CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,027 vulnerabilities with CWE-119
CVE-2010-0919
IBM Lotus iNotes <7.0.4 - Buffer Overflow
CVE-2010-0917
Microsoft Windows 2000 SP4, XP SP2-SP3, Server 2003 SP2 - Stack-based Buffer Overflow via MsgBox Helpfile Argument
CVE-2010-0718
Microsoft Windows Media Player <11.0.5721.5145 - Buffer Overflow
CVE-2010-0107
Symantec Client Security 3.0.x-3.1.x - Buffer Overflow in SYMLTCOM.dll ActiveX Control
CVE-2010-0679
Hyleos ChemView 1.9.5.1 - Remote Code Execution via HyleosChemView ActiveX Control
CVE-2010-0108
Symantec AntiVirus - Buffer Overflow via SetRemoteComputerName Function
CVE-2010-0417
Helix Player and RealPlayer - Buffer Overflow in RuleBook Structure Handling
CVE-2010-0416
Helix Player and RealPlayer - Buffer Overflow via Malformed URL Percent Encoding
CVE-2010-0297
QEMU < 0.11.1 - Buffer Overflow in USB Passthrough Handling
CVE-2010-0250
Microsoft DirectShow - Remote Code Execution via Crafted AVI File
CVE-2010-0243
Microsoft Office XP SP3 and Office 2004 for Mac - Remote Code Execution via Crafted Office Document
CVE-2010-0034
Microsoft PowerPoint 2003 SP3 - Remote Code Execution via Crafted PowerPoint Document
CVE-2010-0033
Microsoft PowerPoint 2003 SP3 - Remote Code Execution via Crafted PowerPoint Document
CVE-2010-0030
Microsoft PowerPoint 2002 SP3 and 2003 SP3 - Remote Code Execution via Crafted PowerPoint Document
CVE-2010-0029
Microsoft PowerPoint 2002 SP3 - Remote Code Execution via Crafted PowerPoint Document
CVE-2010-0564
Trend Micro OfficeScan < 8.0 - Denial of Service via URL Filtering Engine Buffer Overflow
CVE-2010-0562
fetchmail 6.3.11-6.3.13 - Heap-Based Buffer Overflow via SSL X.509 Certificate
CVE-2010-0409
GMime < 2.4.15 - Buffer Overflow via UUencode Operation
CVE-2010-0553
Geo++ GNCASTER <= 1.4.0.7 - DoS and Possible RCE via Long NMEA Data
CVE-2010-0304
Wireshark 0.9.15-1.0.10 and 1.2.0-1.2.5 - Denial of Service via Malformed LWRES Packet
CVE-2010-0462
IBM DB2 9.1-9.7 - Authenticated Heap-Based Buffer Overflow via REPEAT Function
CVE-2010-0392
TheGreenBow IPSec VPN Client - Stack-based Buffer Overflow via Long OpenScriptAfterUp Parameter
CVE-2010-0391
Embarcadero InterBase SMP 2009 9.0.3.437 - Remote Code Execution via Crafted Packets
CVE-2010-0387
Sun Java System Web Server 7.0 Update 7 - Heap-Based Buffer Overflow via Long Digest Authorization Header
CVE-2010-0138
CiscoWorks Internetwork Performance Monitor <= 2.6 - Remote Code Execution via Malformed GIOP Request
Details
Vulnerabilities 14,027
Exploit Likelihood High