CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

13,999 vulnerabilities with CWE-119
CVE-2017-2537 HIGH
macOS < 10.12.5 - Remote Code Execution or Denial of Service in WindowServer
CVSS 7.8
CVE-2017-2536 HIGH
Safari < 10.1.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2531 HIGH
Safari < 10.1.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2530 HIGH
iCloud < 6.2.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2527 CRITICAL
macOS < 10.12.5 - Remote Code Execution in CoreAnimation
CVSS 9.8
CVE-2017-2526 HIGH
Safari < 10.1.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2525 HIGH
Safari < 10.1.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2524 CRITICAL
iPhone OS < 10.3.2, macOS < 10.12.5, tvOS < 10.2.1, watchOS < 3.2.2 - Remote Code Execution in TextInput Component
CVSS 9.8
CVE-2017-2523 CRITICAL
iPhone OS < 10.3.2, macOS < 10.12.5, tvOS < 10.2.1, watchOS < 3.2.2 - Remote Code Execution in Foundation
CVSS 9.8
CVE-2017-2522 CRITICAL
iPhone OS < 10.3.2, macOS < 10.12.5, tvOS < 10.2.1, watchOS < 3.2.2 - Remote Code Execution in CoreFoundation
CVSS 9.8
CVE-2017-2521 HIGH
iPhone OS < 10.3.2, macOS < 10.12.5, tvOS < 10.2.1, watchOS < 3.2.2 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2515 HIGH
iPhone OS < 10.3.1, Safari < 10.1, tvOS < 10.2 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2514 HIGH
iPhone OS < 10.3.1 and Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2512 HIGH
macOS < 10.12.5 - Sandbox Escape and Denial of Service via Memory Corruption
CVSS 7.8
CVE-2017-2506 HIGH
Safari < 10.1.1 - Remote Code Execution via Memory Corruption in WebKit
CVSS 8.8
CVE-2017-2505 HIGH
Safari < 10.1.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2503 HIGH
macOS < 10.12.5 - Memory Corruption in Intel Graphics Driver
CVSS 7.8
CVE-2017-2499 HIGH
Safari < 10.1.1 - Remote Code Execution via WebKit Web Inspector
CVSS 7.8
CVE-2017-2496 HIGH
iPhone OS < 10.3.2 and Safari < 10.1.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2494 HIGH
macOS < 10.12.4 - Kernel Memory Corruption
CVSS 7.8
CVE-2017-6633 HIGH
Cisco UCS C-Series Rack Servers 3.0(0.234) - Unauthenticated Denial of Service via TCP SYN Flood
CVSS 7.5
CVE-2017-9139 LOW
Tenda routers <1.2.0.20 - Buffer Overflow
CVSS 3.5
CVE-2017-9138 HIGH
Tenda Router <1.2.0.20 - Command Injection
CVSS 8.0
CVE-2017-6025 CRITICAL
CODESYS Web Server < 2.3 - Stack Buffer Overflow via XML String Handling
CVSS 9.8
CVE-2017-5177 HIGH
VIPA Controls WinPLC7 <5.0.45.5921 - Buffer Overflow
CVSS 7.5
Details
Vulnerabilities 13,999
Exploit Likelihood High