Vulnerabilities > Improper Restriction of Operations within the Bounds of a Memory Buffer

DATE CVE VULNERABILITY TITLE RISK
2016-10-13 CVE-2016-6940 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, and CVE-2016-7019.
network
low complexity
adobe CWE-119
critical
9.8
2016-10-13 CVE-2016-6939 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products
Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6994.
network
low complexity
adobe CWE-119
critical
9.8
2016-10-13 CVE-2016-3638 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP SLD Registration
SAP SLD Registration Program (aka SLDREG) allows local users to cause a denial of service (memory corruption and process termination) via a crafted HOST parameter, aka SAP Security Note 2125623.
local
low complexity
sap CWE-119
5.5
2016-10-10 CVE-2016-6695 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted visualizer data length, aka Qualcomm internal bug CR 1033540.
network
low complexity
google CWE-119
critical
9.8
2016-10-10 CVE-2016-6676 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
Off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application that makes a GET_CFG ioctl call, aka Android internal bug 30874066 and Qualcomm internal bug CR 1000853.
local
low complexity
google CWE-119
7.8
2016-10-10 CVE-2016-6675 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
Off-by-one error in CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application that makes a linkspeed ioctl call, aka Android internal bug 30873776 and Qualcomm internal bug CR 1000861.
local
low complexity
google CWE-119
7.8
2016-10-10 CVE-2016-3934 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_cci_i2c.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices relies on variable-length arrays, which allows attackers to gain privileges via a crafted application, aka Android internal bug 30102557 and Qualcomm internal bug CR 789704.
local
low complexity
google CWE-119
7.8
2016-10-10 CVE-2016-3916 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30741779.
local
low complexity
google CWE-119
7.8
2016-10-06 CVE-2016-1453 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Nx-Os
Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701.
network
low complexity
cisco CWE-119
critical
9.8
2016-10-05 CVE-2016-6416 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products
The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) devices 9.6.0-000 through 9.9.6-026, Web Security Appliance (WSA) devices 9.0.0-162 through 9.5.0-444, and Content Security Management Appliance (SMA) devices allows remote attackers to cause a denial of service via a flood of FTP traffic, aka Bug IDs CSCuz82907, CSCuz84330, and CSCuz86065.
network
high complexity
cisco CWE-119
5.9