CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,008 vulnerabilities with CWE-119
CVE-2015-5790
iTunes < 12.3 - Remote Code Execution via Crafted Web Site
CVE-2015-5789
iPhone OS < 8.4.1, iTunes < 12.2, Safari < 8.0.8 - Remote Code Execution via WebKit Memory Corruption
CVE-2015-6949
ASUS TM-1900 - Remote Code Execution via HTTP Header Overflow
CVE-2015-6948
Corel WordPerfect - Remote Code Execution via Microsoft Word Document Conversion
CVE-2015-6946
Micro Focus AccuRev - Remote Code Execution via Reprise License Manager Service Parameter Overflow
CVE-2015-4947
IBM HTTP Server 6.1.0.0-6.1.0.47 - Authenticated Stack-based Buffer Overflow
CVE-2015-6290
Cisco Web Security Virtual Appliance 8.0.7 - Denial of Service via Crafted HTTP Responses
CVE-2015-6681
Adobe Shockwave Player < 12.1.9.160 - Remote Code Execution via Memory Corruption
CVE-2015-2546 HIGH KEV
Microsoft Windows - Local Privilege Escalation via Win32k Memory Corruption
CVSS 8.2
CVE-2015-2542
Microsoft Edge and Internet Explorer - Remote Code Execution via Memory Corruption
CVE-2015-2541
Microsoft Internet Explorer 9-11 - Remote Code Execution via Memory Corruption
CVE-2015-2523
Microsoft Excel Remote Code Execution via Crafted Office Document
CVE-2015-2521
Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer - Remote Code Execution
CVE-2015-2520
Microsoft Excel 2007/2010/2011/2016 & Office Compatibility Pack - Remote Code Execution
CVE-2015-2511
Microsoft Windows - Local Privilege Escalation via Win32k Memory Corruption
CVE-2015-2510
Microsoft Live Meeting Console - Remote Code Execution via Crafted OpenType Font
CVE-2015-2504
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6 - Remote Code Execution via Array Copy
CVE-2015-2501
Microsoft Internet Explorer 9 - Remote Code Execution via Memory Corruption
CVE-2015-2500
Microsoft Internet Explorer 7 and 8 - Remote Code Execution via Memory Corruption
CVE-2015-2499
Microsoft Internet Explorer 7-11 - Remote Code Execution via Memory Corruption
CVE-2015-2498
Microsoft Internet Explorer 7-11 - Remote Code Execution or Denial of Service via Memory Corruption
CVE-2015-2494
Microsoft Internet Explorer 7-11 and Edge - Remote Code Execution via Memory Corruption
CVE-2015-2493
Internet Explorer 8 - Remote Code Execution via VBScript and JScript Engine Memory Corruption
CVE-2015-2492
Microsoft Internet Explorer 7-11 - Remote Code Execution via Memory Corruption
CVE-2015-2491
Microsoft Internet Explorer 9-11 - Remote Code Execution via Memory Corruption
Details
Vulnerabilities 14,008
Exploit Likelihood High