CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,008 vulnerabilities with CWE-119
CVE-2016-0127 HIGH
Microsoft Office - Remote Code Execution via Crafted Office Document
CVSS 7.8
CVE-2016-0122 HIGH
Microsoft Excel/Word 2007-2016 & Office Compatibility Pack - Remote Code Execution via Crafted Document
CVSS 7.8
CVE-2016-3657 CRITICAL
Palo Alto Networks PAN-OS <7.0.5 - Buffer Overflow
CVSS 9.8
CVE-2016-3656 HIGH
Palo Alto Networks PAN-OS <7.0.5H2 - DoS
CVSS 7.5
CVE-2016-2558 HIGH
NVIDIA GPU Driver R340 < 341.95 and R352 < 354.74 - Privilege Escalation via Untrusted Pointer in Escape Interface
CVSS 8.4
CVE-2016-3986 HIGH
Avast - Memory Corruption/Code Injection
CVSS 7.8
CVE-2016-2857 HIGH
QEMU < 2.5.1.1 - Denial of Service via Crafted Packet in net_checksum_calculate
CVSS 8.4
CVE-2016-1885 MEDIUM
FreeBSD <9.3p39, 10.1p31, 10.2p14 - DoS
CVSS 6.2
CVE-2016-2385 CRITICAL
Debian Linux < 4.3.4 - Memory Corruption
CVSS 9.8
CVE-2016-2324 CRITICAL
Suse Linux Enterprise Debuginfo < 2.7.3 - Memory Corruption
CVSS 9.8
CVE-2016-2315 CRITICAL
Suse Linux Enterprise Debuginfo - Memory Corruption
CVSS 9.8
CVE-2016-2851 CRITICAL
Debian Linux < 4.1.0 - Memory Corruption
CVSS 9.8
CVE-2016-2563 CRITICAL
9bis kitty < 0.66.6.3 - Stack-based Buffer Overflow via SCP-SINK File-Size Response
CVSS 9.8
CVE-2016-0729 CRITICAL
Apache Xerces-C <3.1.3 - Buffer Overflow
CVSS 9.8
CVE-2016-1714 HIGH
QEMU <2.4 - Denial of Service
CVSS 8.1
CVE-2016-3948 HIGH
Squid 3.x < 3.5.16 and 4.x < 4.0.8 - Denial of Service via Vary Header
CVSS 7.5
CVE-2016-3947 HIGH
Squid <3.5.16, <4.0.8 - Buffer Overflow
CVSS 8.2
CVE-2016-1176 MEDIUM
Sharp EVA Animeter - Buffer Overflow
CVSS 6.3
CVE-2016-3142 HIGH
PHP < 5.5.33 and 5.6.x < 5.6.19 - Out-of-Bounds Read via PHAR Zip File Parsing
CVSS 8.2
CVE-2016-3141 CRITICAL
Apple Mac OS X < 10.11.4 - Memory Corruption
CVSS 9.8
CVE-2016-1649 HIGH
Google Chrome <49.0.2623.108 - Buffer Overflow
CVSS 8.8
CVE-2016-2344 HIGH
Autodesk Backburner < 2016.0.0.2150 - Remote Code Execution via Crafted Command
CVSS 7.5
CVE-2016-1783 HIGH
Safari < 9.1 - Remote Code Execution via Memory Corruption
CVSS 8.8
CVE-2016-1775 HIGH
Apple iOS <9.3, OS X <10.11.4, tvOS <9.2, watchOS <2.2 - RCE
CVSS 7.8
CVE-2016-1769 HIGH
Apple OS X <10.11.4 - Memory Corruption
CVSS 7.8
Details
Vulnerabilities 14,008
Exploit Likelihood High