CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,008 vulnerabilities with CWE-119
CVE-2016-6669 HIGH
Huawei AAA <V300R001C10SPC600 - Buffer Overflow
CVSS 7.5
CVE-2016-6525 CRITICAL
MuPDF - Buffer Overflow
CVSS 9.8
CVE-2016-3991 HIGH
LibTIFF <4.0.6 - Buffer Overflow
CVSS 7.8
CVE-2016-3990 HIGH
libtiff < 4.0.6 - Heap-Based Buffer Overflow in horizontalDifference8
CVSS 7.8
CVE-2016-7094 MEDIUM
Xen < 4.7.0 - Denial of Service via Pagetable Update
CVSS 4.1
CVE-2016-6354 CRITICAL
Flex <2.6.1 - Buffer Overflow
CVSS 9.8
CVE-2016-5017 HIGH
Apache ZooKeeper < 3.4.9 and 3.5.x < 3.5.3 - Buffer Overflow via C CLI Shell Batch Mode
CVSS 8.1
CVE-2016-4302 HIGH
libarchive <3.2.1 - Buffer Overflow
CVSS 7.8
CVE-2016-4301 HIGH
libarchive <3.2.1 - Buffer Overflow
CVSS 7.8
CVE-2016-5814 HIGH
Rockwell Automation RSLogix - Remote Code Execution via Crafted RSS Project File
CVSS 8.6
CVE-2016-4705 HIGH
Apple Xcode < 7.3.1 - Memory Corruption via otool
CVSS 7.8
CVE-2016-4704 HIGH
Apple Xcode < 7.3.1 - Memory Corruption via otool
CVSS 7.8
CVE-2016-7418 HIGH
PHP < 5.6.26 and 7.x < 7.0.11 - Denial of Service via WDDX Deserialization
CVSS 7.5
CVE-2016-7416 HIGH
PHP < 5.6.26 and 7.x < 7.0.11 - Denial of Service via Long Locale in MessageFormatter::formatMessage
CVSS 7.5
CVE-2016-7415 CRITICAL
International Components for Unicode < 57.1 - Stack-Based Buffer Overflow in Locale Class
CVSS 9.8
CVE-2016-7414 CRITICAL
PHP < 5.6.26 and 7.x < 7.0.11 - Denial of Service via Crafted PHAR Archive
CVSS 9.8
CVE-2016-7412 HIGH
PHP < 5.6.26 and 7.x < 7.0.11 - Denial of Service via MySQL BIT Field Metadata
CVSS 8.1
CVE-2016-7411 CRITICAL
PHP < 5.6.26 - Memory Corruption via Unserialize Call
CVSS 9.8
CVE-2016-6937 CRITICAL
Adobe Acrobat and Reader < 11.0.17 - Remote Code Execution via Memory Corruption
CVSS 9.8
CVE-2016-4262 CRITICAL
Adobe Digital Editions <4.5.2 - Memory Corruption
CVSS 9.8
CVE-2016-4261 CRITICAL
Adobe Digital Editions <4.5.2 - Memory Corruption
CVSS 9.8
CVE-2016-4260 CRITICAL
Adobe Digital Editions <4.5.2 - Memory Corruption
CVSS 9.8
CVE-2016-4259 CRITICAL
Adobe Digital Editions <4.5.2 - Memory Corruption
CVSS 9.8
CVE-2016-4258 CRITICAL
Adobe Digital Editions <4.5.2 - Memory Corruption
CVSS 9.8
CVE-2016-4257 CRITICAL
Adobe Digital Editions <4.5.2 - Memory Corruption
CVSS 9.8
Details
Vulnerabilities 14,008
Exploit Likelihood High