CWE-119— Buffer Operations Within Bounds (Buffer Overflow)
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.— MITRE CWE catalog
10,831 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-119page 122 of 217
- CVE-2018-12150MEDIUMCVSS 6.7EG 6.72018-09-12
Escalation of privilege in Installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially execute code or disclose information as administrator via local access.
- CVE-2018-12151MEDIUMCVSS 5.5EG 5.52018-09-12
Buffer overflow in installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially cause a buffer overflow potentially leading to a denial of service via local access.
- CVE-2018-12152HIGHCVSS 7.8EG 7.82018-10-10
Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unauthenticated remote user to potentially exe…
- CVE-2018-12159MEDIUMCVSS 5.5EG 5.52019-02-18
Buffer overflow in the command-line interface for Intel(R) PROSet Wireless v20.50 and before may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2018-12178CRITICALCVSS 9.1EG 9.12019-03-27
Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.
- CVE-2018-1218HIGHCVSS 7.5EG 7.52018-03-19
In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. A remote unauthenticated attacker could…
- CVE-2018-12191HIGHCVSS 7.6EG 7.62019-03-14
Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may…
- CVE-2018-12199MEDIUMCVSS 6.2EG 6.22019-03-14
Buffer overflow in an OS component in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel TXE version before 3.1.60 or 4.0.10 may allow a privileged user to potentially execute arbitrary code via physical access.
- CVE-2018-12201MEDIUMCVSS 6.7EG 6.72019-03-14
Buffer overflow vulnerability in Platform Sample / Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor, Intel(R) Pentium(R) Silver J5005 Processor, Intel(R) Pentium(R) Silver N5000 …
- CVE-2018-12206MEDIUMCVSS 5.5EG 5.52018-12-14
Improper configuration of hardware access in Intel QuickAssist Technology for Linux (all versions) may allow an authenticated user to potentially enable a denial of service via local access.
- CVE-2018-12208HIGHCVSS 7.6EG 7.62019-03-14
Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before 3.1.60 or 4.0.10, or Intel(R) Server Platform Services before version 5.00.04.012 may allow an unauth…
- CVE-2018-12210MEDIUMCVSS 6.5EG 6.52019-03-14
Multiple pointer dereferences in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) an…
- CVE-2018-12212MEDIUMCVSS 6.5EG 6.52019-03-14
Buffer overflow in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.63…
- CVE-2018-12213MEDIUMCVSS 6.0EG 6.02019-03-14
Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) an…
- CVE-2018-12214HIGHCVSS 8.2EG 8.22019-03-14
Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) an…
- CVE-2018-12233HIGHCVSS 7.8EG 7.82018-06-12
In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be …
- CVE-2018-12326HIGHCVSS 8.4EG 8.42018-06-17
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situatio…
- CVE-2018-12359HIGHCVSS 8.8EG 8.82018-10-18
A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploi…
- CVE-2018-12375HIGHCVSS 8.8EG 8.82018-10-18
Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62.
- CVE-2018-12376CRITICALCVSS 9.8EG 9.82018-10-18
Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability a…
- CVE-2018-12388HIGHCVSS 8.8EG 8.82019-02-28
Mozilla developers and community members reported memory safety bugs present in Firefox 62. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitra…
- CVE-2018-12389HIGHCVSS 8.8EG 8.82019-02-28
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run a…
- CVE-2018-12390CRITICALCVSS 9.8EG 9.82019-02-28
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exp…
- CVE-2018-12405CRITICALCVSS 9.8EG 9.82019-02-28
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exp…
- CVE-2018-12406HIGHCVSS 8.8EG 8.82019-02-28
Mozilla developers and community members reported memory safety bugs present in Firefox 63. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitra…
- CVE-2018-12407CRITICALCVSS 9.8EG 9.82019-02-28
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content, when working with the VertexBuffer11 module. This results in a potentially exploitable crash. This vulnerability affects…
- CVE-2018-12422CRITICALCVSS 9.8EG 9.82018-06-15
addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software mai…
- CVE-2018-12541MEDIUMCVSS 6.5EG 6.52018-10-10
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 byte…
- CVE-2018-12547CRITICALCVSS 9.8EG 9.82019-02-11
In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were no…
- CVE-2018-12548CRITICALCVSS 9.8EG 9.82019-01-31
In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code.
- CVE-2018-12640CRITICALCVSS 9.8EG 9.82018-06-23
The webService binary on Insteon HD IP Camera White 2864-222 devices has a Buffer Overflow via a crafted pid, pwd, or usr key in a GET request on port 34100.
- CVE-2018-12706CRITICALCVSS 9.8EG 9.82018-06-24
DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header.
- CVE-2018-12784CRITICALCVSS 9.8EG 9.82018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of t…
- CVE-2018-12810CRITICALCVSS 9.8EG 9.82018-08-29
Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution.
- CVE-2018-12811CRITICALCVSS 9.8EG 9.82018-08-29
Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution.
- CVE-2018-12853HIGHCVSS 7.8EG 7.82018-10-12
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.
- CVE-2018-12855HIGHCVSS 7.8EG 7.82018-10-12
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.
- CVE-2018-12897HIGHCVSS 7.8EG 7.82018-09-07
SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow.
- CVE-2018-12916CRITICALCVSS 9.8EG 9.82018-06-27
In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcP_message_default in proto.c.
- CVE-2018-12918CRITICALCVSS 9.8EG 9.82018-06-27
In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcB_register_fields in bootstrap.c.
- CVE-2018-12982MEDIUMCVSS 5.5EG 5.52018-06-29
Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.
- CVE-2018-1301MEDIUMCVSS 5.9EG 5.92018-03-26
A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not imposs…
- CVE-2018-13121MEDIUMCVSS 5.5EG 5.52018-07-03
RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file.
- CVE-2018-13381MEDIUMCVSS 5.3EG 5.32019-06-04
A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform…
- CVE-2018-13383MEDIUMCVSS 4.3EG 9.0⚠ KEV2019-05-29
A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination …
- CVE-2018-13847HIGHCVSS 7.5EG 7.52018-07-10
An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StcoAtom::AdjustChunkOffsets in Core/Ap4StcoAtom.cpp.
- CVE-2018-13848HIGHCVSS 7.5EG 7.52018-07-10
An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StszAtom::GetSampleSize in Core/Ap4StszAtom.cpp.
- CVE-2018-13869CRITICALCVSS 9.8EG 9.82018-07-10
An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c.
- CVE-2018-13888HIGHCVSS 7.8EG 7.82019-02-11
There is potential for memory corruption in the RIL daemon due to de reference of memory outside the allocated array length in RIL in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearab…
- CVE-2018-13893HIGHCVSS 7.8EG 7.82019-02-11
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace.
Map vulnerabilities like CWE-119 to your infrastructure
EchelonGraph correlates every CVE — across CWE-119 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →