CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,011 vulnerabilities with CWE-119
CVE-2015-2052
D-Link DIR-645 Firmware < 1.04b12 - Remote Code Execution via HNAP GetDeviceSettings Action
CVE-2015-1315
Info-Zip UnZip <6.10b - RCE
CVE-2015-0880
CREAR AL-Mail32 < 1.13 - Remote Code Execution via Long Attachment Filename
CVE-2015-0247
e2fsprogs < 1.42.12 - Heap-Based Buffer Overflow via Crafted Block Group Descriptor
CVE-2015-1500
SolarWinds Server and Application Monitor - Remote Code Execution via TSUnicodeGraphEditorControl
CVE-2015-1495
Motorola Scanner SDK - Buffer Overflow
CVE-2015-1345
grep 2.19-2.21 - Denial of Service via Out-of-Bounds Heap Read in bmexec_trans
CVE-2015-1548
mini_httpd < 1.21 - Information Disclosure via Long HTTP Protocol String
CVE-2015-0327
Adobe Flash Player < 13.0.0.269 - Heap-based Buffer Overflow
CVE-2015-0324
Adobe Flash Player < 13.0.0.269 - Remote Code Execution
CVE-2015-0323
Adobe Flash Player < 13.0.0.269 - Heap-based Buffer Overflow
CVE-2015-1462
ClamAV <0.98.6 - Buffer Overflow
CVE-2015-1461
ClamAV <0.98.6 - Memory Corruption
CVE-2015-1348
Aruba Instant <4.0.0.7-4.1.1.2 - Buffer Overflow
CVE-2015-1449
Siemens Ruggedcom - Buffer Overflow
CVE-2015-1362
Exif Pilot 4.7.2 - Buffer Overflow via Long Maker Element in XML File
CVE-2015-1360
Skia <40.0.2214.91 - Buffer Overflow
CVE-2015-0973 HIGH
Oracle Solaris < 1.5.20 - Memory Corruption
CVSS 8.8
CVE-2015-0309
Adobe Flash Player < 13.0.0.260 and 14.x-16.x < 16.0.0.257 - Remote Code Execution
CVE-2015-0307
Adobe Air < 15.0.0.356 - Memory Corruption
CVE-2015-0304
Adobe Flash Player < 13.0.0.260 and 14.x-16.x < 16.0.0.257 - Remote Code Execution via Heap-Based Buffer Overflow
CVE-2015-0014
Windows Telnet Service - Remote Code Execution via Crafted Packets
CVE-2015-0564
Oracle Linux - Memory Corruption
CVE-2015-0206
OpenSSL 1.0.0-1.0.0o and 1.0.1-1.0.1j - Denial of Service via Duplicate DTLS Records
CVE-2014-125025 MEDIUM
FFmpeg 2.0 - Memory Corruption in decode_pulses Function
CVSS 5.3
Details
Vulnerabilities 14,011
Exploit Likelihood High