Skip to main content

Product Directory Enterprise Compliance Pulse AI Analyst Compare Docs

Login Start Free

Loading...

Cloud security intelligence for modern infrastructure.

Stay informed

📬 Product updates & blog posts🛡️ CVE & vendor advisory alerts

Frequency:

Sent from noreply@echelongraph.io · Unsubscribe anytime

Product

Overview
Enterprise
Agents
AI Analyst
Pricing
Compare
vs. Competitors

Resources

CVE Pulse
Compliance Directory
Newsletter
Documentation
Readiness Calculator
Blog

Security Tools

Surface Scanner
AI Security Index
AI Threat Map
Shadow AI Radar
Shadow Engine Map

Company

Design Partners
Changelog
Contact

Legal

Privacy
Terms
Security
DPA

© 2026 EchelonGraph, Inc. All rights reserved.

SOC 2 Type IIISO 27001GDPRHIPAA Ready

Home›CVE Pulse›CWE-120

CWE-120— Buffer Copy without Checking Size (Classic Buffer Overflow)

4,164 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-120page 42 of 84

CVE-2023-22745MEDIUMCVSS 6.4EG 6.4
2023-01-19
tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In versions prior to 4.1.0-rc0, 4.0.1, and 3.2.2-rc1, `Tss2_RC_SetHandler` and `Tss2_RC_Decode` …
CVE-2023-22752CRITICALCVSS 9.8EG 9.8
2023-03-01
There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Su…
CVE-2023-22753HIGHCVSS 8.1EG 9.8
2023-03-01
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of the…
CVE-2023-22754HIGHCVSS 8.1EG 9.8
2023-03-01
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of the…
CVE-2023-22755HIGHCVSS 8.1EG 9.8
2023-03-01
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of the…
CVE-2023-22756HIGHCVSS 8.1EG 9.8
2023-03-01
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of the…
CVE-2023-22757HIGHCVSS 8.1EG 9.8
2023-03-01
There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of the…
CVE-2023-22779CRITICALCVSS 9.8EG 9.8
2023-05-08
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP …
CVE-2023-22780CRITICALCVSS 9.8EG 9.8
2023-05-08
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP …
CVE-2023-22781CRITICALCVSS 9.8EG 9.8
2023-05-08
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP …
CVE-2023-22782CRITICALCVSS 9.8EG 9.8
2023-05-08
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP …
CVE-2023-22783CRITICALCVSS 9.8EG 9.8
2023-05-08
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP …
CVE-2023-22784CRITICALCVSS 9.8EG 9.8
2023-05-08
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP …
CVE-2023-22785CRITICALCVSS 9.8EG 9.8
2023-05-08
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP …
CVE-2023-22786CRITICALCVSS 9.8EG 9.8
2023-05-08
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP …
CVE-2023-22915HIGHCVSS 7.5EG 7.5
2023-04-24
A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35,…
CVE-2023-22917HIGHCVSS 7.5EG 7.5
2023-04-24
A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-…
CVE-2023-22922HIGHCVSS 7.5EG 7.5
2023-05-01
A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets if Telnet is enabled on a vulnerable devi…
CVE-2023-22924MEDIUMCVSS 4.9EG 4.9
2023-05-01
A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing crafted…
CVE-2023-23143HIGHCVSS 7.8EG 7.8
2023-01-20
Buffer overflow vulnerability in function avc_parse_slice in file media_tools/av_parsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-master.
CVE-2023-23300CRITICALCVSS 9.8EG 9.8
2023-05-23
The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with …
CVE-2023-23302CRITICALCVSS 9.8EG 9.8
2023-05-23
The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API…
CVE-2023-23303CRITICALCVSS 9.8EG 9.8
2023-05-23
The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call th…
CVE-2023-23305CRITICALCVSS 9.8EG 9.8
2023-05-23
The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the devi…
CVE-2023-23363HIGHCVSS 8.1EG 8.1
2023-09-22
A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the …
CVE-2023-23364HIGHCVSS 8.1EG 8.1
2023-09-22
A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the…
CVE-2023-23494MEDIUMCVSS 5.3EG 5.3
2023-05-08
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to cause a denial-of-service.
CVE-2023-23513CRITICALCVSS 9.8EG 9.8
2023-02-27
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. Mounting a maliciously crafted Samba network share may lead to arbitrary code exec…
CVE-2023-23535MEDIUMCVSS 5.5EG 5.5
2023-05-08
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.6, tvOS 16.4, watchOS 9.4. Processing a mal…
CVE-2023-23539HIGHCVSS 7.8EG 7.8
2023-06-23
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution.
CVE-2023-24019HIGHCVSS 8.1EG 7.5
2023-07-06
A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious pa…
CVE-2023-24169CRITICALCVSS 9.8EG 9.8
2023-01-26
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c.
CVE-2023-24294HIGHCVSS 7.5EG 7.5
2023-11-29
Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered to contain a buffer overflow via the component NetlinkWeb::Information::SetDeviceIdentification.
CVE-2023-24482CRITICALCVSS 10.0EG 9.8
2023-02-14
A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.3.3.9), COMOS V10.3.3.4 (All versions < …
CVE-2023-24548MEDIUMCVSS 5.3EG 5.3
2023-08-29
On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be su…
CVE-2023-24584HIGHCVSS 7.5EG 7.5
2023-06-01
Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50…
CVE-2023-24809MEDIUMCVSS 5.5EG 5.5
2023-02-17
NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the "C" (call) command can cause a buffer overflow and crash the NetHack process. This vulnerability may be a sec…
CVE-2023-24851HIGHCVSS 7.8EG 7.8
2023-07-04
Memory Corruption in WLAN HOST while parsing QMI response message from firmware.
CVE-2023-25076CRITICALCVSS 9.8EG 9.8
2023-03-30
A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP or TLS packet can lead to arbitrary cod…
CVE-2023-25433MEDIUMCVSS 5.5EG 9.8
2023-06-29
libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.
CVE-2023-25434HIGHCVSS 8.8EG 8.8
2023-06-14
libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.
CVE-2023-25435MEDIUMCVSS 5.5EG 8.8
2023-06-21
libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.
CVE-2023-25505HIGHCVSS 7.8EG 7.8
2023-04-22
NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, …
CVE-2023-25642MEDIUMCVSS 5.9EG 5.9
2023-12-14
There is a buffer overflow vulnerability in some ZTE mobile internet producsts. Due to insufficient validation of tcp port parameter, an authenticated attacker could use the vulnerability to perform a denial of service attack.
CVE-2023-25664HIGHCVSS 7.5EG 7.5
2023-03-25
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.
CVE-2023-2597HIGHCVSS 7.0EG 7.0
2023-05-22
In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.
CVE-2023-26075HIGHCVSS 7.6EG 9.8
2023-03-10
An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. An intra-object overflow in the 5G…
CVE-2023-26076HIGHCVSS 7.6EG 9.8
2023-03-13
An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. An intra-object overflow in the 5G SM message codec can occur due to in…
CVE-2023-26109HIGHCVSS 7.3EG 9.8
2023-03-09
All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.
CVE-2023-26110HIGHCVSS 7.3EG 9.8
2023-03-09
All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.

← PreviousPage 42 of 84Next →

Map vulnerabilities like CWE-120 to your infrastructure

EchelonGraph correlates every CVE — across CWE-120 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →