Vulnerabilities > Improper Restriction of Operations within the Bounds of a Memory Buffer

DATE CVE VULNERABILITY TITLE RISK
2016-01-21 CVE-2015-8472 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
network
low complexity
apple libpng CWE-119
7.3
2016-01-20 CVE-2016-1928 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Hana
Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978.
network
low complexity
sap CWE-119
critical
9.8
2016-01-20 CVE-2016-1901 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.
network
low complexity
fedoraproject cgit-project CWE-119
critical
9.8
2016-01-20 CVE-2016-1867 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Jasper Project Jasper 1.900.1
The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
network
low complexity
jasper-project CWE-119
6.5
2016-01-20 CVE-2015-5295 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero.
network
low complexity
openstack redhat oracle fedoraproject CWE-119
5.4
2016-01-19 CVE-2016-1907 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openbsd Openssh
The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
network
low complexity
openbsd CWE-119
5.3
2016-01-19 CVE-2015-5590 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP
Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension.
network
low complexity
php CWE-119
7.3
2016-01-15 CVE-2016-0860 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess
Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request.
network
low complexity
advantech CWE-119
7.5
2016-01-15 CVE-2016-0857 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess
Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
advantech CWE-119
critical
9.8
2016-01-15 CVE-2016-0856 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Webaccess
Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
advantech CWE-119
critical
9.8