CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,011 vulnerabilities with CWE-119
CVE-2014-8074
Foxit PDF SDK ActiveX 2.3-5.0.1820 - Remote Code Execution via SetLogFile Method Buffer Overflow
CVE-2014-8240
TigerVNC - Remote Code Execution via Screen Size Handling
CVE-2014-4141
Microsoft Internet Explorer <11 - Code Injection
CVE-2014-4137
Microsoft Internet Explorer 6&7 - Memory Corruption
CVE-2014-1578
Firefox < 33.0 and Firefox ESR 31.x < 31.2 - Remote Code Execution via WebM Tile Size Handling
CVE-2014-1576
Mozilla Firefox <33.0 - Buffer Overflow
CVE-2014-3818
Juniper Junos OS 9.1-14.1 - Denial of Service via BGP UPDATE Transitive Attributes
CVE-2014-3201
Google Chrome < 38.0.2125.101 - Content Spoofing via IFRAME Overflow Scrollbar Interference
CVE-2014-3198
Google Chrome < 38.0.2125.101 - Denial of Service via PDFium Instance Input Event Handling
CVE-2014-5501
CyberoamOS < 10.6.1 - Stack-based Buffer Overflow via Diagnose Service
CVE-2014-0397
Oracle Solaris 10-11.1 - Buffer Overflow
CVE-2014-3633
Canonical Ubuntu Linux < 1.2.8 - Memory Corruption
CVE-2014-0994
Embarcadero Delphi and C++ Builder XE6 - Heap-Based Buffer Overflow via BMP BITMAPINFOHEADER.biClrUsed Field
CVE-2014-6055
Fedora < 0.9.9 - Memory Corruption
CVE-2014-4330
Perl < 5.20.1 and Data::Dumper < 2.151 - Denial of Service via Recursive Array-Reference Handling
CVE-2014-6273
advanced_package_tool < 1.0.1 - Buffer Overflow in HTTP Transport Code
CVE-2014-7187
GNU Bash through 4.3 bash43-026 - Denial of Service via Deeply Nested For Loops
CVE-2014-7186
GNU Bash through 4.3 - Denial of Service via Redirection Here Document Handling
CVE-2014-3535
Linux Kernel < 2.6.36 - Denial of Service via VxLAN Invalid Packet Handling
CVE-2014-0205
Linux kernel <2.6.37 - Use After Free
CVE-2014-6416
Linux Kernel < 3.16.3 - Buffer Overflow in Ceph Auth Ticket Handling
CVE-2014-3186
Linux Kernel < 3.16.3 - Buffer Overflow in PicoLCD HID Device Driver
CVE-2014-3185
Linux Kernel < 3.2.63 - Buffer Overflow in Whiteheat USB Serial Driver
CVE-2014-3184
Linux Kernel < 3.16.2 - Denial of Service via HID Report Descriptor Out-of-Bounds Write
CVE-2014-3183
Linux Kernel < 3.16.2 - Heap-Based Buffer Overflow in Logitech DJ HID Driver
Details
Vulnerabilities 14,011
Exploit Likelihood High