CWE-120— Buffer Copy without Checking Size (Classic Buffer Overflow)
4,164 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-120page 29 of 84
- CVE-2021-43637HIGHCVSS 8.8EG 8.82021-12-07
Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption …
- CVE-2021-44154HIGHCVSS 7.2EG 7.22021-12-13
An issue was discovered in Reprise RLM 14.2. By using an admin account, an attacker can write a payload to /goform/edit_opt, which will then be triggered when running the diagnostics (via /goform/diagnostics_doit), resulting in a buffer ov…
- CVE-2021-44283HIGHCVSS 7.5EG 7.52023-05-09
A buffer overflow in the component /Enclave.cpp of Electronics and Telecommunications Research Institute ShieldStore commit 58d455617f99705f0ffd8a27616abdf77bdc1bdc allows attackers to cause an information leak via a crafted structure from…
- CVE-2021-44343HIGHCVSS 7.8EG 7.82022-03-03
David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_read_data() in "/ok_png.c".
- CVE-2021-44428HIGHCVSS 7.5EG 7.52021-11-29
Pinkie 2.15 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1.
- CVE-2021-44429HIGHCVSS 7.5EG 7.52021-11-29
Serva 4.4.0 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1, a related issue to CVE-2013-0145.
- CVE-2021-44493HIGHCVSS 7.5EG 7.52022-04-15
An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative …
- CVE-2021-44538CRITICALCVSS 9.8EG 9.82021-12-14
The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote…
- CVE-2021-44622CRITICALCVSS 9.8EG 9.82022-03-10
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/check_reg_verify_code function which could let a remove malicious user execute arbitrary code via a crafted post request.
- CVE-2021-44623CRITICALCVSS 9.8EG 9.82022-03-10
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 via the /cloud_config/router_post/check_reset_pwd_verify_code interface.
- CVE-2021-44625CRITICALCVSS 9.8EG 9.82022-03-10
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request.
- CVE-2021-44626CRITICALCVSS 9.8EG 9.82022-03-10
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reg_verify_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
- CVE-2021-44627CRITICALCVSS 9.8EG 9.82022-03-10
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/get_reset_pwd_veirfy_code feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
- CVE-2021-44628CRITICALCVSS 9.8EG 9.82022-03-10
A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3.8 in thee /cloud_config/router_post/login feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
- CVE-2021-44629CRITICALCVSS 9.8EG 9.82022-03-10
A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
- CVE-2021-44630CRITICALCVSS 9.8EG 9.82022-03-10
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
- CVE-2021-44631CRITICALCVSS 9.8EG 9.82022-03-10
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/reset_cloud_pwd feature, which allows malicous users to execute arbitrary code on the system via a crafted post request.
- CVE-2021-44632CRITICALCVSS 9.8EG 9.82022-03-10
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.
- CVE-2021-44738CRITICALCVSS 9.8EG 9.82022-01-20
Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.
- CVE-2021-44850MEDIUMCVSS 6.8EG 6.82022-02-10
On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. Because the Zynq-7000's boot image header is unencrypted and unauthenticated before use, an attacker can modify the …
- CVE-2021-44864MEDIUMCVSS 6.5EG 6.52022-02-08
TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. Authenticated attackers can crash router httpd services via /userRpm/PingIframeRpm.htm request which contains redundant & in parameter.
- CVE-2021-44957MEDIUMCVSS 6.5EG 6.52022-02-08
Global buffer overflow vulnerability exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23705. Issue is in the jfif_encode function at ffjpeg/src/jfif.c (line 708) could cause a Denial of Service by using a crafted jpeg file.
- CVE-2021-44975MEDIUMCVSS 5.5EG 5.52022-05-24
radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser.
- CVE-2021-45039CRITICALCVSS 9.8EG 9.82023-05-31
Multiple models of the Uniview IP Camera (e.g., IPC_G6103 B6103.16.10.B25.201218, IPC_G61, IPC21, IPC23, IPC32, IPC36, IPC62, and IPC_HCMN) offer an undocumented UDP service on port 7788 that allows a remote unauthenticated attacker to ove…
- CVE-2021-45341HIGHCVSS 8.8EG 8.82022-01-25
A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.
- CVE-2021-45342HIGHCVSS 7.8EG 7.82022-01-25
A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.
- CVE-2021-45345HIGHCVSS 7.5EG 7.52023-05-10
Buffer Overflow vulnerability found in En3rgy WebcamServer v.0.5.2 allows a remote attacker to cause a denial of service via the WebcamServer.exe file.
