CWE-119— Buffer Operations Within Bounds (Buffer Overflow)
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.— MITRE CWE catalog
10,830 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-119page 100 of 217
- CVE-2014-2808NONECVSS 0.0EG 0.02014-08-12
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerabi…
- CVE-2014-2809NONECVSS 0.0EG 0.02014-07-08
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulner…
- CVE-2014-2810NONECVSS 0.0EG 0.02014-08-12
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability th…
- CVE-2014-2811NONECVSS 0.0EG 0.02014-08-12
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability th…
- CVE-2014-2813NONECVSS 0.0EG 0.02014-07-08
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulner…
- CVE-2014-2818NONECVSS 0.0EG 0.02014-08-12
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
- CVE-2014-2820NONECVSS 0.0EG 0.02014-08-12
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulner…
- CVE-2014-2821NONECVSS 0.0EG 0.02014-08-12
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
- CVE-2014-2822NONECVSS 0.0EG 0.02014-08-12
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability th…
- CVE-2014-2823NONECVSS 0.0EG 0.02014-08-12
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability th…
- CVE-2014-2824NONECVSS 0.0EG 0.02014-08-12
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
- CVE-2014-2825NONECVSS 0.0EG 0.02014-08-12
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerabi…
- CVE-2014-2826NONECVSS 0.0EG 0.02014-08-12
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulner…
- CVE-2014-2827NONECVSS 0.0EG 0.02014-08-12
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulner…
- CVE-2014-2830NONECVSS 0.0EG 0.02015-03-31
Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors.
- CVE-2014-2892NONECVSS 0.0EG 0.02014-04-22
Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response.
- CVE-2014-2978NONECVSS 0.0EG 0.02014-06-11
The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an ou…
- CVE-2014-2994NONECVSS 0.0EG 0.02014-04-27
Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute).
- CVE-2014-3000NONECVSS 0.0EG 0.02014-05-02
The TCP reassembly function in the inet module in FreeBSD 8.3 before p16, 8.4 before p9, 9.1 before p12, 9.2 before p5, and 10.0 before p2 allows remote attackers to cause a denial of service (undefined memory access and system crash) or p…
- CVE-2014-3042NONECVSS 0.0EG 0.02014-06-10
IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does not properly implement CEMT transactions, which allows remote authenticated users to cause a denial of service (storage overlay) by using a 3270 emulator to send an inval…
- CVE-2014-3094NONECVSS 0.0EG 0.02014-09-04
Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code via a crafted ALTER MODULE statement.
- CVE-2014-3100NONECVSS 0.0EG 0.02014-07-02
Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrict…
- CVE-2014-3113NONECVSS 0.0EG 0.02014-07-07
Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 allow remote attackers to execute arbitrary code via a malformed (1) elst or (2) stsz atom in an MP4 file.
- CVE-2014-3156NONECVSS 0.0EG 0.02014-06-11
Buffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unexpected bitmap data, related t…
- CVE-2014-3157NONECVSS 0.0EG 0.02014-06-11
Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified …
- CVE-2014-3158NONECVSS 0.0EG 0.02014-11-15
Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[c…
- CVE-2014-3173NONECVSS 0.0EG 0.02014-08-27
The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via…
- CVE-2014-3174NONECVSS 0.0EG 0.02014-08-27
modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allo…
- CVE-2014-3181NONECVSS 0.0EG 0.02014-09-28
Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (…
- CVE-2014-3182NONECVSS 0.0EG 0.02014-09-28
Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a craft…
- CVE-2014-3183NONECVSS 0.0EG 0.02014-09-28
Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbi…
- CVE-2014-3184NONECVSS 0.0EG 0.02014-09-28
The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, r…
- CVE-2014-3185NONECVSS 0.0EG 0.02014-09-28
Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or c…
- CVE-2014-3186NONECVSS 0.0EG 0.02014-09-28
Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause …
- CVE-2014-3198NONECVSS 0.0EG 0.02014-10-08
The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to ca…
- CVE-2014-3201NONECVSS 0.0EG 0.02014-10-10
core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a cra…
- CVE-2014-3208HIGHCVSS 7.5EG 7.52020-02-13
A Denial of Service vulnerability exists in askpop3d 0.7.7 in free (pszQuery),
- CVE-2014-3261NONECVSS 0.0EG 0.02014-05-26
Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4…
- CVE-2014-3311NONECVSS 0.0EG 0.02014-07-10
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup584…
- CVE-2014-3355NONECVSS 0.0EG 0.02014-09-25
The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload…
- CVE-2014-3356NONECVSS 0.0EG 0.02014-09-25
The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload…
- CVE-2014-3361NONECVSS 0.0EG 0.02014-09-25
The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071.
- CVE-2014-3434NONECVSS 0.0EG 0.02014-08-06
Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x002…
- CVE-2014-3441NONECVSS 0.0EG 0.02014-05-14
codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file.
- CVE-2014-3442NONECVSS 0.0EG 0.02014-05-23
Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s.
- CVE-2014-3443NONECVSS 0.0EG 0.02014-05-14
JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file.
- CVE-2014-3452NONECVSS 0.0EG 0.02014-05-16
Filters\LAV\avfilter-lav-4.dll in K-lite Codec 10.4.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .jpg file.
- CVE-2014-3459NONECVSS 0.0EG 0.02014-08-07
Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property.
- CVE-2014-3461NONECVSS 0.0EG 0.02014-11-04
hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."
- CVE-2014-3466NONECVSS 0.0EG 0.02014-06-03
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arb…
Map vulnerabilities like CWE-119 to your infrastructure
EchelonGraph correlates every CVE — across CWE-119 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →