CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

13,998 vulnerabilities with CWE-119
CVE-2017-8604 HIGH
Microsoft Edge - Remote Code Execution via JavaScript Engine Memory Corruption
CVSS 7.5
CVE-2017-8603 HIGH
Microsoft Edge - Remote Code Execution via JavaScript Engine Memory Corruption
CVSS 7.5
CVE-2017-8601 HIGH
Microsoft Edge - Remote Code Execution via JavaScript Engine Memory Corruption
CVSS 7.5
CVE-2017-8598 HIGH
Microsoft Edge - Remote Code Execution via JavaScript Engine Memory Corruption
CVSS 7.5
CVE-2017-8596 HIGH
Microsoft Edge - Remote Code Execution via JavaScript Engine Memory Corruption
CVSS 7.5
CVE-2017-8595 HIGH
Microsoft Edge - Remote Code Execution via JavaScript Engine Memory Corruption
CVSS 7.5
CVE-2017-8594 HIGH
Internet Explorer on Windows 8.1/RT 8.1/Server 2012 R2 - Remote Code Execution via Memory Corruption
CVSS 7.5
CVE-2017-8502 HIGH
Microsoft Excel - Remote Code Execution via Memory Corruption
CVSS 7.8
CVE-2017-8501 HIGH
Microsoft Excel - Remote Code Execution via Memory Corruption
CVSS 7.8
CVE-2017-0243 HIGH
Microsoft Office and Business Productivity Servers - Remote Code Execution via Memory Object Handling
CVSS 7.8
CVE-2017-6731 HIGH
Cisco IOS XR - Unauthenticated Denial of Service via MSDP Ingress Packet Processing
CVSS 7.5
CVE-2017-11111 HIGH
Netwide Assembler 2.14rc0 - Denial of Service via Crafted File
CVSS 7.8
CVE-2017-9629 CRITICAL
Schneider-electric Wonderware Archestra Logger < 2017.426.2307.1 - Memory Corruption
CVSS 9.8
CVE-2017-0340 HIGH
Android NVIDIA Libnvparser - Memory Corruption and Remote Code Execution via memcpy Buffer Overflow
CVSS 7.8
CVE-2017-2184 HIGH
KDDI HOME SPOT CUBE2 Firmware <= V101 - Buffer Overflow via WebUI
CVSS 8.8
CVE-2017-0706 MEDIUM
Android - Elevation of Privilege in Broadcom Wi-Fi Driver
CVSS 6.8
CVE-2017-0689 MEDIUM
Android 5.0.2 5.1.1 6.0 6.0.1 7.0 7.1.1 7.1.2 - Denial of Service in Media Framework
CVSS 5.5
CVE-2017-8290 HIGH
TeamSpeak Server 3.0.13.6 - Buffer Overflow via BB Code Handling
CVSS 7.5
CVE-2017-10971 HIGH
X.Org X Server < 1.19.3 - Authenticated Stack Overflow in X Event Endianness Conversion
CVSS 8.8
CVE-2017-9927 HIGH
SWFTools 2013-04-09-1007 - Denial of Service via Crafted PNG File
CVSS 8.8
CVE-2017-9926 HIGH
SWFTools 2013-04-09-1007 - Denial of Service via Crafted File
CVSS 8.8
CVE-2017-9925 HIGH
SWFTools 2013-04-09-1007 - Remote Code Execution via Crafted PNG File
CVSS 8.8
CVE-2017-9924 HIGH
SWFTools 2013-04-09-1007 - Remote Code Execution via Crafted PNG File
CVSS 8.8
CVE-2017-9923 HIGH
IrfanView <4.44 (32bit) with TOOLS Plugin 4.50 - RCE/DoS
CVSS 7.8
CVE-2017-9922 HIGH
IrfanView 4.44 (32bit) with TOOLS Plugin 4.50 - DoS/RCE
CVSS 7.8
Details
Vulnerabilities 13,998
Exploit Likelihood High