Vulnerabilities > Improper Restriction of Operations within the Bounds of a Memory Buffer

DATE CVE VULNERABILITY TITLE RISK
2016-09-19 CVE-2016-5814 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rockwellautomation products
Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remote attackers to execute arbitrary code via a crafted RSS project file.
local
low complexity
rockwellautomation CWE-119
8.6
2016-09-18 CVE-2016-4705 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Xcode
otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4704.
local
low complexity
apple CWE-119
7.8
2016-09-18 CVE-2016-4704 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Xcode
otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4705.
local
low complexity
apple CWE-119
7.8
2016-09-17 CVE-2016-7418 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.
network
low complexity
php CWE-119
7.5
2016-09-17 CVE-2016-7416 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP
ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a MessageFormatter::formatMessage call with a long first argument.
network
low complexity
php CWE-119
7.5
2016-09-17 CVE-2016-7415 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Icu-Project International Components for Unicode
Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string.
network
low complexity
icu-project CWE-119
critical
9.8
2016-09-17 CVE-2016-7414 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP
The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c.
network
low complexity
php CWE-119
critical
9.8
2016-09-17 CVE-2016-7412 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP
ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.
network
high complexity
php CWE-119
8.1
2016-09-17 CVE-2016-7411 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP
ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an unserialize call that references a partially constructed object.
network
low complexity
php CWE-119
critical
9.8
2016-09-17 CVE-2016-6937 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, and CVE-2016-4270.
network
low complexity
adobe CWE-119
critical
9.8