CWE-119— Buffer Operations Within Bounds (Buffer Overflow)
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.— MITRE CWE catalog
10,834 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-119page 143 of 217
- CVE-2019-9792CRITICALCVSS 9.8EG 9.82019-04-26
The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentiall…
- CVE-2019-9793MEDIUMCVSS 5.9EG 5.92019-04-26
A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScri…
- CVE-2019-9799HIGHCVSS 7.5EG 7.52019-04-26
Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. This vulnerability affects Firefox < 66.
- CVE-2019-9800CRITICALCVSS 9.8EG 9.82019-07-23
Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of…
- CVE-2019-9810HIGHCVSS 8.8EG 8.82019-04-26
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
- CVE-2019-9814CRITICALCVSS 9.8EG 9.82019-07-23
Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitra…
- CVE-2019-9895CRITICALCVSS 9.8EG 9.82019-03-21
In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.
- CVE-2019-9932CRITICALCVSS 9.8EG 9.82019-08-28
Various Lexmark products have a Buffer Overflow (issue 2 of 3).
- CVE-2019-9933CRITICALCVSS 9.8EG 9.82019-08-28
Various Lexmark products have a Buffer Overflow (issue 3 of 3).
- CVE-2019-9962HIGHCVSS 7.8EG 7.82019-03-24
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy.
- CVE-2019-9963HIGHCVSS 7.8EG 7.82019-03-24
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap.
- CVE-2019-9964HIGHCVSS 7.8EG 7.82019-03-24
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey.
- CVE-2019-9965HIGHCVSS 7.8EG 7.82019-03-24
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlReAllocateHeap.
- CVE-2019-9966HIGHCVSS 7.8EG 7.82019-03-24
XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x38536c.
- CVE-2019-9967HIGHCVSS 7.8EG 7.82019-03-24
XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlPrefixUnicodeString.
- CVE-2019-9968HIGHCVSS 7.8EG 7.82019-03-24
XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlQueueWorkItem.
- CVE-2019-9969HIGHCVSS 7.8EG 7.82019-03-24
XnView Classic 2.48 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to xnview+0x385399.
- CVE-2020-0020MEDIUMCVSS 5.5EG 5.52020-02-13
In getAttributeRange of ExifInterface.java, there is a possible failure to redact location information from media files due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed…
- CVE-2020-0033HIGHCVSS 7.8EG 7.82020-03-10
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- CVE-2020-0045MEDIUMCVSS 6.4EG 6.42020-03-10
In StatsService::command of StatsService.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploit…
- CVE-2020-0103CRITICALCVSS 9.8EG 9.82020-05-14
In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possible invalid free due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for expl…
- CVE-2020-0160HIGHCVSS 8.8EG 8.82020-06-11
In setSyncSampleParams of SampleTable.cpp, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for expl…
- CVE-2020-0221CRITICALCVSS 9.8EG 9.82020-05-14
Airbrush FW's scratch memory allocator is susceptible to numeric overflow. When the overflow occurs, the next allocation could potentially return a pointer within the previous allocation's memory, which could lead to improper memory access…
- CVE-2020-0235CRITICALCVSS 9.8EG 9.82020-06-16
In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size" variable, and then use that variable as the size parameter for "copy_from_user", ending up overwriting memory following "crus_sp_hdr". "crus_sp_hdr" is a static variab…
- CVE-2020-0353MEDIUMCVSS 6.5EG 6.52020-09-17
In libmp4extractor, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: And…
- CVE-2020-0528HIGHCVSS 7.8EG 7.82020-06-15
Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local acces…
- CVE-2020-0542HIGHCVSS 7.8EG 7.82020-06-15
Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service vi…
- CVE-2020-0558MEDIUMCVSS 6.5EG 6.52020-04-15
Improper buffer restrictions in kernel mode driver for Intel(R) PROSet/Wireless WiFi products before version 21.70 on Windows 10 may allow an unprivileged user to potentially enable denial of service via adjacent access.
- CVE-2020-0575MEDIUMCVSS 5.5EG 5.52020-11-12
Improper buffer restrictions in the Intel(R) Unite Client for Windows* before version 4.2.13064 may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2020-0591MEDIUMCVSS 6.7EG 6.72020-11-12
Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2020-0593MEDIUMCVSS 6.7EG 6.72020-11-12
Improper buffer restrictions in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2020-0640HIGHCVSS 7.5EG 7.52020-01-14
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.
- CVE-2020-0650HIGHCVSS 7.8EG 7.82020-01-14
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0651, CVE…
- CVE-2020-0651HIGHCVSS 7.8EG 7.82020-01-14
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE…
- CVE-2020-0652HIGHCVSS 7.8EG 7.82020-01-14
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Memory Corruption Vulnerability'.
- CVE-2020-0653HIGHCVSS 7.8EG 7.82020-01-14
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE…
- CVE-2020-0662HIGHCVSS 8.8EG 8.82020-02-11
A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'.
- CVE-2020-0673HIGHCVSS 7.5EG 7.52020-02-11
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0674, CVE-2020-07…
- CVE-2020-0674HIGHCVSS 7.5EG 9.0⚠ KEV2020-02-11
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-07…
- CVE-2020-0675MEDIUMCVSS 5.5EG 5.52020-02-11
An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and r…
- CVE-2020-0676MEDIUMCVSS 5.5EG 5.52020-02-11
An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and r…
- CVE-2020-0677MEDIUMCVSS 5.5EG 5.52020-02-11
An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and r…
- CVE-2020-0687HIGHCVSS 8.8EG 8.82020-04-15
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'.
- CVE-2020-0708HIGHCVSS 7.8EG 7.82020-02-11
A remote code execution vulnerability exists when the Windows Imaging Library improperly handles memory.To exploit this vulnerability, an attacker would first have to coerce a victim to open a specially crafted file.The security update add…
- CVE-2020-0738HIGHCVSS 8.8EG 8.82020-02-11
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'.
- CVE-2020-0744MEDIUMCVSS 5.5EG 5.52020-02-11
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclos…
- CVE-2020-0748MEDIUMCVSS 5.5EG 5.52020-02-11
An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and r…
- CVE-2020-0759HIGHCVSS 8.8EG 8.82020-02-11
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.
- CVE-2020-0796CRITICALCVSS 10.0EG 10.0⚠ KEV2020-03-12
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
- CVE-2020-0801HIGHCVSS 8.8EG 8.82020-03-12
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0807, CVE-2020-0809, CVE-2020-0869.
Map vulnerabilities like CWE-119 to your infrastructure
EchelonGraph correlates every CVE — across CWE-119 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →