CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

13,989 vulnerabilities with CWE-119
CVE-2018-19492 HIGH
gnuplot - Buffer Overflow via Missing Size Check in cairotrm_options
CVSS 7.8
CVE-2018-19491 HIGH
gnuplot - Buffer Overflow via PS_options Function
CVSS 7.8
CVE-2018-19459 HIGH
Adult Filter 1.0 - Buffer Overflow via Black Domain List File
CVSS 7.8
CVE-2018-19417 CRITICAL
contiki-ng < 4.2 - Remote Code Execution via MQTT PUBLISH Message Buffer Overflow
CVSS 10.0
CVE-2018-18861 CRITICAL
PCMan FTP Server 2.0.7 - Remote Code Execution via APPE Command Buffer Overflow
CVSS 9.8
CVE-2018-18440 HIGH
DENX U-Boot through 2018.09-rc1 - Buffer Overflow via Crafted Kernel Image
CVSS 7.8
CVE-2018-18439 CRITICAL
DENX U-Boot <= 2018.09-rc1 - Buffer Overflow via TFTP Traffic
CVSS 9.8
CVE-2018-18759 HIGH
Modbus Slave 7.0.0 - Buffer Overflow
CVSS 7.5
CVE-2018-18756 HIGH
Local Server 1.0.9 - Buffer Overflow via Crafted Data on Port 4008
CVSS 7.5
CVE-2018-0684 CRITICAL
Denbun POP < V3.3P R3.0 and Denbun IMAP < V3.3I R3.0 - Remote Code Execution via Multipart/Form-Data
CVSS 9.8
CVE-2018-0683 CRITICAL
Denbun IMAP and POP < 3.3i_r4.0 and < 3.3p_r4.0 - Buffer Overflow via Cookie Data
CVSS 9.8
CVE-2018-19278 HIGH
Asterisk <15.6.2-16.0.1 - Buffer Overflow
CVSS 7.5
CVE-2018-9533 HIGH
Android - Remote Code Execution via Missing Bounds Check in ixheaacd_dec_data_init
CVSS 8.8
CVE-2018-8552 HIGH
Internet Explorer <11 - Info Disclosure
CVSS 7.5
CVE-2018-8476 CRITICAL
Windows Deployment Services TFTP Server - RCE
CVSS 9.8
CVE-2018-17614 HIGH
Losant Arduino MQTT Client < V2.7 - RCE
CVSS 8.8
CVE-2018-19219 MEDIUM
libsass 3.5-stable - Denial of Service via Illegal Address Access in Sass::Eval::operator
CVSS 6.5
CVE-2018-19183 HIGH
ethereumjs-vm 2.4.0 - Denial of Service via Code Buffer Handling
CVSS 7.5
CVE-2018-18920 HIGH
Py-EVM v0.2.0-alpha.33 - Denial of Service via Invalid Opcode in Bytecode Execution
CVSS 8.8
CVE-2018-19150 HIGH
pdfforge PDF Architect 6 - Memory Corruption in PDMODELProvidePDModelHFT
CVSS 7.8
CVE-2018-19130 MEDIUM
Libav 12.3 - Denial of Service via Crafted AAC File
CVSS 6.5
CVE-2018-17907 LOW
Omron CX-Supervisor <3.4.1.0 - Info Disclosure
CVSS 3.3
CVE-2018-17905 HIGH
Omron CX-Supervisor <3.4.1.0 - Memory Corruption
CVSS 7.8
CVE-2018-18956 HIGH
Suricata 4.0.0-4.0.5 - Denial of Service via SMTP Parser MIME Entity Processing
CVSS 7.5
CVE-2018-18820 HIGH
Icecast < 2.4.4 - Buffer Overflow in URL-Authentication Backend
CVSS 8.1
Details
Vulnerabilities 13,989
Exploit Likelihood High