CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

13,972 vulnerabilities with CWE-119
CVE-2021-1137 HIGH
Cisco Catalyst SD-WAN Manager 20.4-20.4.1 and SD-WAN vManage < 19.2.4 - Remote Code Execution and Privilege Escalation
CVSS 7.8
CVE-2021-30454 CRITICAL
outer_cgi <0.2.1 - Memory Corruption
CVSS 9.8
CVE-2021-22991 CRITICAL KEV
BIG-IP <16.0.1.1, <15.1.2.1, <14.1.4, <13.1.3.6, <12.1.5.3 - DoS/RCE
CVSS 9.8
CVE-2021-3470 MEDIUM
Redis < 5.0.10, < 6.0.9, < 6.2.0 - Heap Overflow via Non-Jemalloc/Glibc Allocator
CVSS 5.3
CVE-2021-20285 MEDIUM
UPX 3.96 - Denial of Service via Crafted ELF File
CVSS 6.6
CVE-2021-20284 MEDIUM
GNU Binutils 2.35.1 - Heap-Based Buffer Overflow in _bfd_elf_slurp_secondary_reloc_section
CVSS 5.5
CVE-2021-29097 HIGH
Esri ArcGIS Engine/Pro/Map/Reader < 10.8.1/2.7 - Unauthenticated Buffer Overflow via Crafted File
CVSS 7.8
CVE-2021-1352 HIGH
Cisco IOS XE - Unauthenticated Denial of Service via DECnet Traffic Processing
CVSS 7.4
CVE-2021-1451 HIGH
Cisco IOS XE - Unauthenticated Remote Code Execution via Easy VSS Protocol Packet Buffer Overflow
CVSS 8.1
CVE-2021-1433 HIGH
Cisco IOS XE SD-WAN - Unauthenticated Buffer Overflow via Crafted Traffic
CVSS 8.1
CVE-2021-3409 MEDIUM
QEMU <= 5.2.0 - Denial of Service and Potential Code Execution via SDHCI Controller Emulation
CVSS 5.7
CVE-2021-22714 CRITICAL
PowerLogic ION7400-ION9000 - Buffer Overflow
CVSS 9.8
CVE-2021-22713 HIGH
PowerLogic ION Series - Denial of Service via Memory Buffer Overflow
CVSS 7.5
CVE-2021-22712 HIGH
Interactive Graphical SCADA System - Memory Corruption
CVSS 7.8
CVE-2021-22711 HIGH
IGSS Definition <15.0.0.21041 - Memory Corruption
CVSS 7.8
CVE-2021-22710 HIGH
Interactive Graphical SCADA System - Memory Corruption
CVSS 7.8
CVE-2021-22709 HIGH
Interactive Graphical SCADA System 15.0.0.21041 - Memory Corruption
CVSS 7.8
CVE-2021-26868 HIGH
Windows Graphics Component - Elevation of Privilege via Memory Buffer Overflow
CVSS 7.8
CVE-2021-20276 HIGH
Privoxy < 3.0.32 - Denial of Service via Invalid PCRE Pattern
CVSS 7.5
CVE-2021-20275 HIGH
Privoxy < 3.0.32 - Denial of Service via Invalid Read in chunked_body_is_complete
CVSS 7.5
CVE-2021-28036 HIGH
quinn < 0.5.4 - Memory Corruption via SocketAddr Data Structure Cast
CVSS 7.5
CVE-2021-3404 HIGH
ytnef 1.9.3 - Heap Buffer Overflow via Crafted File
CVSS 7.8
CVE-2021-26561 CRITICAL
Synology DiskStation Manager < 6.2.3-25426-3 - Stack-Based Buffer Overflow via syno_finder_site HTTP Header
CVSS 9.0
CVE-2021-3410 HIGH
libcaca v0.99.beta19 - Buffer Overflow in caca_resize Function
CVSS 7.8
CVE-2021-22649 HIGH
Luxion KeyShot < 10.1 - Remote Code Execution via Crafted Project File
CVSS 7.8
Details
Vulnerabilities 13,972
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits