CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,008 vulnerabilities with CWE-119
CVE-2016-2505 HIGH
Android < 6.0.1 - Remote Code Execution via Crafted Media File in libstagefright
CVSS 7.8
CVE-2016-4463 HIGH
Apache Xerces-C++ < 3.1.4 - Denial of Service via Deeply Nested DTD
CVSS 7.5
CVE-2016-4998 HIGH
Linux Kernel < 4.6 - Denial of Service via IPT_SO_SET_REPLACE Out-of-Bounds Read
CVSS 7.1
CVE-2016-3955 CRITICAL
Linux Kernel < 4.5.3 - Denial of Service via USB/IP Packet Length Mismatch
CVSS 9.8
CVE-2016-2074 CRITICAL
Openvswitch - Memory Corruption
CVSS 9.8
CVE-2016-1425 MEDIUM
Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, 15.4(1.13)S - Denial of Service via Crafted LLDP Packet
CVSS 6.5
CVE-2016-1398 MEDIUM
Cisco RV110W RV130W RV215W - Authenticated Denial of Service via Crafted HTTP Request
CVSS 6.5
CVE-2016-4512 HIGH
Eaton ELCSoft < 2.4.01 - Remote Code Execution via Long Packet
CVSS 7.3
CVE-2016-4509 MEDIUM
Eaton ELCSoft < 2.4.01 - Authenticated Heap-Based Buffer Overflow via Crafted File
CVSS 6.0
CVE-2016-3988 HIGH
Meinberg IMS-LANTIME - Buffer Overflow
CVSS 7.3
CVE-2016-3962 HIGH
Meinberg IMS-LANTIME - Buffer Overflow
CVSS 7.3
CVE-2016-5228 CRITICAL
Micro Focus Rumba 9.x - Stack-based Buffer Overflow via PlayMacro MacroName Argument
CVSS 9.8
CVE-2016-1606 CRITICAL
Micro Focus Rumba <9.4 HF 13960 - Buffer Overflow
CVSS 9.8
CVE-2016-2870 LOW
IBM WebSphere DataPower XC10 Appliance Firmware 2.1 and 2.5 - Authenticated Denial of Service via CLI Buffer Overflow
CVSS 2.7
CVE-2016-1289 CRITICAL
Cisco Prime Infrastructure <3.0 - RCE
CVSS 9.8
CVE-2016-2211 HIGH
Symantec AntiVirus Decomposer Engine - Remote Code Execution via Crafted CAB File
CVSS 7.8
CVE-2016-2210 HIGH
Symantec Protection Engine Remote Code Execution via Crafted File
CVSS 7.3
CVE-2016-2209 HIGH
Symantec Protection Engine Remote Code Execution via Crafted File
CVSS 7.3
CVE-2016-5360 HIGH
Canonical Ubuntu Linux - Memory Corruption
CVSS 7.5
CVE-2016-4472 HIGH
libexpat < 2.1.1 - Denial of Service via Crafted XML Data
CVSS 8.1
CVE-2016-5232 MEDIUM
Huawei Mate8 NXT-AL NXT-CL NXT-DL NXT-TL - Buffer Overflow via Crafted App
CVSS 5.5
CVE-2016-5829 HIGH
Linux kernel <4.6.3 - Buffer Overflow
CVSS 7.8
CVE-2016-5728 MEDIUM
Linux kernel <4.6.1 - Info Disclosure
CVSS 6.3
CVE-2016-1583 HIGH
Linux kernel <4.6.3 - Privilege Escalation
CVSS 7.8
CVE-2016-0301 HIGH
IBM Domino <9.0.1 - Buffer Overflow
CVSS 7.8
Details
Vulnerabilities 14,008
Exploit Likelihood High