CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

13,993 vulnerabilities with CWE-119
CVE-2017-11059 HIGH
Android - Buffer Overflow via HMAC Key Setting During SHA Operations
CVSS 7.8
CVE-2017-11057 HIGH
Android - Memory Corruption via Flash Data in Compatibility Mode
CVSS 7.8
CVE-2017-11056 HIGH
Android - Memory Corruption via Userspace Buffer Access in Kernel Space
CVSS 7.8
CVE-2017-11053 HIGH
Android - Buffer Overflow in ConvertQosMapsetFrame()
CVSS 7.8
CVE-2017-11050 HIGH
Android - Buffer Overflow via pktlogconf Tool
CVSS 7.8
CVE-2017-14980 CRITICAL
Flexense Syncbreeze - Memory Corruption
CVSS 9.8
CVE-2017-13723 HIGH
X.Org Server < 1.19.4 - Authenticated Buffer Overflow via XKB Atom Injection
CVSS 7.8
CVE-2017-1000254 HIGH
libcurl - Heap Buffer Overflow via Malformed FTP PWD Response
CVSS 7.5
CVE-2017-15047 CRITICAL
Redis 4.0.2 - Denial of Service via Out-of-Bounds Array Index in clusterLoadConfig
CVSS 9.8
CVE-2017-15046 MEDIUM
LAME 3.97-3.99.5 - Stack-based Buffer Overflow in unpack_read_samples
CVSS 5.5
CVE-2017-14089 CRITICAL
Trend Micro OfficeScan <11.0 - Memory Corruption
CVSS 9.8
CVE-2017-14088 HIGH
Trend Micro OfficeScan 11.0 - Memory Corruption Privilege Escalation
CVSS 7.0
CVE-2017-12732 MEDIUM
GE CIMPLICITY < 9.0 - Stack-based Buffer Overflow via Packet Length Mismatch
CVSS 6.8
CVE-2017-2920 HIGH
Computerinsel Photoline >=20.02 <20.02 - Memory Corruption via SVG File Parsing
CVSS 7.8
CVE-2017-2880 HIGH
Computerinsel Photoline 20.02 - Memory Corruption via GIF Parsing
CVSS 7.8
CVE-2017-12106 HIGH
Computerinsel Photoline 20.02 - Memory Corruption
CVSS 8.8
CVE-2017-15035 HIGH
EmTec PyroBatchFTP < 3.17 - Denial of Service via Buffer Overflow
CVSS 7.5
CVE-2017-12270 HIGH
Cisco IOS XR - Denial of Service via Malformed HTTP/2 Frame
CVSS 7.5
CVE-2017-12267 MEDIUM
Cisco WAAS and vWAAS DoS via ICA Protocol Packet
CVSS 5.3
CVE-2017-1000253 HIGH KEV
Linux - Info Disclosure
CVSS 7.8
CVE-2017-1000118 HIGH
Akka HTTP <= 10.0.5 - Denial of Service via Illegal Media Range in Accept Header
CVSS 7.5
CVE-2017-1000101 MEDIUM
curl - Heap-Based Buffer Overflow via URL Globbing Range Parsing
CVSS 6.5
CVE-2017-15011 HIGH
Qt 5.x - Denial of Service via Named Pipes
CVSS 7.5
CVE-2017-12821 CRITICAL
Sentinel LDK RTE < 7.55 - Memory Corruption
CVSS 9.8
CVE-2017-12820 HIGH
Sentinel LDK RTE < 7.55 - Remote Denial of Service via Controlled Memory Pointer
CVSS 7.5
Details
Vulnerabilities 13,993
Exploit Likelihood High