CWE-119— Buffer Operations Within Bounds (Buffer Overflow)
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.— MITRE CWE catalog
10,834 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-119page 138 of 217
- CVE-2019-13518HIGHCVSS 7.8EG 7.82019-09-04
An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior.
- CVE-2019-13522HIGHCVSS 7.8EG 7.82019-09-04
An attacker could use a specially crafted project file to corrupt the memory and execute code under the privileges of the EZ PLC Editor Versions 1.8.41 and prior.
- CVE-2019-13619HIGHCVSS 7.5EG 7.52019-07-17
In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.
- CVE-2019-13726HIGHCVSS 8.8EG 8.82019-12-10
Buffer overflow in password manager in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
- CVE-2019-13942HIGHCVSS 7.5EG 7.52019-12-12
A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP…
- CVE-2019-14004CRITICALCVSS 9.8EG 9.82020-01-21
Buffer overflow occurs while processing invalid MKV clip, which has invalid EBML size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, S…
- CVE-2019-14006CRITICALCVSS 9.8EG 9.82020-01-21
Buffer overflow occur while playing the clip which is nonstandard due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapd…
- CVE-2019-14009HIGHCVSS 7.8EG 7.82020-04-16
Out of bound memory access while processing TZ command handler due to improper input validation on response length received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Indu…
- CVE-2019-14077HIGHCVSS 7.8EG 7.82020-06-02
Out of bound memory access while processing ese transmit command due to passing Response buffer received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdra…
- CVE-2019-14078HIGHCVSS 7.8EG 7.82020-06-02
Out of bound memory access while processing qpay due to not validating length of the response buffer provided by User. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdrago…
- CVE-2019-14100HIGHCVSS 7.8EG 7.82020-07-30
Register write via debugfs is disabled by default to prevent register writing via debugfs. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, …
- CVE-2019-14113CRITICALCVSS 9.8EG 9.82020-04-16
Buffer overflow can occur in In WLAN firmware while unwraping data using CCMP cipher suite during parsing of EAPOL handshake frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivit…
- CVE-2019-14130HIGHCVSS 7.8EG 7.82020-07-30
Memory corruption can occurs in trusted application if offset size from HLOS is more than actual mapped buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS40…
- CVE-2019-14215HIGHCVSS 7.5EG 7.52019-07-21
An issue was discovered in Foxit PhantomPDF before 8.3.11. The application could crash when calling xfa.event.rest XFA JavaScript due to accessing a wild pointer.
- CVE-2019-14296HIGHCVSS 7.8EG 7.82019-07-27
canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (SEGV or buffer overflow, and application crash) or possibly have unspecified other impact via a crafted UPX packed file.
- CVE-2019-14300CRITICALCVSS 9.8EG 9.82019-08-26
Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the prin…
- CVE-2019-14305HIGHCVSS 8.8EG 9.82019-08-26
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the …
- CVE-2019-14307HIGHCVSS 8.8EG 9.82019-08-26
Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depen…
- CVE-2019-14308CRITICALCVSS 9.8EG 9.82019-08-26
Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firmware versions depend on the printer mod…
- CVE-2019-1441HIGHCVSS 8.8EG 8.82019-11-12
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'.
- CVE-2019-14468HIGHCVSS 7.8EG 7.82019-08-01
GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via crafted COBOL source code.
- CVE-2019-14486HIGHCVSS 7.8EG 7.82019-08-01
GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c via crafted COBOL source code.
- CVE-2019-14569HIGHCVSS 7.8EG 7.82019-10-11
Pointer corruption in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
- CVE-2019-14608HIGHCVSS 7.8EG 7.82019-12-16
Improper buffer restrictions in firmware for Intel(R) NUC(R) may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2019-14698CRITICALCVSS 9.8EG 9.82019-08-06
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. In a CGI program running under the HTTPD web server, a buffer overflow in the param parameter leads to remote code execution in the context of the n…
- CVE-2019-14706HIGHCVSS 7.5EG 7.52019-08-06
A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be plac…
- CVE-2019-14708CRITICALCVSS 9.8EG 9.82019-08-06
An issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. A buffer overflow in the action parameter leads to remote code execution in the context of the nobody account.
- CVE-2019-15117HIGHCVSS 7.8EG 7.82019-08-16
parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.
- CVE-2019-15166LOWCVSS 1.6EG 7.52019-10-03
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
- CVE-2019-15240HIGHCVSS 8.0EG 8.02019-10-16
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user…
- CVE-2019-15241HIGHCVSS 8.0EG 8.02019-10-16
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user…
- CVE-2019-15242HIGHCVSS 8.0EG 8.02019-10-16
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user…
- CVE-2019-15243HIGHCVSS 8.0EG 8.02019-10-16
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user…
- CVE-2019-15244HIGHCVSS 8.0EG 8.02019-10-16
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user…
- CVE-2019-15245HIGHCVSS 8.0EG 8.02019-10-16
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user…
- CVE-2019-15246HIGHCVSS 8.0EG 8.02019-10-16
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user…
- CVE-2019-15247HIGHCVSS 8.0EG 8.02019-10-16
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user…
- CVE-2019-15248HIGHCVSS 8.0EG 8.02019-10-16
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user…
- CVE-2019-15249HIGHCVSS 8.0EG 8.02019-10-16
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user…
- CVE-2019-15250HIGHCVSS 8.0EG 8.02019-10-16
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user…
- CVE-2019-15251HIGHCVSS 8.0EG 8.02019-10-16
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user…
- CVE-2019-15252HIGHCVSS 8.0EG 8.02019-10-16
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user…
- CVE-2019-15283HIGHCVSS 7.8EG 7.82020-09-23
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to i…
- CVE-2019-15284HIGHCVSS 7.8EG 7.82019-11-26
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to i…
- CVE-2019-15285HIGHCVSS 7.8EG 7.82020-09-23
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to i…
- CVE-2019-15286HIGHCVSS 7.8EG 7.82019-11-26
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to i…
- CVE-2019-15287HIGHCVSS 7.8EG 7.82020-09-23
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to i…
- CVE-2019-15296HIGHCVSS 7.8EG 7.82019-08-21
An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The faad_resetbits function in libfaad/bits.c is affected by a buffer overflow vulnerability. The number of bits to be read is determined by ld->buffer_size - word…
- CVE-2019-15548CRITICALCVSS 9.8EG 9.82019-08-26
An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are instr and mvwinstr buffer overflows because interaction with C functions is mishandled.
- CVE-2019-15783CRITICALCVSS 9.8EG 9.82019-08-29
Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc.
Map vulnerabilities like CWE-119 to your infrastructure
EchelonGraph correlates every CVE — across CWE-119 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →