CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,014 vulnerabilities with CWE-119
CVE-2012-0677
Apple iTunes <10.6.3 - Buffer Overflow
CVE-2012-2037
Adobe Flash Player < 11.2.202.235 and AIR < 3.2.0.2070 - Remote Code Execution
CVE-2012-2034 HIGH KEV
Adobe Flash Player < 11.2.202.235 and AIR < 3.2.0.2070 - Remote Code Execution
CVSS 7.5
CVE-2012-2598
Siemens WinCC <7.0.SP3.Update2 - Buffer Overflow
CVE-2012-1816
Emerson DeltaV and DeltaV Workstations - Denial of Service via Crafted TCP or UDP Packet
CVE-2012-3291
OpenConnect <3.18 - Buffer Overflow
CVE-2012-0985
Sony VAIO PC Wireless LAN Wizard 1.0-4.11 - Buffer Overflow
CVE-2012-3105
SeaMonkey < 2.10 - Memory Corruption via WebGL glBufferData
CVE-2012-1947
Firefox 4.x-12.0 and ESR 10.x < 10.0.5 - Remote Code Execution via UTF-16 to ISO-Latin-1 Conversion
CVE-2012-1941
Firefox 4.x-12.0 and ESR 10.x < 10.0.5 - Remote Code Execution via Window Resize
CVE-2012-1939
Firefox ESR 10.x < 10.0.5 and Thunderbird ESR 10.x < 10.0.5 - Remote Code Execution via JavaScript Type Inference
CVE-2012-0441
Mozilla Network Security Services < 3.13.4 - Denial of Service via Zero-Length ASN.1 Item
CVE-2012-2944
Network UPS Tools <2.6.4 - Buffer Overflow
CVE-2012-0409
EMC AutoStart <5.4.3 - Buffer Overflow
CVE-2012-0804
CVS 1.11 and 1.12 - Heap-Based Buffer Overflow via HTTP Proxy Response
CVE-2012-2942
HAProxy < 1.4.21 - Buffer Overflow in Header Capture Functionality
CVE-2012-2176
IBM Lotus Quickr 8.2 - Remote Code Execution via Long Argument to Attachment_Times or Import_Times Method
CVE-2012-2427
xarrow < 3.4 - Remote Code Execution via Invalid Free Operation
CVE-2012-2042
Adobe Illustrator < CS6 - Remote Code Execution via Memory Corruption
CVE-2012-0289
Symantec Endpoint Protection/SNAC <11.0.710x - Privilege Escalation
CVE-2012-2271
SkinCrafter 3.0 - Buffer Overflow via InitLicenKeys reg_name Argument
CVE-2012-2915
Lattice Semiconductor PAC-Designer <6.2.1344 - Buffer Overflow
CVE-2012-2376
PHP < 5.4.3 - Remote Code Execution via COM Object VARIANT Type Handling
CVE-2012-2411
RealNetworks RealPlayer <15.0.4.53 - RCE
CVE-2012-0669
Apple QuickTime < 7.7.2 - Remote Code Execution via Crafted Sorenson-Encoded Movie File
Details
Vulnerabilities 14,014
Exploit Likelihood High