CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

13,990 vulnerabilities with CWE-119
CVE-2018-4215 HIGH
iPhone OS < 11.4 - Buffer Overflow in Bluetooth Component
CVSS 7.8
CVE-2018-4214 HIGH
Safari < 11.1.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2018-4211 HIGH
Apple tvOS < 11.4 - Remote Code Execution via Crafted Font File
CVSS 7.8
CVE-2018-4206 HIGH
Apple tvOS < 11.4 - Remote Code Execution via Privileged Port Name Replacement
CVSS 7.8
CVE-2018-4204 HIGH
Safari < 11.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2018-4201 HIGH
Safari < 11.1.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2018-4199 HIGH
Safari < 11.1.1 - Remote Code Execution via Crafted Web Site
CVSS 8.8
CVE-2018-4193 HIGH
macOS < 10.13.5 - Memory Corruption in Windows Server Component
CVSS 7.8
CVE-2018-10505 MEDIUM
Trend Micro OfficeScan <11.0 SP1 - Privilege Escalation
CVSS 6.3
CVE-2018-10359 MEDIUM
Trend Micro OfficeScan <11.0 SP1 - Privilege Escalation
CVSS 6.3
CVE-2018-10358 MEDIUM
Trend Micro OfficeScan <11.0 SP1 - Privilege Escalation
CVSS 6.3
CVE-2018-10088 CRITICAL
XiongMai uc-httpd 1.0.0 - Buffer Overflow
CVSS 9.8
CVE-2018-0315 CRITICAL
Cisco IOS XE Fuji 16.7.1/16.8.1 - Unauthenticated Remote Code Execution or Denial of Service via AAA Username Parsing
CVSS 9.8
CVE-2018-3578 HIGH
Android - Heap Buffer Overflow in WLAN Driver via ie_len Type Mismatch
CVSS 7.8
CVE-2018-3565 HIGH
Android - Buffer Overflow in lim_send_sme_probe_req_ind()
CVSS 7.8
CVE-2018-3562 MEDIUM
Android - Buffer Over-Read in FILS Authentication Frame Processing
CVSS 5.5
CVE-2018-11596 MEDIUM
Espruino < 1.99 - Denial of Service via Buffer Overflow in Syntax Parser
CVSS 5.5
CVE-2018-11595 HIGH
Espruino < 1.99 - Denial of Service and Privilege Escalation via Buffer Overflow in Syntax Parser
CVSS 7.8
CVE-2018-11594 MEDIUM
Espruino < 1.99 - Denial of Service via Buffer Overflow in jsparse.c VOID Token Parsing
CVSS 5.5
CVE-2018-11578 MEDIUM
MiniUPnP ngiflib 0.4 - Denial of Service via GifIndexToTrueColor
CVSS 6.5
CVE-2018-11498 HIGH
Lizard v1.0 and LZ5 v2.0 - Remote Code Execution via Unchecked Buffer in Lizard_decompress_LIZv1
CVSS 7.8
CVE-2018-1565 HIGH
IBM DB2 9.7, 10.1, 10.5, 11.1 - Local Privilege Escalation via Buffer Overflow
CVSS 8.4
CVE-2018-1544 HIGH
IBM DB2 9.7, 10.1, 10.5, 11.1 - Local Privilege Escalation via Buffer Overflow
CVSS 8.4
CVE-2018-1515 HIGH
IBM DB2 10.5 and 11.1 - Local Privilege Escalation via Buffer Overflow
CVSS 7.4
CVE-2018-1488 HIGH
IBM DB2 10.5 and 11.1 - Authenticated Buffer Overflow
CVSS 8.4
Details
Vulnerabilities 13,990
Exploit Likelihood High