CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,011 vulnerabilities with CWE-119
CVE-2014-4079
Microsoft Internet Explorer 6-11 - Memory Corruption
CVE-2014-4065
Microsoft Internet Explorer 6-11 - Memory Corruption
CVE-2014-4059
Microsoft Internet Explorer 6-11 - Memory Corruption
CVE-2014-2799
Internet Explorer 6-11 - Remote Code Execution via Memory Corruption
CVE-2014-0559
Adobe AIR < 14.0.0.178 - Remote Code Execution via Heap-Based Buffer Overflow
CVE-2014-0556
Adobe Flash Player < 13.0.0.244 and 14.x-15.x < 15.0.0.152 - Remote Code Execution via Heap-Based Buffer Overflow
CVE-2014-0555
Adobe AIR < 14.0.0.178 - Remote Code Execution
CVE-2014-0552
Adobe AIR < 14.0.0.178 - Remote Code Execution
CVE-2014-0551
Adobe AIR < 14.0.0.178 and Flash Player < 13.0.0.241 - Remote Code Execution via Memory Corruption
CVE-2014-0550
Adobe AIR < 14.0.0.178 - Remote Code Execution via Memory Corruption
CVE-2014-0549
Adobe Flash Player < 13.0.0.244 and 14.x-15.x < 15.0.0.152 - Remote Code Execution via Memory Corruption
CVE-2014-0547
Adobe Flash Player < 13.0.0.244 - Remote Code Execution or Denial of Service via Memory Corruption
CVE-2014-3618
procmail 3.22 - Heap-Based Buffer Overflow via Crafted Email Header
CVE-2014-5256
Nodejs - Memory Corruption
CVE-2014-6252
SAP NetWeaver <7.20 - Buffer Overflow
CVE-2014-5505
SAP Crystal Reports - Stack-based Buffer Overflow via Crafted RPT File Data Source String
CVE-2014-5461
Opensuse - Memory Corruption
CVE-2014-3094
IBM DB2 9.7-10.5 - Authenticated Remote Code Execution via ALTER MODULE Statement
CVE-2014-1565
Firefox < 31.1.0 - Out-of-Bounds Read in Web Audio API
CVE-2014-1562
Firefox < 32.0 and ESR 24.x < 24.8 and 31.x < 31.1 - Remote Code Execution via Memory Corruption
CVE-2014-1554
Firefox < 32.0 - Remote Code Execution via Browser Engine Memory Corruption
CVE-2014-1553
Opensuse Evergreen < 31.1.0 - Memory Corruption
CVE-2014-3174
Google Chrome < 37.0.2062.94 - Denial of Service via Web Audio API Biquad Filter Coefficient Update
CVE-2014-3173
Google Chrome < 37.0.2062.94 - Denial of Service via WebGL Clear Call
CVE-2014-5307
Panda Security 2014 Products - Heap-Based Buffer Overflow via PavTPK.sys IOCTL Call
Details
Vulnerabilities 14,011
Exploit Likelihood High