CWE-119— Buffer Operations Within Bounds (Buffer Overflow)
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.— MITRE CWE catalog
10,834 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-119page 139 of 217
- CVE-2019-15785CRITICALCVSS 9.8EG 9.82019-08-29
FontForge 20190813 through 20190820 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c.
- CVE-2019-15786CRITICALCVSS 9.8EG 9.82019-08-29
ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large rxpacket.
- CVE-2019-15880CRITICALCVSS 9.8EG 9.82020-05-13
In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, insufficient checking in the cryptodev module allocated the size of a kernel buffer based on a user-supplied length allowing an unprivileged process to trigger a kernel pan…
- CVE-2019-15945MEDIUMCVSS 6.4EG 6.42019-09-05
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.
- CVE-2019-15946MEDIUMCVSS 6.4EG 6.42019-09-05
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.
- CVE-2019-15992HIGHCVSS 7.2EG 7.22020-09-23
A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrar…
- CVE-2019-1605HIGHCVSS 7.8EG 7.82019-03-08
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary code as root. The vulnerability is due to incorrect input validation in the NX-API feature. An attacker could e…
- CVE-2019-16058HIGHCVSS 7.5EG 7.52019-09-06
An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits dependi…
- CVE-2019-1616HIGHCVSS 8.6EG 7.52019-03-11
A vulnerability in the Cisco Fabric Services component of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulnerability is due to insuff…
- CVE-2019-1630MEDIUMCVSS 5.5EG 5.52019-06-20
A vulnerability in the firmware signature checking program of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to cause a buffer overflow, resulting in a denial of service (DoS) condition. The vulne…
- CVE-2019-1637HIGHCVSS 7.8EG 7.82019-01-23
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the…
- CVE-2019-1638HIGHCVSS 7.8EG 7.82019-01-23
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the…
- CVE-2019-1639HIGHCVSS 7.8EG 7.82019-01-23
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the…
- CVE-2019-1640HIGHCVSS 7.8EG 7.82019-01-23
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the…
- CVE-2019-1641HIGHCVSS 7.8EG 7.82019-01-23
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the…
- CVE-2019-16446CRITICALCVSS 9.8EG 9.82019-12-19
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability.…
- CVE-2019-16455CRITICALCVSS 9.8EG 9.82019-12-19
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability.…
- CVE-2019-16460CRITICALCVSS 9.8EG 9.82019-12-19
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability.…
- CVE-2019-16463CRITICALCVSS 9.8EG 9.82019-12-19
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an untrusted pointer dereference vulnerability.…
- CVE-2019-1651CRITICALCVSS 9.9EG 8.82019-01-24
A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and execute arbitrary code as the root user. The vulnerability is due to improper bou…
- CVE-2019-1663CRITICALCVSS 9.8EG 9.82019-02-28
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to …
- CVE-2019-16707MEDIUMCVSS 6.5EG 6.52019-09-23
Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.
- CVE-2019-1684MEDIUMCVSS 6.5EG 6.52019-02-21
A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexp…
- CVE-2019-17006CRITICALCVSS 9.8EG 9.82020-10-22
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a…
- CVE-2019-17135HIGHCVSS 7.8EG 7.82020-02-08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op…
- CVE-2019-17320CRITICALCVSS 9.8EG 9.82019-10-10
NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by se…
- CVE-2019-17562CRITICALCVSS 9.8EG 9.82020-05-14
A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual rout…
- CVE-2019-1767MEDIUMCVSS 6.7EG 6.72019-05-15
A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This co…
- CVE-2019-1768MEDIUMCVSS 6.7EG 6.72019-05-16
A vulnerability in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This co…
- CVE-2019-1771HIGHCVSS 7.8EG 7.82019-05-15
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the…
- CVE-2019-1772HIGHCVSS 7.8EG 7.82019-05-15
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the…
- CVE-2019-1773HIGHCVSS 7.8EG 7.82019-05-15
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the…
- CVE-2019-18236HIGHCVSS 7.8EG 7.82019-12-23
Multiple buffer overflow vulnerabilities exist when the PLC Editor Version 1.3.5_20190129 processes project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
- CVE-2019-18281MEDIUMCVSS 4.3EG 4.32019-10-23
An out-of-bounds memory access in the generateDirectionalRuns() function in qtextengine.cpp in Qt qtbase 5.11.x and 5.12.x before 5.12.5 allows attackers to cause a denial of service by crashing an application via a text file containing ma…
- CVE-2019-1871HIGHCVSS 7.2EG 7.22019-08-21
A vulnerability in the Import Cisco IMC configuration utility of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition and implement arbitrary commands with …
- CVE-2019-1892HIGHCVSS 7.5EG 7.52019-07-06
A vulnerability in the Secure Sockets Layer (SSL) input packet processor of Cisco Small Business 200, 300, and 500 Series Managed Switches could allow an unauthenticated, remote attacker to cause a memory corruption on an affected device. …
- CVE-2019-1901HIGHCVSS 8.8EG 8.82019-07-31
A vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an adjacent, unauthenticated attacker to cause a denial of service (…
- CVE-2019-1913CRITICALCVSS 9.8EG 9.82019-08-07
Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the execution of arbitrary code with root pr…
- CVE-2019-1924HIGHCVSS 7.8EG 7.82019-08-07
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because …
- CVE-2019-1925HIGHCVSS 7.8EG 7.82019-08-07
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because …
- CVE-2019-1926HIGHCVSS 7.8EG 7.82019-08-07
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because …
- CVE-2019-1927HIGHCVSS 7.8EG 7.82019-08-07
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because …
- CVE-2019-1928HIGHCVSS 7.8EG 7.82019-08-07
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because …
- CVE-2019-1929HIGHCVSS 7.8EG 7.82019-08-07
Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because …
- CVE-2019-19415HIGHCVSS 7.5EG 7.52020-07-08
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient veri…
- CVE-2019-19416HIGHCVSS 7.5EG 7.52020-07-08
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient veri…
- CVE-2019-19417HIGHCVSS 7.5EG 7.52020-07-08
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient veri…
- CVE-2019-19481MEDIUMCVSS 4.6EG 4.62019-12-01
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.
- CVE-2019-19581MEDIUMCVSS 6.5EG 6.52019-12-11
An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. In a number of places bitmaps are being used by the hyperviso…
- CVE-2019-19601HIGHCVSS 7.8EG 7.82019-12-05
OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of an incorrect sprintf.
Map vulnerabilities like CWE-119 to your infrastructure
EchelonGraph correlates every CVE — across CWE-119 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →