CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,011 vulnerabilities with CWE-119
CVE-2014-0273
Microsoft Internet Explorer 9-11 - Memory Corruption
CVE-2014-0272
Microsoft Internet Explorer <10 - Code Injection
CVE-2014-0271
Microsoft Internet Explorer <11 - RCE
CVE-2014-0270
Microsoft Internet Explorer 9-11 - Code Injection
CVE-2014-0269
Microsoft Internet Explorer <10 - Code Injection
CVE-2014-0267
Microsoft Internet Explorer 11 - Memory Corruption
CVE-2014-0263
Microsoft Graphics Component - Code Injection
CVE-2014-0980
Publish-It PUI Buffer Overflow (SEH)
CVE-2014-0044
Mumble 1.2.4 - Denial of Service via Crafted Opus Packet Length Prefix
CVE-2014-0019
socat 1.3.0.0-1.7.2.2 and 2.0.0-b1-2.0.0-b6 - Stack-Based Buffer Overflow via Long Server Name in PROXY-CONNECT Address
CVE-2014-0001
Oracle MySQL & MariaDB <5.5.35 - Buffer Overflow
CVE-2014-1692 HIGH
OpenSSH < 6.4 - Memory Corruption via J-PAKE Protocol Error Handling
CVSS 7.3
CVE-2014-0494
Adobe Digital Editions 2.0.1 - Memory Corruption
CVE-2014-1452
FreeBSD 8.3-10.0 - Stack-Based Buffer Overflow in bsnmpd via GETBULK PDU Request
CVE-2014-0753
Ecava IntegraXor < 4.1.4390 - Denial of Service via DLL Access
CVE-2014-0495
Adobe Reader/Acrobat <10.1.9, <11.0.06 - Memory Corruption
CVE-2014-0493
Adobe Reader/Acrobat <10.1.9/11.0.06 - Memory Corruption
CVE-2014-0260
Microsoft Word <2013 - Code Injection
CVE-2014-0259
Microsoft Word 2007 SP3-Office Compatibility Pack SP3 - Code Injection
CVE-2014-0258
Microsoft Word <2003-2007 - Code Injection
CVE-2014-1201
Lorex Edge Series - Buffer Overflow via HTTP_PORT Parameter
CVE-2014-0591
ISC BIND 9.6-9.8<9.8.6-P2, 9.9<9.9.4-P2, 9.6-ESV<9.6-ESV-R10-P2 - Denial of Service via Crafted DNS Query
CVE-2014-0978
Graphviz 2.34.0 - Stack-based Buffer Overflow in yyerror Function
CVE-2014-1236
Graphviz 2.34.0 - Stack-based Buffer Overflow via Long Digit List in chkNum Function
CVE-2013-7490 MEDIUM
Perl DBI <1.632 - Memory Corruption
CVSS 5.3
Details
Vulnerabilities 14,011
Exploit Likelihood High