CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,028 vulnerabilities with CWE-119
CVE-2008-1210
Programmer's Notepad <2.0.8.718 - Buffer Overflow
CVE-2008-1188
Sun JDK/JRE 6<4 & 5.0<14 - Buffer Overflow
CVE-2008-1189
Sun JDK and JRE - Buffer Overflow
CVE-2008-1196
Java Web Start <6.0-5.0 - Buffer Overflow
CVE-2008-0985
Google Android SDK - Heap-Based Buffer Overflow via Crafted GIF File
CVE-2008-1167
Squid Analysis Report Generator 2.2.3.1 - Buffer Overflow
CVE-2008-1096
ImageMagick 6.2.8-0/GraphicsMagick 1.1.7 - RCE/DoS
CVE-2008-1138
DESlock+ < 3.2.6 - Denial of Service via DLMFENC_IOCTL Request
CVE-2008-0304
SeaMonkey < 1.1.8 - Remote Code Execution via Crafted External-Body MIME Type
CVE-2008-1110
xine-lib < 1.1.10 - Buffer Overflow in ASF Demuxer
CVE-2008-0411
Ghostscript < 8.61 - Remote Code Execution via Long Range Array in .seticcspace Operator
CVE-2008-0309
Symantec Scan Engine < 5.1.6.31 - Remote Code Execution via Malformed RAR File
CVE-2008-1056
Symark PowerBroker 2.8-5.0.1 - Local Privilege Escalation via Long argv[0] String
CVE-2008-1040
Fujitsu Interstage Application Server 8.0.0-8.0.3 and 9.0.0 - Remote Code Execution via Long URI
CVE-2008-1044
Move Media Player - Stack-based Buffer Overflow via Quantum Streaming Player ActiveX UploadLogs Method
CVE-2008-1052
NetWin SurgeFTP <= 2.3a2 - Denial of Service via Large Content-Length Header
CVE-2008-1054
NetWin SurgeMail <= 38k4 - Stack-Based Buffer Overflow via Long HTTP Headers
CVE-2008-0973
Double-Take 4.5.0.x - Buffer Overflow via Long Username Field
CVE-2008-0935
Novell iPrint Client < 4.34 - Stack-Based Buffer Overflow via ExecuteRequest Method
CVE-2008-0912
Sybase MobiLink < 10.0.1.3629 - Remote Code Execution via Long Username, Version, or Remote ID
CVE-2008-0638
Symantec Veritas Storage Foundation 5.0 - Remote Code Execution via Crafted Packet Size Field
CVE-2008-0871
Now SMS/MMS Gateway < 2007.06.27 - Stack-Based Buffer Overflow via HTTP Authorization Header or SMPP Packet
CVE-2008-0882
CUPS 1.3.5 - Remote Code Execution via Crafted UDP Browse Packets
CVE-2008-0674
PCRE < 7.6 - Remote Code Execution via Unicode Character Class Overflow
CVE-2008-0528
Cisco Skinny Client Control Protocol ... - Memory Corruption
Details
Vulnerabilities 14,028
Exploit Likelihood High