CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,008 vulnerabilities with CWE-119
CVE-2016-4528 MEDIUM
Advantech WebAccess < 8.1 - Denial of Service via Crafted DLL File
CVSS 5.0
CVE-2016-4519 CRITICAL
Unitronics VisiLogic OPLC IDE < 9.8.30 - Remote Code Execution via Crafted ZIP Filename in VLP File
CVSS 9.8
CVE-2016-1436 HIGH
Cisco ASR 5000 Software - Denial of Service via Crafted GTPv1 Packet
CVSS 7.5
CVE-2016-1861 HIGH
macOS < 10.11.5 - Remote Code Execution in NVIDIA Graphics Drivers
CVSS 7.8
CVE-2016-1424 MEDIUM
Cisco IOS 15.2(1)T1.11 and 15.2(2)TST - Denial of Service via Crafted LLDP Packet
CVSS 6.5
CVE-2016-1397 MEDIUM
Cisco RV110W RV130W RV215W - Authenticated Denial of Service via Crafted Configuration Commands
CVSS 6.5
CVE-2016-3062 HIGH
Libav < 11.7 and FFmpeg < 0.11 - Remote Code Execution via MP4 dref Box Entries
CVSS 8.8
CVE-2016-4167 CRITICAL
Adobe DNG Software Development Kit < 1.4.2012 - Remote Code Execution
CVSS 9.8
CVE-2016-4163 CRITICAL
Adobe Flash Player <18.0.0.352,19.x-21.x - Memory Corruption
CVSS 9.8
CVE-2016-4162 CRITICAL
Adobe Flash Player <18.0.0.352, 19.x-21.x - Memory Corruption
CVSS 9.8
CVE-2016-4161 CRITICAL
Adobe Flash Player <18.0.0.352, 19.x-21.x - Memory Corruption
CVSS 9.8
CVE-2016-4160 CRITICAL
Adobe Flash Player <18.0.0.352, 19.x-21.x - Memory Corruption
CVSS 9.8
CVE-2016-4120 CRITICAL
Adobe Flash Player <18.0.0.352,19.x-21.x - Memory Corruption
CVSS 9.8
CVE-2016-3233 HIGH
Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 - Remote Code Execution
CVSS 7.3
CVE-2016-3222 HIGH
Microsoft Edge - Remote Code Execution via Memory Corruption
CVSS 8.8
CVE-2016-3214 HIGH
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Memory Corruption
CVSS 8.8
CVE-2016-3211 HIGH
Internet Explorer 9-11 - Remote Code Execution via Memory Corruption
CVSS 8.8
CVE-2016-3210 HIGH
Internet Explorer 11 - Remote Code Execution via Scripting Engine Memory Corruption
CVSS 8.8
CVE-2016-3207 HIGH
Microsoft JScript and VBScript - Remote Code Execution via Memory Corruption
CVSS 7.5
CVE-2016-3206 HIGH
Microsoft JScript and VBScript - Remote Code Execution via Memory Corruption
CVSS 7.5
CVE-2016-3205 HIGH
Microsoft JScript and VBScript - Remote Code Execution via Memory Corruption
CVSS 7.5
CVE-2016-3202 HIGH
Microsoft Chakra JavaScript, JScript, and VBScript - Remote Code Execution via Memory Corruption
CVSS 7.5
CVE-2016-3199 HIGH
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Memory Corruption
CVSS 8.8
CVE-2016-0200 HIGH
Microsoft Internet Explorer 9-11 - Memory Corruption
CVSS 8.8
CVE-2016-0199 HIGH
Microsoft Internet Explorer 9-11 - Code Injection
CVSS 8.8
Details
Vulnerabilities 14,008
Exploit Likelihood High