CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

13,993 vulnerabilities with CWE-119
CVE-2017-11854 HIGH
Microsoft Word <2010 - Code Injection
CVSS 8.8
CVE-2017-11846 HIGH
Microsoft <various> - Privilege Escalation
CVSS 7.5
CVE-2017-11845 HIGH
Microsoft Edge < Windows 10 1703 - Code Injection
CVSS 7.5
CVE-2017-11843 HIGH
Microsoft Windows <10 - Privilege Escalation
CVSS 7.5
CVE-2017-11841 HIGH
ChakraCore and Microsoft Edge - Privilege Escalation
CVSS 7.5
CVE-2017-11840 HIGH
ChakraCore and Microsoft Edge - Privilege Escalation
CVSS 7.5
CVE-2017-11839 HIGH
Microsoft Edge - Remote Code Execution via Scripting Engine Memory Corruption
CVSS 7.5
CVE-2017-11838 HIGH
Microsoft Windows - Privilege Escalation
CVSS 7.5
CVE-2017-11837 HIGH
ChakraCore and Internet Explorer - Memory Corruption in Scripting Engine
CVSS 7.5
CVE-2017-11836 HIGH
ChakraCore, Microsoft Edge - Memory Corruption
CVSS 7.5
CVE-2017-11827 HIGH
Microsoft Browser <10.0 - Privilege Escalation
CVSS 7.5
CVE-2017-3893 LOW
BlackBerry QNX Software Development Platform <6.6.0 - Buffer Overflow
CVSS 1.9
CVE-2017-6274 CRITICAL
Google Android Pixel - Elevation of Privilege via Thermal Driver Out-of-Bounds Write
CVSS 9.8
CVE-2017-14024 CRITICAL
Schneider Electric InduSoft Web Studio and InTouch Machine Edition < 8.0 - Stack-based Buffer Overflow
CVSS 9.8
CVE-2017-16803 HIGH
Libav < 11.11 and 12.x < 12.1 - Denial of Service via Smacker Stream Recursion
CVSS 7.5
CVE-2017-10875 HIGH
I-O DATA DEVICE LAN DISK Connect <= 2.02 - Denial of Service
CVSS 7.5
CVE-2017-10871 CRITICAL
NTT DOCOMO Wi-Fi STATION L-02F Software <= L02F-MDM9625-V10h-JUN-23-2017-DCM-JP - Buffer Overflow
CVSS 9.8
CVE-2017-13843 HIGH
macOS < 10.13.1 - Kernel Memory Corruption via Crafted App
CVSS 7.8
CVE-2017-13838 HIGH
macOS < 10.13.1 - Memory Corruption and Privilege Escalation in Sandbox
CVSS 7.8
CVE-2017-13834 HIGH
macOS < 10.13.1 - Memory Corruption via Crafted Mach Binary
CVSS 7.8
CVE-2017-13833 HIGH
macOS < 10.13.1 - Remote Code Execution or Denial of Service in CFNetwork
CVSS 7.8
CVE-2017-13830 HIGH
macOS < 10.13.1 - Memory Corruption and Remote Code Execution in HFS
CVSS 7.8
CVE-2017-13829 HIGH
macOS < 10.13.1 - Remote Code Execution or Denial of Service in CFNetwork
CVSS 7.8
CVE-2017-13824 HIGH
macOS < 10.13.1 - Remote Code Execution via Crafted AppleScript File
CVSS 7.8
CVE-2017-13820 HIGH
macOS < 10.13.1 - Memory Corruption and Information Disclosure via Crafted Font
CVSS 7.1
Details
Vulnerabilities 13,993
Exploit Likelihood High