CWE-119 · Improper Restriction of Operations within the Bounds of a Memory Buffer

13989 CVEs classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). Browse by severity and year.

Top CVEs for CWE-119
CVESeverityScorePublishedSummary
CVE-2026-2778Critical10.02026-02-24Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox…
CVE-2026-2776Critical10.02026-02-24Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in Firefox 148, Firefox ESR 1…
CVE-2024-23616Critical10.02024-01-26A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability…
CVE-2024-23615Critical10.02024-01-26A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to a…
CVE-2024-23614Critical10.02024-01-26A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to ac…
CVE-2024-23613Critical10.02024-01-26A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit…
CVE-2022-27625Critical10.02022-10-20A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Ba…
CVE-2022-27624Critical10.02022-10-20A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Ban…
CVE-2021-21951Critical10.02021-12-08An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6…
CVE-2021-21950Critical10.02021-12-08An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6…
CVE-2020-11896Critical10.02020-06-17The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.
CVE-2020-0796Critical10.02020-03-12A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows S…
CVE-2015-0565Critical10.02020-02-25NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible.
CVE-2018-19417Critical10.02018-11-21An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length…
CVE-2017-12087Critical10.02018-04-24An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an a…
CVE-2017-16740Critical10.02018-01-09A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The stack-…
CVE-2017-10921Critical10.02017-07-05The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS…
CVE-2017-10920Critical10.02017-07-05The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, whi…
CVE-2017-3088Critical10.02017-06-20Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF runtime engine. Successful exploitation could…
CVE-2017-2788Critical10.02017-03-10A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's c…