CWE-119— Buffer Operations Within Bounds (Buffer Overflow)
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.— MITRE CWE catalog
10,830 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-119page 113 of 217
- CVE-2017-14879HIGHCVSS 8.8EG 8.82018-01-10
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, by calling an IPA ioctl and searching for routing/filer/hdr rule handle from ipa_idr pointer using ipa_idr_find() function, the…
- CVE-2017-14882HIGHCVSS 7.5EG 7.52018-03-15
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing VENDOR specific action frame in the function lim_process_action_vendor_specific(), a comparison is performed w…
- CVE-2017-14883CRITICALCVSS 9.8EG 9.82018-03-30
In the function wma_unified_power_debug_stats_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value param_buf->num_debug_register received from the FW command buffer is close to max of uint…
- CVE-2017-14884HIGHCVSS 7.8EG 7.82018-02-23
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow may potentially occur in WLANFTM_McProces…
- CVE-2017-14885HIGHCVSS 7.8EG 7.82018-03-15
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, wma_unified_link_peer_stats_event_handler function has a variable num_rates which represents the sum of all the peer_stats->num…
- CVE-2017-14887HIGHCVSS 7.8EG 7.82018-03-16
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of messages of type eWNI_SME_MODIFY_ADDITIONAL_IES, an integer overflow leading to heap buffer overflow may p…
- CVE-2017-14888HIGHCVSS 7.8EG 7.82018-12-07
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Userspace can pass IEs to the host driver and if multiple append commands are received, then the integer variable that stores the le…
- CVE-2017-14890HIGHCVSS 7.3EG 7.32018-04-03
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the processing of an SWBA event, the vdev_map value is not properly valid…
- CVE-2017-14894HIGHCVSS 7.3EG 7.32018-04-03
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in wma_vdev_start_resp_handler(), vdev id is received from firmware as part …
- CVE-2017-14912CRITICALCVSS 9.8EG 9.82018-03-30
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile [VERSION]: MDM9206, MDM9607, MDM9650, MSM8909W, SD 200, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800…
- CVE-2017-15101HIGHCVSS 7.8EG 9.82018-07-27
A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.
- CVE-2017-15126HIGHCVSS 8.1EG 8.12018-01-14
A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork ev…
- CVE-2017-15128MEDIUMCVSS 5.5EG 5.52018-01-14
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG).
- CVE-2017-15134HIGHCVSS 7.5EG 7.52018-03-01
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to …
- CVE-2017-15334MEDIUMCVSS 5.3EG 5.32018-02-15
The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002…
- CVE-2017-15335MEDIUMCVSS 5.3EG 5.32018-02-15
The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002…
- CVE-2017-15336MEDIUMCVSS 5.3EG 5.32018-02-15
The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002…
- CVE-2017-15337LOWCVSS 3.7EG 3.72018-02-15
The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V50…
- CVE-2017-15338LOWCVSS 3.7EG 3.72018-02-15
The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V50…
- CVE-2017-15339LOWCVSS 3.7EG 3.72018-02-15
The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V50…
- CVE-2017-15342HIGHCVSS 7.5EG 7.52018-02-15
Huawei DP300 V500R002C00, TE60 V600R006C00, TP3106 V100R002C00, eSpace U1981 V200R003C30SPC100 have a denial of service vulnerability. The software does not correctly calculate the rest size in a buffer when handling SSL connections. A rem…
- CVE-2017-15350MEDIUMCVSS 5.3EG 5.32018-02-15
The Common Open Policy Service Protocol (COPS) module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V50…
- CVE-2017-15354MEDIUMCVSS 5.3EG 5.32018-02-15
Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buf…
- CVE-2017-15355MEDIUMCVSS 5.3EG 5.32018-02-15
Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buf…
- CVE-2017-15356MEDIUMCVSS 5.3EG 5.32018-02-15
Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buf…
- CVE-2017-15396MEDIUMCVSS 6.5EG 6.52018-08-28
A stack buffer overflow in NumberingSystem in International Components for Unicode (ICU) for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap …
- CVE-2017-15398CRITICALCVSS 9.8EG 9.82018-08-28
A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server.
- CVE-2017-15406HIGHCVSS 8.8EG 8.82018-08-28
A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- CVE-2017-15408HIGHCVSS 8.8EG 8.82018-08-28
Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file that is mishandled by PDFium.
- CVE-2017-15409HIGHCVSS 8.8EG 8.82018-08-28
Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2017-15415MEDIUMCVSS 6.5EG 6.52018-08-28
Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the value of a pointer via a crafted HTML page.
- CVE-2017-15416MEDIUMCVSS 6.5EG 6.52018-08-28
Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka a Blink out-of-bounds read.
- CVE-2017-15417MEDIUMCVSS 5.3EG 5.32018-08-28
Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
- CVE-2017-15418MEDIUMCVSS 4.3EG 4.32018-08-28
Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
- CVE-2017-15655CRITICALCVSS 9.6EG 9.62018-01-31
Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this…
- CVE-2017-15815CRITICALCVSS 9.8EG 9.82018-03-15
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a potential buffer overflow can happen when processing any 802.11 MGMT frames like Auth frame in limProcessAuthFrame.
- CVE-2017-15821HIGHCVSS 7.8EG 7.82018-03-15
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function wma_p2p_noa_event_handler(), there is no bound check on a value coming from firmware which can potentially lead…
- CVE-2017-15822HIGHCVSS 8.8EG 8.82018-04-03
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing a 802.11 management frame, a buffer overflow may potentiall…
- CVE-2017-15823HIGHCVSS 7.8EG 7.82018-03-30
In spectral_create_samp_msg() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-11, some values from firmware are not properly validated potentially leading to a buffer overflow.
- CVE-2017-15830HIGHCVSS 7.8EG 7.82018-03-16
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper ch_list array index initialization in function sme_set_plm_request() causes potential buffer overflow.
- CVE-2017-15834HIGHCVSS 7.0EG 7.02018-03-16
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, race condition in diag_dbgfs_read_dcistats(), while accessing diag_dbgfs_dci_data_index, causes potential heap overflow.
- CVE-2017-15848HIGHCVSS 7.8EG 7.82018-01-10
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the fastrpc kernel driver, a buffer overflow vulnerability from userspace may potentially exist.
- CVE-2017-15854HIGHCVSS 7.8EG 7.82018-06-12
The value of fix_param->num_chans is received from firmware and if it is too large, an integer overflow can occur in wma_radio_chan_stats_event_handler() for the derived length len leading to a subsequent buffer overflow in all Android rel…
- CVE-2017-15855HIGHCVSS 7.8EG 7.82018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, the camera application triggers "user-memory-access" issue as the Camera CPP…
- CVE-2017-16231MEDIUMCVSS 5.5EG 5.52019-03-21
In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are opti…
- CVE-2017-16252HIGHCVSS 8.1EG 6.52018-08-06
Specially crafted commands sent through the PubNub service in Insteon Hub 2245-222 with firmware version 1012 can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trig…
- CVE-2017-16253HIGHCVSS 8.1EG 6.52019-03-21
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012 for the cc channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the Pub…
- CVE-2017-16254HIGHCVSS 8.1EG 6.52019-03-21
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting …
- CVE-2017-16255HIGHCVSS 8.1EG 6.52019-03-21
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting …
- CVE-2017-16337HIGHCVSS 8.8EG 8.82018-08-23
On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP reques…
Map vulnerabilities like CWE-119 to your infrastructure
EchelonGraph correlates every CVE — across CWE-119 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →