CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,008 vulnerabilities with CWE-119
CVE-2015-8981 CRITICAL
PoDoFo - Heap-based Buffer Overflow in PdfParser::ReadXRefSubsection
CVSS 9.8
CVE-2015-4409 MEDIUM
Hikvision DS-76xxx and DS-77xxx Series Firmware < 3.3.4 - Authenticated Denial of Service via Crafted HTTP Request
CVSS 6.5
CVE-2015-4408 MEDIUM
Hikvision DS-76xxx and DS-77xxx Series Firmware < 3.3.4 - Authenticated Denial of Service via ISAPI HTTP Request
CVSS 6.5
CVE-2015-4407 MEDIUM
Hikvision DS-76xxNI-E1/2 and DS-77xxxNI-E4 Firmware < 3.4.0 - Authenticated Denial of Service via Crafted HTTP Request
CVSS 6.5
CVE-2015-8979 HIGH
Debian Linux < 3.6.0 - Memory Corruption
CVSS 7.5
CVE-2015-4049 MEDIUM
Unisys MCP-FIRMWARE 40.0 - Authenticated Denial of Service via EPSILON Codefile Memory Corruption
CVSS 6.8
CVE-2015-2181 HIGH
Roundcube Webmail < 1.1.0 - Buffer Overflow via Password or Username
CVSS 8.8
CVE-2015-7975 MEDIUM
NTP < 4.2.8p6 and 4.3.x < 4.3.90 - Denial of Service via nextvar Function
CVSS 6.2
CVE-2015-8972 CRITICAL
GNU Chess < 6.2.4 - Stack-Based Buffer Overflow in ValidateMove Function
CVSS 9.8
CVE-2015-2868 CRITICAL
Trane ComfortLink II SCC firmware >=2.0.2 <2.0.2 - Remote Code Execution via DSS Service REG Request
CVSS 9.8
CVE-2015-5073 CRITICAL
IBM Powerkvm < 8.37 - Information Disclosure
CVSS 9.1
CVE-2015-3217 HIGH
PCRE 7.8 8.32-8.37 and PCRE2 10.10 - Denial of Service via Crafted Regular Expression
CVSS 7.5
CVE-2015-8929 MEDIUM
Suse Linux Enterprise Desktop < 3.1.901a - Memory Corruption
CVSS 5.5
CVE-2015-8919 HIGH
Canonical Ubuntu Linux < 3.1.901a - Memory Corruption
CVSS 7.5
CVE-2015-8918 HIGH
Novell Suse Linux Enterprise Software... - Memory Corruption
CVSS 7.5
CVE-2015-8947 HIGH
HarfBuzz < 1.0.4 - Buffer Over-Read in hb-ot-layout-gpos-table.hh
CVSS 7.6
CVE-2015-8808 MEDIUM
GraphicsMagick < 1.3.17 - Denial of Service in GIF DecodeImage Function
CVSS 5.5
CVE-2015-3192 MEDIUM
Pivotal Spring Framework <3.2.14 & 4.x <4.1.7 - DoS
CVSS 5.5
CVE-2015-8893 MEDIUM
Android < 6.0.1 - Denial of Service via Crafted Application
CVSS 5.5
CVE-2015-7029 CRITICAL
Apple AirPort Base Station Firmware < 7.6.7 and 7.7.x < 7.7.7 - Remote Code Execution via DNS Data Misparsing
CVSS 9.8
CVE-2015-7987 CRITICAL
mDNSResponder <625.41.2 - Buffer Overflow
CVSS 9.8
CVE-2015-8869 CRITICAL
Fedora < 4.02.3 - Information Disclosure
CVSS 9.1
CVE-2015-5261 HIGH
SPICE <0.12.6 - Buffer Overflow
CVSS 7.1
CVE-2015-5260 HIGH
SPICE <0.12.6 - Buffer Overflow
CVSS 7.8
CVE-2015-8878 MEDIUM
PHP 5.5.0-5.5.27 - Denial of Service via Race Condition in Temporary File Handling
CVSS 5.9
Details
Vulnerabilities 14,008
Exploit Likelihood High