CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

13,993 vulnerabilities with CWE-119
CVE-2017-11309 CRITICAL
Avaya IP Office < 10.1.1 - Remote Code Execution via SoftConsole Long Response
CVSS 9.6
CVE-2017-16671 HIGH
Asterisk 13.0.0-13.18.0, 14.0.0-14.7.0, 15.0.0-15.1.0 & Certified Asterisk <13.13-cert7 Buffer Overflow
CVSS 8.8
CVE-2017-16669 HIGH
GraphicsMagick 1.3.26 - Heap-Based Buffer Overflow in WPG Image Coder
CVSS 8.8
CVE-2017-12824 HIGH
InPage - Remote Code Execution via Crafted Document
CVSS 7.8
CVE-2017-14016 MEDIUM
Advantech WebAccess <V8.2_20170817 - Buffer Overflow
CVSS 6.3
CVE-2017-16546 HIGH
ImageMagick - Denial of Service via Malformed WPG File Colormap Index
CVSS 8.8
CVE-2017-16534 MEDIUM
Linux Kernel < 4.4.92 - Denial of Service via cdc_parse_cdc_header Out-of-Bounds Read
CVSS 6.8
CVE-2017-16531 MEDIUM
Linux Kernel < 3.2.95 - Denial of Service via USB_DT_INTERFACE_ASSOCIATION Descriptor
CVSS 6.6
CVE-2017-16526 HIGH
Linux Kernel < 4.13.6 - Denial of Service via Crafted USB Device
CVSS 7.8
CVE-2017-16513 HIGH
Ipswitch WS_FTP Pro <12.6.0.3 - Buffer Overflow
CVSS 7.8
CVE-2017-11767 CRITICAL
ChakraCore - Memory Corruption in Scripting Engine
CVSS 9.8
CVE-2017-12283 MEDIUM
Cisco Aironet 3800 Series Access Points - Unauthenticated Denial of Service via Spoofed 802.11w PAF Frames
CVSS 6.1
CVE-2017-12282 MEDIUM
Cisco Wireless LAN Controllers - DoS
CVSS 6.1
CVE-2017-12280 HIGH
Cisco Wireless LAN Controllers - DoS
CVSS 7.5
CVE-2017-12278 MEDIUM
Cisco Wireless LAN Controllers - DoS
CVSS 6.3
CVE-2017-10870 HIGH
Justsystems Easy Postcard 2016 - Memory Corruption
CVSS 7.8
CVE-2017-16357 HIGH
radare2 2.0.1 - Memory Corruption in ELF Version Info Storage
CVSS 7.8
CVE-2017-16352 HIGH
GraphicsMagick 1.3.26 - Buffer Overflow
CVSS 8.8
CVE-2017-1000257 CRITICAL
libcurl 7.20.0-7.55.1 - Heap-Based Buffer Over-Read via IMAP FETCH Response
CVSS 9.1
CVE-2017-15950 HIGH
Flexense SyncBreeze Enterprise 10.1.16 - Buffer Overflow via Destination Directory Field
CVSS 7.8
CVE-2017-15597 CRITICAL
Xen < 4.9.0 - Denial of Service via Grant Copying Memory Corruption
CVSS 9.1
CVE-2017-15996 HIGH
GNU Binutils 2.29 - Denial of Service via Crafted ELF File
CVSS 7.8
CVE-2017-15954 MEDIUM
Debian Linux - Memory Corruption
CVSS 5.5
CVE-2017-15953 MEDIUM
Debian Linux - Memory Corruption
CVSS 5.5
CVE-2017-15938 HIGH
GNU Binutils 2.29 - Denial of Service via DW_FORM_ref_addr Miscalculation
CVSS 7.5
Details
Vulnerabilities 13,993
Exploit Likelihood High