CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,028 vulnerabilities with CWE-119
CVE-2008-0947
MIT Kerberos 5 1.4-1.6.3 - Remote Code Execution via RPC Library File Descriptor Overflow
CVE-2008-0948
MIT Kerberos 5 1.2.2 - Buffer Overflow in RPC Library via File Descriptor Handling
CVE-2008-1010
Safari - Remote Code Execution via JavaScript Regular Expression Handling
CVE-2008-0047
CUPS - Remote Code Execution via Crafted Search Expressions
CVE-2008-0053
CUPS < 1.3.6 - Remote Code Execution via HP-GL/2-to-PostScript Filter
CVE-2008-0056
Mac OS X 10.4.11 - Stack-Based Buffer Overflow in NSFileManager
CVE-2008-0987
Apple Aperture and iPhoto - Stack-based Buffer Overflow in Image Raw via Crafted DNG Image
CVE-2008-0992
Apple Mac OS X 10.5.2 - Remote Code Execution via Crafted Archive Length in pax
CVE-2008-0044
Apple Mac OS X 10.4.11 and 10.5.2 - Buffer Overflow via Crafted AFP URL
CVE-2008-0048
Mac OS X 10.4.11 - Stack-Based Buffer Overflow via NSDocument API
CVE-2008-0997
Mac OS X 10.4.11 - Stack-Based Buffer Overflow in AppKit via Crafted PPD File
CVE-2008-1372
bzip2 - Denial of Service via Crafted File Buffer Over-Read
CVE-2008-0727
IBM Informix Dynamic Server 7.x-11.x - Buffer Overflow via Long Password or DBPATH
CVE-2008-1365
Trend Micro OfficeScan Corporate Edition <= 7.3 Patch 3 - Stack-Based Buffer Overflow
CVE-2008-0888
Canonical Ubuntu Linux < 10.6.3 - Memory Corruption
CVE-2008-1358
Alt-N Technologies MDaemon 9.6.4 - Buffer Overflow
CVE-2008-0532
Cisco ACS for Windows and ACS Solution Engine - Remote Code Execution via Long Argument After Logout
CVE-2008-1320
ASG-Sentry Network Manager <7.0.0 - Buffer Overflow
CVE-2008-1307
Beijing KingSoft Antivirus Online Update Module 2007.12.29.29 - Heap-Based Buffer Overflow via SetUninstallName Method
CVE-2008-1276
MailEnable Professional/Enterprise <3.13 - Authenticated RCE via IMAP Commands
CVE-2008-1282
b21soft bfup < 1.0.308_19 - Buffer Overflow via FilePath Parameter
CVE-2008-1161
xine-lib <1.1.10.1 - Buffer Overflow
CVE-2008-1227
Secure Internet Live Conferencing Toolkit <1.1.5 - Buffer Overflow
CVE-2008-1266
D-Link DI-524 - Buffer Overflow via Long Username or HTTP Header
CVE-2008-1207
Fujitsu Interstage Smart Repository - Denial of Service via Invalid Request or Large Attribute Value
Details
Vulnerabilities 14,028
Exploit Likelihood High