CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,008 vulnerabilities with CWE-119
CVE-2016-6939 CRITICAL
Adobe Acrobat and Reader < 11.0.18, Acrobat DC < 15.006.30243, Acrobat Reader DC < 15.020.20039 - Remote Code Execution
CVSS 9.8
CVE-2016-3638 MEDIUM
SAP SLD Registration - Denial of Service via HOST Parameter
CVSS 5.5
CVE-2016-6695 CRITICAL
Android < 7.0 - Denial of Service via Crafted Visualizer Data Length
CVSS 9.8
CVE-2016-6676 HIGH
Android < 7.0 - Buffer Overflow via Wi-Fi Driver GET_CFG ioctl Call
CVSS 7.8
CVE-2016-6675 HIGH
Android < 7.0 - Buffer Overflow via Linkspeed IOCTL Call
CVSS 7.8
CVE-2016-3934 HIGH
Qualcomm camera driver <2016-10-05 - Privilege Escalation
CVSS 7.8
CVE-2016-3916 HIGH
Android Camera Service - Privilege Escalation via Crafted Application
CVSS 7.8
CVE-2016-1453 CRITICAL
Cisco NX-OS 5.0-7.3 - Remote Code Execution via OTV GRE Packet Header
CVSS 9.8
CVE-2016-6416 MEDIUM
Cisco Email, Web, and Content Security Appliances DoS via FTP Traffic Flood
CVSS 5.9
CVE-2016-1246 HIGH
DBD::mysql < 4.036 - Buffer Overflow via Error Message Handling
CVSS 7.5
CVE-2016-8276 CRITICAL
Huawei USG2100-5500 - Buffer Overflow
CVSS 9.8
CVE-2016-1243 CRITICAL
unADF < - Buffer Overflow
CVSS 9.8
CVE-2016-7045 HIGH
Irssi < 0.8.19 - Denial of Service via Format String Length Handling
CVSS 7.5
CVE-2016-7044 HIGH
Irssi < 0.8.19 - Denial of Service via Incomplete 24bit Color Code
CVSS 7.5
CVE-2016-4779 HIGH
Apple OS X < 10.11.6 - Remote Code Execution via Crafted Font File
CVSS 7.8
CVE-2016-4775 HIGH
Apple macOS < 10.12.0, tvOS < 10.0, and watchOS < 3.0 - Local Privilege Escalation via Memory Corruption
CVSS 7.8
CVE-2016-4769 HIGH
Apple iTunes < 12.5.1 and Safari < 10 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2016-4768 HIGH
Safari < 10.0 - Remote Code Execution via Memory Corruption
CVSS 8.8
CVE-2016-4767 HIGH
Safari < 10.0 - Remote Code Execution via Memory Corruption
CVSS 8.8
CVE-2016-4766 HIGH
Safari < 10.0 - Remote Code Execution via Memory Corruption
CVSS 8.8
CVE-2016-4765 HIGH
Safari < 10.0 - Remote Code Execution via Memory Corruption
CVSS 8.8
CVE-2016-4762 HIGH
Safari < 9.1.3 - Remote Code Execution via Memory Corruption
CVSS 8.8
CVE-2016-4759 HIGH
Safari < 10.0 - Remote Code Execution via Memory Corruption
CVSS 8.8
CVE-2016-4750 HIGH
Apple iOS < 10 and macOS < 10.12 - Memory Corruption in S2 Camera
CVSS 7.8
CVE-2016-4738 HIGH
Apple iOS < 10, macOS < 10.12, tvOS < 10, watchOS < 3 - Remote Code Execution via libxslt Memory Corruption
CVSS 8.8
Details
Vulnerabilities 14,008
Exploit Likelihood High