CWE-119— Buffer Operations Within Bounds (Buffer Overflow)
10,736 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-119page 2 of 215
- CVE-2002-2333NONECVSS 0.0EG 0.02002-12-31
Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.
- CVE-2002-2357NONECVSS 0.0EG 0.02002-12-31
MailEnable 1.5 015 through 1.5 018 allows remote attackers to cause a denial of service (crash) via a long USER string, possibly due to a buffer overflow.
- CVE-2002-2366NONECVSS 0.0EG 0.02002-12-31
Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a skin with a long colors file name in trillian.xml.
- CVE-2002-2367NONECVSS 0.0EG 0.02002-12-31
Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hostname.
- CVE-2002-2368NONECVSS 0.0EG 0.02002-12-31
Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long username to (1) the GetString function in proxy.c for the SOCKS5 module or (2) t…
- CVE-2002-2372NONECVSS 0.0EG 0.02002-12-31
The telnet server in Infoprint 21 running controller software before 1.056007 allows remote attackers to cause a denial of service (crash) via a long username, possibly due to a buffer overflow.
- CVE-2002-2381NONECVSS 0.0EG 0.02002-12-31
Multiple buffer overflows in (1) tetrinet_inmessage, (2) speclist_add and (3) config-getthemeinfo of GTetrinet 0.4.3 and earlier allow remote attackers to casue a denial of service and possibly execute arbitrary code.
- CVE-2002-2385NONECVSS 0.0EG 0.02002-12-31
Buffer overflow in hotfoon4.exe in Hotfoon 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL containing a long voice phone number.
- CVE-2002-2388NONECVSS 0.0EG 0.02002-12-31
Buffer overflow in INweb POP3 mail server 2.01 allows remote attackers to cause a denial of service (crash) via a long HELO command.
- CVE-2002-2390NONECVSS 0.0EG 0.02002-12-31
Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request.
- CVE-2002-2396NONECVSS 0.0EG 0.02002-12-31
Buffer overflow in Advanced TFTP (atftp) 0.5 and 0.6, if installed setuid or setgid, may allow local users to execute arbitrary code via a long argument to the -g option.
- CVE-2002-2400NONECVSS 0.0EG 0.02002-12-31
Buffer overflow in the httpdProcessRequest function in LibHTTPD 1.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP POST request.
- CVE-2002-2404NONECVSS 0.0EG 0.02002-12-31
Buffer overflow in IISPop email server 1.161 and 1.181 allows remote attackers to cause a denial of service (crash) via a long request to the POP3 port (TCP port 110).
- CVE-2002-2411NONECVSS 0.0EG 0.02002-12-31
Buffer overflow in badmin.c in BannerWheel 1.0 allows remote attackers to execute arbitrary code via a long rcmd command.
- CVE-2003-0095NONECVSS 0.0EG 0.02003-03-03
Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform …
- CVE-2003-0096NONECVSS 0.0EG 0.02003-03-03
Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone arg…
- CVE-2003-0218NONECVSS 0.0EG 0.02003-05-12
Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body.
- CVE-2003-0222NONECVSS 0.0EG 0.02003-05-12
Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.
- CVE-2003-0227NONECVSS 0.0EG 0.02003-06-09
The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet…
- CVE-2003-0373NONECVSS 0.0EG 0.02003-06-16
Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code via (1) a long proto argument to the scanner_add_port …
- CVE-2003-0542NONECVSS 0.0EG 0.02003-11-03
Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with …
- CVE-2003-0662NONECVSS 0.0EG 0.02003-11-17
Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
- CVE-2003-0819NONECVSS 0.0EG 0.02004-02-17
Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUS…
- CVE-2003-0831NONECVSS 0.0EG 0.02003-11-17
ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
- CVE-2003-0903NONECVSS 0.0EG 0.02004-02-17
Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
- CVE-2003-1048HIGHCVSS 7.8EG 7.82004-07-27
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
- CVE-2003-1336NONECVSS 0.0EG 0.02003-12-31
Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL.
