CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,020 vulnerabilities with CWE-119
CVE-2011-0573
Adobe Flash Player < 10.2.152.26 - Remote Code Execution or Denial of Service via Memory Corruption
CVE-2011-0572
Adobe Flash Player < 10.2.152.26 - Remote Code Execution via Memory Corruption
CVE-2011-0571
Adobe Flash Player < 10.2.152.26 - Remote Code Execution via Memory Corruption
CVE-2011-0569
Adobe Shockwave Player < 11.5.9.620 - Remote Code Execution via PFR1 Chunk Size Mismanagement
CVE-2011-0561
Adobe Flash Player < 10.2.152.26 - Remote Code Execution via Memory Corruption
CVE-2011-0560
Adobe Flash Player < 10.2.152.26 - Remote Code Execution via Memory Corruption
CVE-2011-0559
Adobe Flash Player < 10.2.152.26 - Remote Code Execution via Crafted ActionScript Method Parameters
CVE-2011-0556
Adobe Shockwave Player < 11.5.9.620 - Remote Code Execution via Crafted PFR1 Chunk
CVE-2011-0555
Adobe Shockwave Player < 11.5.9.620 - Remote Code Execution via Crafted DEMX RIFF Chunk
CVE-2011-0045
Microsoft Windows XP SP3 - Buffer Overflow
CVE-2011-0919
IBM Lotus Domino - Stack-Based Buffer Overflow via Non-Printable Characters in Envelope Sender Address
CVE-2011-0918
IBM Lotus Domino - Stack-Based Buffer Overflow via Malformed Calendar-Request Email Attachments
CVE-2011-0917
IBM Lotus Domino - Remote Code Execution via LDAP Bind Operation
CVE-2011-0916
IBM Lotus Domino - Stack-Based Buffer Overflow via SMTP MIME Filename Parameter
CVE-2011-0915
IBM Lotus Domino < 8.5.3 - Remote Code Execution via Long Content-Type Header in Calendar Meeting Request
CVE-2011-0913
IBM Lotus Domino < 8.5.3 - Remote Code Execution via DIIOP GIOP getEnvironmentString Request
CVE-2011-0538
Wireshark 1.2.0-1.2.14, 1.4.0-1.4.3, 1.5.0 - Use-After-Free in pcap-ng File Processing
CVE-2011-0901
Terminal Server Client 0.150 - Stack-Based Buffer Overflow via Long RDP File Arguments
CVE-2011-0900
Terminal Server Client 0.150 - Stack-based Buffer Overflow via Long Hostname in .RDP File
CVE-2011-0522
VLC Media Player - Remote Code Execution via Malformed Subtitle Tag in MKV File
CVE-2011-0324
Topaz SigPlus Pro ActiveX < 4.29 - Remote Code Execution via Long KeyString
CVE-2011-0521
Linux Kernel < 2.6.38 - Memory Corruption via Negative Integer in dvb_ca_ioctl
CVE-2011-0742
Novell ZENworks Handheld Management 7.0 - Remote Code Execution via Crafted IP Conduit Packet
CVE-2011-0731
IBM DB2 < 9.1 FP10, < 9.5 FP7, < 9.7 FP3 - Remote Code Execution via Buffer Overflow in DB2 Administration Server
CVE-2011-0682
Opera < 11.01 - Remote Code Execution via Large Select Element Children
Details
Vulnerabilities 14,020
Exploit Likelihood High