- CVE-2021-45423CRITICALCVSS 9.8EG 9.82023-03-13
A Buffer Overflow vulnerabilityexists in Pev 0.81 via the pe_exports function from exports.c.. The array offsets_to_Names is dynamically allocated on the stack using exp->NumberOfFunctions as its size. However, the loop uses exp->NumberOfN…
- CVE-2021-45429MEDIUMCVSS 5.5EG 5.52022-02-04
A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara/libyara.c, which could cause a Denial of Service.
- CVE-2021-45523MEDIUMCVSS 5.7EG 5.72021-12-26
NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflow by an authenticated user.
- CVE-2021-45524HIGHCVSS 7.6EG 7.62021-12-26
NETGEAR R8000 devices before 1.0.4.62 are affected by a buffer overflow by an authenticated user.
- CVE-2021-45525MEDIUMCVSS 6.1EG 6.12021-12-26
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects EX7000 before 1.0.1.80, R6400 before 1.0.1.50, R6400v2 before 1.0.4.118, R6700 before 1.0.2.8, R6700v3 before 1.0.4.118, R6900 before 1.0.2.8,…
- CVE-2021-45526HIGHCVSS 7.3EG 7.32021-12-26
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects EX6000 before 1.0.0.38, EX6120 before 1.0.0.48, EX6130 before 1.0.0.30, R6300v2 before 1.0.4.52, R6400 before 1.0.1.52, R7000 before 1.0.11.12…
- CVE-2021-45527CRITICALCVSS 9.6EG 9.62021-12-26
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.68, D6400 before 1.0.0.102, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.54, EX7000 before 1.0.1.94,…
- CVE-2021-45528HIGHCVSS 8.1EG 8.12021-12-26
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6300v2 before 1.0.4.52, R6400 before 1.0.1.52, R6900 before 1.0.2.8, R7000 before 1.0.9.88, R7900 before 1.0.3.18, R8000 before 1.0.4.46, R79…
- CVE-2021-45529HIGHCVSS 7.3EG 7.32021-12-26
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects CBR40 before 2.3.5.12, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R6400 before 1.0.1.70, R7000 before 1.0.11.126, R6900P before 1.3.2.124…
- CVE-2021-45530MEDIUMCVSS 4.5EG 4.52021-12-26
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R7000 before 1.0.11.126, R7960P before 1.4.2.84, R8000 before 1.0.4.74, RAX200 before 1.0.4.120, R8000P before 1.4.2.84, RAX20 before 1.0.2.82…
- CVE-2021-45608MEDIUMCVSS 6.5EG 9.82021-12-26
Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. Remote code execution from the WAN interface (TCP port 20005) cannot be ruled out; however, ex…
- CVE-2021-45609CRITICALCVSS 9.6EG 9.62021-12-26
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6250 before 1.0.4.48, R7000 before 1.0.11.116, R7100LG before 1.0.0.64, R7900 before 1.0.4.38, R8300 before 1.0.…
- CVE-2021-45610CRITICALCVSS 9.6EG 9.62021-12-26
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.66, D6400 before 1.0.0.100, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.52, DGN2200v4 before …
- CVE-2021-45611CRITICALCVSS 9.6EG 9.62021-12-26
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects DC112A before 1.0.0.52, R6400 before 1.0.1.68, RAX200 before 1.0.3.106, WNDR3400v3 before 1.0.1.38, XR300 before 1.0.3.68, R8500 before …
- CVE-2021-45756CRITICALCVSS 9.8EG 9.82022-03-23
Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi.
- CVE-2021-45757HIGHCVSS 7.5EG 7.52022-03-23
ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS).
- CVE-2021-45856HIGHCVSS 7.5EG 7.52022-01-10
Accu-Time Systems MAXIMUS 1.0 telnet service suffers from a remote buffer overflow which causes the telnet service to crash
- CVE-2021-45969HIGHCVSS 8.2EG 8.22022-01-05
An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) b…
- CVE-2021-45970HIGHCVSS 8.2EG 8.22022-01-05
An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) br…
- CVE-2021-45971HIGHCVSS 8.2EG 8.22022-01-06
An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode)…
- CVE-2021-46064HIGHCVSS 7.8EG 7.82022-03-23
IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of the binary). The vulnerability triggers when the user opens malicious .tiff image.
- CVE-2021-46122HIGHCVSS 7.2EG 7.22022-04-18
Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to Buffer Overflow via the Password reset feature.
- CVE-2021-46225MEDIUMCVSS 6.5EG 6.52022-01-12
A buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allows attackers to cause a Denial of Service (DoS) via a crafted MESH file.
Map vulnerabilities like CWE-120 to your infrastructure
EchelonGraph correlates every CVE — across CWE-120 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →