE-2015-1495 119 Exec Code Overflow 2015-02-16 2015-02-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in Motorola Scanner SDK allow remote attackers to execute arbitrary code via a crafted string to the Open method in (1) IOPOSScanner.ocx or (2) IOPOSScale.ocx.
16 CVE-2015-1462 119 Overflow 2015-02-03 2015-02-23
7.5
None Remote Low Not required Partial Partial Partial
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."
17 CVE-2015-1461 119 Overflow 2015-02-03 2015-02-23
7.5
None Remote Low Not required Partial Partial Partial
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."
18 CVE-2015-1449 119 Exec Code Overflow 2015-02-02 2015-02-04
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors.
19 CVE-2015-1362 119 1 Exec Code Overflow 2015-01-27 2015-01-28
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote attackers to execute arbitrary code via a long string in the maker element in an XML file.
20 CVE-2015-1360 119 DoS Overflow 2015-01-27 2015-02-20
7.5
None Remote Low Not required Partial Partial Partial
Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and gpu/GrDistanceFieldTextContext.cpp, a different vulnerability than CVE-2015-1205.
21 CVE-2015-1348 119 DoS Overflow 2015-02-03 2015-02-04
7.8
None Remote Low Not required None None Complete
Heap-based buffer overflow in Aruba Instant (IAP) with firmware before 4.0.0.7 and 4.1.x before 4.1.1.2 allows remote attackers to cause a denial of service (crash or reset to factory default) via a malformed frame to the wireless interface.
22 CVE-2015-1345 119 DoS Overflow 2015-02-12 2015-02-12
2.1
None Local Low Not required None None Partial
The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.
23 CVE-2015-1315 119 Exec Code Overflow 2015-02-23 2015-02-24
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8.
24 CVE-2015-1232 119 DoS Overflow 2015-03-08 2015-03-09
7.5
None Remote Low Not required Partial Partial Partial
Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212.
25 CVE-2015-1225 119 DoS Overflow 2015-03-08 2015-03-11
5.0
None Remote Low Not required None None Partial
PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
26 CVE-2015-1215 119 DoS Overflow 2015-03-08 2015-03-16
7.5
None Remote Low Not required Partial Partial Partial
The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.
27 CVE-2015-1213 119 DoS Overflow 2015-03-08 2015-03-16
7.5
None Remote Low Not required Partial Partial Partial
The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.
28 CVE-2015-1065 119 Exec Code Overflow 2015-03-12 2015-03-25
5.4
None Local Network Medium Not required Partial Partial Partial
Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery.
29 CVE-2015-0982 119 Exec Code Overflow 2015-03-13 2015-03-16
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in an unspecified DLL in Schneider Electric Pelco DS-NVs before 7.8.90 allows remote attackers to execute arbitrary code via unspecified vectors.
30 CVE-2015-0979 119 Exec Code Overflow 2015-03-13 2015-03-16
9.0
None Remote Low Not required Partial Partial Complete
Heap-based buffer overflow in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via a crafted packet.
31 CVE-2015-0973 119 Exec Code Overflow 2015-01-18 2015-02-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.
32 CVE-2015-0880 119 Exec Code Overflow 2015-02-20 2015-03-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in CREAR AL-Mail32 before 1.13d allows remote attackers to execute arbitrary code via a long filename of an attachment.
33 CVE-2015-0829 119 Exec Code Overflow 2015-02-25 2015-03-26
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback.
34 CVE-2015-0827 119 Overflow +Info 2015-02-25 2015-03-26
4.3
None Remote Medium Not required Partial None None
Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic.
35 CVE-2015-0826 119 DoS Exec Code Overflow 2015-02-25 2015-03-26
6.8
None Remote Medium Not required Partial Partial Partial
The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) via a crafted Cascading Style Sheets (CSS) token sequence that triggers a restyle or reflow operation.
36 CVE-2015-0825 119 Overflow +Info 2015-02-25 2015-03-26
4.3
None Remote Medium Not required Partial None None
Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback.
37 CVE-2015-0824 119 DoS Overflow 2015-02-25 2015-03-26
5.0
None Remote Low Not required None None Partial
The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and application crash) via vectors that trigger use of DrawTarget and the Cairo library for image drawing.
38 CVE-2015-0564 119 DoS Overflow 2015-01-09 2015-03-23
5.0
None Remote Low Not required None None Partial
Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session.
39 CVE-2015-0555 119 Exec Code Overflow 2015-02-24 2015-02-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue function.
40 CVE-2015-0327 119 Exec Code Overflow 2015-02-05 2015-02-20
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0323.
41 CVE-2015-0324 119 Exec Code Overflow 2015-02-05 2015-02-20
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors.
42 CVE-2015-0323 119 Exec Code Overflow 2015-02-05 2015-02-20
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0327.
43 CVE-2015-0309 119 Exec Code Overflow 2015-01-13 2015-02-13
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0304.
44 CVE-2015-0307 119 DoS Overflow +Info 2015-01-13 2015-02-13
8.5
None Remote Low Not required Partial None Complete
Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors.
45 CVE-2015-0304 119 Exec Code Overflow 2015-01-13 2015-02-13
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0309.
46 CVE-2015-0292 119 DoS Overflow Mem. Corr. 2015-03-19 2015-03-26
7.5
None Remote Low Not required Partial Partial Partial
Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.
47 CVE-2015-0247 119 Exec Code Overflow 2015-02-17 2015-03-23
4.6
None Local Low Not required Partial Partial Partial
Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.
48 CVE-2015-0235 119 Exec Code Overflow 2015-01-28 2015-03-26
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
49 CVE-2015-0206 119 DoS Overflow 2015-01-08 2015-03-26
5.0
None Remote Low Not required None None Partial
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.
50 CVE-2015-0074 119 DoS Overflow 2015-03-11 2015-03-17
4.3
None Remote Medium Not required None None Partial
Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly allocate memory, which allows remote attackers to cause a denial of service via a crafted (1) web site or (2) file, aka "Adobe Font Driver Denial of Service Vulnerability."
Total number of vulnerabilities : 5425   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.