CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

13,990 vulnerabilities with CWE-119
CVE-2018-11224 MEDIUM
Libav 12.3 - Denial of Service via Read Access Violation in in_table_init16
CVSS 6.5
CVE-2018-3661 MEDIUM
Intel syscfg and selview < 14.0 - Denial of Service via Buffer Overflow
CVSS 5.5
CVE-2018-11102 HIGH
Libav 12.3 - Denial of Service via mov_probe Function
CVSS 7.5
CVE-2018-11100 HIGH
libming < 0.4.8 - Denial of Service via decompileSETTARGET Function
CVSS 8.8
CVE-2018-11095 HIGH
libming < 0.4.8 - Denial of Service via decompileJUMP Function
CVSS 8.8
CVE-2018-11033 HIGH
xpdf - Denial of Service via Crafted JPEG Data in DCTStream::readHuffSym
CVSS 7.8
CVE-2018-11017 HIGH
libming < 0.4.8 - Denial of Service via newVar_N Function
CVSS 8.8
CVE-2018-10996 CRITICAL
D-Link DIR-629-B1 Firmware - Buffer Overflow via REMOTE_ADDR Environment Variable
CVSS 9.8
CVE-2018-10655 HIGH
DeviceLock Plug and Play Auditor <5.72 - Buffer Overflow
CVSS 7.8
CVE-2018-8061 HIGH
HWiNFO AMD64 Kernel driver <8.98 - Memory Corruption
CVSS 7.1
CVE-2018-10958 MEDIUM
exiv2 0.26 - Denial of Service via Large Size Value in PngChunk zlibUncompress
CVSS 6.5
CVE-2018-8151 MEDIUM
Microsoft Exchange - Info Disclosure
CVSS 4.3
CVE-2018-10940 MEDIUM
Linux Kernel < 4.16.6 - Local Memory Read via CDROM_MEDIA_CHANGED ioctl
CVSS 5.5
CVE-2018-1089 HIGH
389 Directory Server < 1.3.6.15 - Unauthenticated Denial of Service via LDAP Search Filter
CVSS 7.5
CVE-2018-10184 HIGH
HAProxy < 1.8.8 - Heap-Based Buffer Overflow via H2 Frame Length Mismatch
CVSS 7.5
CVE-2018-10777 HIGH
mp3gain through 1.5.2-r2 - Buffer Overflow in WriteMP3GainAPETag
CVSS 7.8
CVE-2018-10774 MEDIUM
bibutils < 6.2 - Denial of Service via isiin_keyword Function
CVSS 6.5
CVE-2018-10772 MEDIUM
Exiv2 < 0.26 - Denial of Service via tEXtToDataBuf in pngimage.cpp
CVSS 6.5
CVE-2018-7507 HIGH
WPLSoft < 2.45.0 - Heap-Based Buffer Overflow via File Read
CVSS 8.8
CVE-2018-7494 HIGH
WPLSoft < 2.45.0 - Remote Code Execution via Stack Buffer Overflow
CVSS 8.8
CVE-2018-10750 HIGH
D-Link DSL-3782 EU 1.01 - Authenticated Memory Corruption via Diagnostics staticGet Parameter
CVSS 8.8
CVE-2018-10749 HIGH
D-Link DSL-3782 EU 1.01 - Authenticated Memory Corruption via Diagnostics Commit Parameter
CVSS 8.8
CVE-2018-10748 HIGH
D-Link DSL-3782 EU 1.01 - Authenticated Memory Corruption via Diagnostics Show Parameter
CVSS 8.8
CVE-2018-10747 HIGH
D-Link DSL-3782 EU 1.01 - Authenticated Memory Corruption via Diagnostics Unset Parameter
CVSS 8.8
CVE-2018-10746 HIGH
D-Link DSL-3782 EU 1.01 - Authenticated Memory Corruption via Diagnostics Component
CVSS 8.8
Details
Vulnerabilities 13,990
Exploit Likelihood High