- CVE-2003-1337NONECVSS 0.0EG 0.02003-12-31
Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
- CVE-2003-1339NONECVSS 0.0EG 0.02003-12-31
Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotoshare, (b) eZmeeting, (c) eZnetwork, and (d) eZshare allows remote attackers to cause a denial of service (crash) or execute arbitrary code, as demonstrated via (1) a long …
- CVE-2003-1354NONECVSS 0.0EG 0.02003-12-31
Multiple GameSpy 3D 2.62 compatible gaming servers generate very large UDP responses to small requests, which allows remote attackers to use the servers as an amplifier in DDoS attacks with spoofed UDP query packets, as demonstrated using …
- CVE-2003-1355NONECVSS 0.0EG 0.02003-12-31
Buffer overflow in the remote console (rcon) in Battlefield 1942 1.2 and 1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long user name and password.
- CVE-2003-1359NONECVSS 0.0EG 0.02003-12-31
Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument.
- CVE-2003-1360NONECVSS 0.0EG 0.02003-12-31
Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable.
- CVE-2003-1368NONECVSS 0.0EG 0.02003-12-31
Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
- CVE-2003-1369NONECVSS 0.0EG 0.02003-12-31
Buffer overflow in ByteCatcher FTP client 1.04b allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
- CVE-2003-1374NONECVSS 0.0EG 0.02003-12-31
Buffer overflow in disable of HP-UX 11.0 may allow local users to execute arbitrary code via a long argument to the (1) -r or (2)-c options.
- CVE-2003-1375NONECVSS 0.0EG 0.02003-12-31
Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument.
- CVE-2003-1377NONECVSS 0.0EG 0.02003-12-31
Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) 0.4.0 and 0.4.4 allows remote attackers to execute arbitrary code via a client with a long hostname.
- CVE-2003-1382NONECVSS 0.0EG 0.02003-12-31
Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to execute arbitrary code via long domain names in (1) MAIL FROM or (2) RCPT TO fields.
- CVE-2003-1393NONECVSS 0.0EG 0.02003-12-31
Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long EXECUTE command.
- CVE-2003-1395NONECVSS 0.0EG 0.02003-12-31
Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server.
- CVE-2003-1397NONECVSS 0.0EG 0.02003-12-31
The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method.
- CVE-2003-1407NONECVSS 0.0EG 0.02003-12-31
Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command.
- CVE-2003-1415NONECVSS 0.0EG 0.02003-12-31
NetCharts XBRL Server 4.0.0 allows remote attackers to obtain sensitive information via an HTTP request with an invalid chunked transfer encoding specification.
- CVE-2003-1429NONECVSS 0.0EG 0.02003-12-31
Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers to execute arbitrary code via a long request.
- CVE-2003-1431NONECVSS 0.0EG 0.02003-12-31
Buffer overflow in Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (crash) via a long host string in the Unreal URL.
- CVE-2003-1445NONECVSS 0.0EG 0.02003-12-31
Stack-based buffer overflow in Far Manager 1.70beta1 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long pathname.
- CVE-2003-1446NONECVSS 0.0EG 0.02003-12-31
Buffer overflow in the save_into_file function in save.c for Rogue 5.2-2 allows local users to execute arbitrary code with games group privileges by setting a long HOME environment variable and invoking the save game function with a ~ (til…
- CVE-2003-1451NONECVSS 0.0EG 0.02003-12-31
Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attackers to execute arbitrary code via an e-mail attachment with a compressed ZIP file that contains a file with a long filename.
- CVE-2003-1455NONECVSS 0.0EG 0.02003-12-31
Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c in PoPToP 1.1.4-b1 through PoPToP 1.1.4-b3 allow local users to execute arbitrary code.
Map vulnerabilities like CWE-119 to your infrastructure
EchelonGraph correlates every CVE — across CWE-119 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →