CWE-119— Buffer Operations Within Bounds (Buffer Overflow)
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.— MITRE CWE catalog
10,831 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-119page 126 of 217
- CVE-2018-18820HIGHCVSS 8.1EG 8.12018-11-05
A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to …
- CVE-2018-18861CRITICALCVSS 9.8EG 9.82018-11-20
Buffer overflow in PCMan FTP Server 2.0.7 allows for remote code execution via the APPE command.
- CVE-2018-18920HIGHCVSS 8.8EG 8.82018-11-12
Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This…
- CVE-2018-18944HIGHCVSS 7.5EG 7.52019-06-18
Artha ~ The Open Thesaurus 1.0.3.0 has a Buffer Overflow.
- CVE-2018-18956HIGHCVSS 7.5EG 7.52018-11-05
The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP parser, as exploited in the wild in November 2…
- CVE-2018-18959HIGHCVSS 7.5EG 7.52018-12-24
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATION/BONJOUR is more than 251 bytes when se…
- CVE-2018-18983HIGHCVSS 8.8EG 8.82018-11-30
VT-Designer Version 2.1.7.31 is vulnerable by the program reading the contents of a file (which is already in memory) into another heap-based buffer, which may cause the program to crash or allow remote code execution.
- CVE-2018-19036CRITICALCVSS 9.8EG 9.82018-12-17
An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface.
- CVE-2018-19130MEDIUMCVSS 6.5EG 6.52018-11-09
In Libav 12.3, there is an invalid memory access in vc1_decode_frame in libavcodec/vc1dec.c that allows attackers to cause a denial-of-service via a crafted aac file. NOTE: This may be a duplicate of CVE-2017-17127
- CVE-2018-19150HIGHCVSS 7.8EG 7.82018-11-10
Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdfforge PDF Architect 6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of a "Data from Faulting Ad…
- CVE-2018-19183HIGHCVSS 7.5EG 7.52018-11-12
ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a "code: Buffer.from(my_code, 'hex')" attribute. NOTE: the vendor disputes this because REVERT is a normal bytecode that can be triggered…
- CVE-2018-19219MEDIUMCVSS 6.5EG 6.52018-11-12
In LibSass 3.5-stable, there is an illegal address access at Sass::Eval::operator that will lead to a DoS attack.
- CVE-2018-1922HIGHCVSS 8.4EG 7.82019-03-11
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152858.
- CVE-2018-1923HIGHCVSS 8.4EG 7.82019-03-11
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152859.
- CVE-2018-19240CRITICALCVSS 9.8EG 9.82018-12-20
Buffer overflow in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST …
- CVE-2018-19241HIGHCVSS 7.5EG 7.52018-12-20
Buffer overflow in video.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST re…
- CVE-2018-19242HIGHCVSS 8.8EG 8.82018-12-20
Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication).
- CVE-2018-19278HIGHCVSS 7.5EG 7.52018-11-14
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to mat…
- CVE-2018-19417CRITICALCVSS 10.0EG 10.02018-11-21
An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer…
- CVE-2018-19442CRITICALCVSS 9.8EG 9.82019-04-25
A Buffer Overflow in Network::AuthenticationClient::VerifySignature in /bin/astro in Neato Botvac Connected 2.2.0 allows a remote attacker to execute arbitrary code with root privileges via a crafted POST request to a vendors/neato/robots/…
- CVE-2018-19459HIGHCVSS 7.8EG 7.82018-11-22
Adult Filter 1.0 has a Buffer Overflow via a crafted Black Domain List file.
- CVE-2018-19491HIGHCVSS 7.8EG 7.82018-11-23
An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed…
- CVE-2018-19492HIGHCVSS 7.8EG 7.82018-11-23
An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument…
- CVE-2018-19523MEDIUMCVSS 5.5EG 5.52019-01-03
DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x80002068) with a user defined buffer size. If the size of the buffer is less than 512 bytes, then the driver will overwrite the next pool hea…
- CVE-2018-19528CRITICALCVSS 9.8EG 9.82018-11-26
TP-Link TL-WR886N 7.0 1.1.0 devices allow remote attackers to cause a denial of service (Tlb Load Exception) via crafted DNS packets to port 53/udp.
- CVE-2018-19567MEDIUMCVSS 5.5EG 5.52018-11-26
A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
- CVE-2018-19568MEDIUMCVSS 5.5EG 5.52018-11-26
A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.
- CVE-2018-19587MEDIUMCVSS 6.5EG 6.52018-11-27
In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function.
- CVE-2018-1978HIGHCVSS 8.4EG 7.82019-03-11
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceI…
- CVE-2018-19792MEDIUMCVSS 6.7EG 6.72018-12-03
The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked…
- CVE-2018-1980HIGHCVSS 8.4EG 7.82019-03-11
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceI…
- CVE-2018-19800CRITICALCVSS 9.8EG 9.82019-06-07
aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo.
- CVE-2018-19861CRITICALCVSS 9.8EG 9.82019-01-03
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. NOTE: this product is discontinued.
- CVE-2018-19862CRITICALCVSS 9.8EG 9.82019-01-03
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP POST request. NOTE: this product is discontinued.
- CVE-2018-19864CRITICALCVSS 9.8EG 9.82018-12-05
NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device.
- CVE-2018-19873CRITICALCVSS 9.8EG 9.82018-12-26
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
- CVE-2018-19886MEDIUMCVSS 5.5EG 5.52018-12-06
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of…
- CVE-2018-19887MEDIUMCVSS 5.5EG 5.52018-12-06
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of…
- CVE-2018-19888MEDIUMCVSS 5.5EG 5.52018-12-06
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of…
- CVE-2018-19889MEDIUMCVSS 5.5EG 5.52018-12-06
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of…
- CVE-2018-19890MEDIUMCVSS 5.5EG 5.52018-12-06
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of…
- CVE-2018-19891MEDIUMCVSS 5.5EG 5.52018-12-06
An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of…
- CVE-2018-1992MEDIUMCVSS 6.4EG 6.42019-03-21
The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a b…
- CVE-2018-19978HIGHCVSS 8.0EG 8.02019-05-29
A buffer overflow vulnerability in the DHCP and PPPOE configuration interface of the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows a remote attacker (authenticated as simple user in the same network as the device) to trigger remote …
- CVE-2018-1999011HIGHCVSS 8.8EG 8.82018-07-23
FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. This attack appears to be expl…
- CVE-2018-20097MEDIUMCVSS 6.5EG 6.52018-12-12
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
- CVE-2018-20182CRITICALCVSS 9.8EG 9.82019-03-15
rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution.
- CVE-2018-20213HIGHCVSS 7.5EG 7.52018-12-18
wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows attackers to cause a denial of service (SEGV) via a long name. NOTE: this is not a Microsoft product.
- CVE-2018-20248CRITICALCVSS 9.8EG 9.82018-12-24
In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile…
- CVE-2018-20249HIGHCVSS 8.8EG 8.82018-12-24
In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref entries using the DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out…
Map vulnerabilities like CWE-119 to your infrastructure
EchelonGraph correlates every CVE — across CWE-119 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →