CWE-119— Buffer Operations Within Bounds (Buffer Overflow)
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.— MITRE CWE catalog
10,811 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-119page 1 of 217
- CVE-1999-0002NONECVSS 0.0EG 0.01998-10-12
Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.
- CVE-1999-0027NONECVSS 0.0EG 0.01997-07-16
root privileges via buffer overflow in eject command on SGI IRIX systems.
- CVE-1999-0069HIGHCVSS 8.4EG 8.41998-04-29
Solaris ufsrestore buffer overflow.
- CVE-1999-0332NONECVSS 0.0EG 0.01998-12-01
Buffer overflow in NetMeeting allows denial of service and remote command execution.
- CVE-1999-0349NONECVSS 0.0EG 0.01999-01-27
A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.
- CVE-1999-0700NONECVSS 0.0EG 0.01999-07-29
Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.
- CVE-1999-0802NONECVSS 0.0EG 0.01999-05-27
Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites icon.
- CVE-1999-0874NONECVSS 0.0EG 0.01999-06-16
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
- CVE-1999-0876NONECVSS 0.0EG 0.02000-01-04
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
- CVE-1999-0898NONECVSS 0.0EG 0.01999-11-04
Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request.
- CVE-1999-1588CRITICALCVSS 9.8EG 9.81999-12-31
Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766.
- CVE-2000-1246NONECVSS 0.0EG 0.02010-04-05
NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allows remote authenticated users to cause a denial of service (abend) by sending an RNTO command after a failed RNFR command.
- CVE-2001-0153NONECVSS 0.0EG 0.02001-05-03
Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands.
- CVE-2001-0576NONECVSS 0.0EG 0.02001-08-22
lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the '-u' command line parameter.
- CVE-2001-0629NONECVSS 0.0EG 0.02001-08-14
HP Event Correlation Service (ecsd) as included with OpenView Network Node Manager 6.1 allows a remote attacker to gain addition privileges via a buffer overflow attack in the '-restore_config' command line parameter.
- CVE-2001-0775NONECVSS 0.0EG 0.02001-10-18
Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long (1) Firstname or (2) Lastname field.
- CVE-2001-0803NONECVSS 0.0EG 0.02001-12-06
Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.
- CVE-2001-0819NONECVSS 0.0EG 0.02001-12-06
A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header.
- CVE-2001-1456NONECVSS 0.0EG 0.02001-09-04
Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail message.
- CVE-2001-1539NONECVSS 0.0EG 0.02001-12-31
Stack consumption vulnerability in Internet Explorer The JavaScript settimeout function in Internet Explorer allows remote attackers to cause a denial of service (crash) via the JavaScript settimeout function. NOTE: the vendor could not r…
- CVE-2001-1582NONECVSS 0.0EG 0.02001-12-31
Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS environment variable to a privileged program that uses libsldap.
- CVE-2001-1587NONECVSS 0.0EG 0.02010-04-05
NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via an anonymous STOU command.
- CVE-2002-0053NONECVSS 0.0EG 0.02002-03-08
Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candid…
- CVE-2002-0070NONECVSS 0.0EG 0.02002-03-15
Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.
- CVE-2002-0649NONECVSS 0.0EG 9.02002-08-12
Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which …
- CVE-2002-0813NONECVSS 0.0EG 0.02002-08-12
Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename.
- CVE-2002-1174NONECVSS 0.0EG 0.02002-10-11
Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Receive…
- CVE-2002-1200NONECVSS 0.0EG 0.02002-10-28
Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote atta…
- CVE-2002-1222NONECVSS 0.0EG 0.02002-10-28
Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request.
- CVE-2002-1357NONECVSS 0.0EG 0.02002-12-23
Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SS…
- CVE-2002-1365NONECVSS 0.0EG 0.02002-12-23
Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number …
- CVE-2002-1401NONECVSS 0.0EG 0.02003-01-17
Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as…
- CVE-2002-2196NONECVSS 0.0EG 0.02002-12-31
Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack.
- CVE-2002-2226NONECVSS 0.0EG 0.02002-12-31
Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote attackers to execute arbitrary code via a long filename argument.
- CVE-2002-2227NONECVSS 0.0EG 0.02002-12-31
Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted SSLv2 challenge value.
- CVE-2002-2232NONECVSS 0.0EG 0.02002-12-31
Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers to execute arbitrary code via a long CD (CWD) command.
- CVE-2002-2248NONECVSS 0.0EG 0.02002-12-31
Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invo…
- CVE-2002-2250NONECVSS 0.0EG 0.02002-12-31
Multiple buffer overflows in Sybase Adaptive Server 12.0 and 12.5 allow remote attackers to execute arbitrary code via (1) a long parameter to the xp_freedll extended stored procedure or (2) a long database name argument to the DBCC CHECKV…
- CVE-2002-2251NONECVSS 0.0EG 0.02002-12-31
Buffer overflow in the changevalue function in libcgi.h for Marcos Luiz Onisto Lib CGI 0.1 allows remote attackers to execute arbitrary code via a long argument.
- CVE-2002-2253NONECVSS 0.0EG 0.02002-12-31
Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and earlier allow remote attackers to execute arbitrary code via (1) a long header name, (2) a long IMAP flag, or (3) a script that generates a large number of errors that overflow …
- CVE-2002-2257NONECVSS 0.0EG 0.02002-12-31
Stack-based buffer overflow in the parse_field function in cgi_lib.c for LIBCGI 1.0.2 and 1.0.3 allows remote attackers to execute arbitrary code via a long argument.
- CVE-2002-2258NONECVSS 0.0EG 0.02002-12-31
Moby NetSuite allows remote attackers to cause a denial of service (crash) via an HTTP POST request with a (1) large integer or (2) non-numeric value in the Content-Length header, which causes an access violation after a failed atoi functi…
- CVE-2002-2259NONECVSS 0.0EG 0.02002-12-31
Buffer overflow in the French documentation patch for Gnuplot 3.7 in SuSE Linux before 8.0 allows local users to execute arbitrary code as root via unknown attack vectors.
- CVE-2002-2268NONECVSS 0.0EG 0.02002-12-31
Buffer overflow in Webster HTTP Server allows remote attackers to execute arbitrary code via a long URL.
- CVE-2002-2271NONECVSS 0.0EG 0.02002-12-31
Buffer overflow in BigFun 1.51b IRC client, when the Direct Client Connection (DCC) option is used, allows remote attackers to cause a denial of service (crash) via a long string.
- CVE-2002-2272NONECVSS 0.0EG 0.02002-12-31
Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with inv…
- CVE-2002-2291NONECVSS 0.0EG 0.02002-12-31
Calisto Internet Talker 0.04 and earlier allows remote attackers to cause a denial of service (hang) via a long request, possibly triggering a buffer overflow.
- CVE-2002-2294NONECVSS 0.0EG 0.02002-12-31
Multiple buffer overflows in Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 allow remote attackers to cause a denial of service (…
- CVE-2002-2295NONECVSS 0.0EG 0.02002-12-31
Buffer overflow in Pico Server (pServ) 2.0 beta 1 through beta 5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a 1024-byte TCP stream message, which triggers an off-by-one buffer o…
- CVE-2002-2300NONECVSS 0.0EG 0.02002-12-31
Buffer overflow in ftpd 5.4 in 3Com NBX 4.0.17 or ftpd 5.4.2 in 3Com NBX 4.1.4 allows remote attackers to cause a denial of service (crash) via a long CEL command.
Map vulnerabilities like CWE-119 to your infrastructure
EchelonGraph correlates every CVE — across CWE-119 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →