CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,008 vulnerabilities with CWE-119
CVE-2016-1043 CRITICAL
Adobe Acrobat and Reader < 11.0.16 - Remote Code Execution
CVSS 9.8
CVE-2016-1037 CRITICAL
Adobe Acrobat and Reader < 11.0.16 - Remote Code Execution via Memory Corruption
CVSS 9.8
CVE-2016-0198 HIGH
Microsoft Office - Remote Code Execution via Crafted Office Document
CVSS 7.8
CVE-2016-0195 HIGH
Microsoft Windows - Remote Code Execution via Crafted Document in Imaging Component
CVSS 8.8
CVE-2016-0193 HIGH
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Memory Corruption
CVSS 7.5
CVE-2016-0192 HIGH
Microsoft Browser <11 - Memory Corruption
CVSS 7.5
CVE-2016-0191 HIGH
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Memory Corruption
CVSS 7.5
CVE-2016-0187 HIGH
Microsoft JScript and VBScript 5.8 - Remote Code Execution via Memory Corruption
CVSS 7.5
CVE-2016-0186 HIGH
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Memory Corruption
CVSS 7.5
CVE-2016-0140 HIGH
Microsoft Office 2007 SP3/2010 SP2 & SharePoint/Office Web Apps 2010 SP2 - RCE via Crafted Document
CVSS 7.8
CVE-2016-0126 HIGH
Microsoft Office 2013 SP1, 2013 RT SP1, and 2016 - Remote Code Execution via Crafted Office Document
CVSS 7.8
CVE-2016-2439 HIGH
Android 4.x < 4.4.4, 5.0.x < 5.0.2, 5.1.x < 5.1.1, 6.x < 2016-05-01 - Buffer Overflow via Bluetooth PIN Value
CVSS 8.8
CVE-2016-2429 CRITICAL
Android mediaserver libFLAC < 2016-05-01 - Remote Code Execution via Crafted Media File
CVSS 9.8
CVE-2016-2428 CRITICAL
Android mediaserver - Remote Code Execution via Crafted Media File
CVSS 9.8
CVE-2016-2176 HIGH
OpenSSL < 1.0.1s - Buffer Over-Read via EBCDIC ASN.1 Data
CVSS 8.2
CVE-2016-2108 CRITICAL
Redhat Enterprise Linux Desktop < 1.0.1n - Memory Corruption
CVSS 9.8
CVE-2016-4418 MEDIUM
Wireshark 1.12.x < 1.12.10 and 2.x < 2.0.2 - Denial of Service via ASN.1 BER Dissector
CVSS 5.9
CVE-2016-4417 MEDIUM
Wireshark 1.12.x < 1.12.10 and 2.x < 2.0.2 - Denial of Service via GSM A-bis OML Dissector
CVSS 5.9
CVE-2016-4416 MEDIUM
Wireshark 2.x - Denial of Service via IEEE 802.11 Grouping Subfield
CVSS 5.9
CVE-2016-4415 MEDIUM
Wireshark 2.x < 2.0.2 - Denial of Service via Ixia IxVeriWave File Parser
CVSS 5.9
CVE-2016-2814 HIGH
Firefox < 45.0.2 - Remote Code Execution via Crafted CENC Offsets
CVSS 8.8
CVE-2016-2808 HIGH
Firefox < 45.0.2 - Remote Code Execution via JavaScript Watch Implementation
CVSS 7.5
CVE-2016-2807 HIGH
Firefox < 46.0 - Memory Corruption
CVSS 8.8
CVE-2016-2806 HIGH
Debian Linux < 45.0.2 - Memory Corruption
CVSS 8.8
CVE-2016-2805 HIGH
Firefox ESR 38.x - Remote Code Execution via Memory Corruption
CVSS 8.8
Details
Vulnerabilities 14,008
Exploit Likelihood High