Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,227)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-20111 - - Nov 18, 2024 Nov 18, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different vulnerability than CVE-2019-12...Show more miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different vulnerability than CVE-2019-12107. In Bitcoin Core before 0.12, remote code execution was possible in conjunction with CVE-2015-6031 exploitation.Show less
CVE-2024-45971 1Mz Automation 1Libiec61850 Jun 17, 2026 Nov 15, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0 allow a malicious server to cause a stack-based buffer overflow via the MMS IdentifyResponse...Show more Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0 allow a malicious server to cause a stack-based buffer overflow via the MMS IdentifyResponse message.Show less
CVE-2024-45970 1Mz Automation 1Libiec61850 Jun 17, 2026 Nov 15, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit ac925fae8e281ac6defcd630e9dd756264e9c5bc allow a malicious server to cause a stack-based buffer overflow via the MMS FileDirResponse...Show more Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit ac925fae8e281ac6defcd630e9dd756264e9c5bc allow a malicious server to cause a stack-based buffer overflow via the MMS FileDirResponse message.Show less
CVE-2024-24450 - - Jun 17, 2026 Nov 15, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_resource_setup_response routine in OpenAirInterface CN5G AMF <= 2.0.0 allows a remote attacker with access to the N2 interface to carry out denial of serv...Show more Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_resource_setup_response routine in OpenAirInterface CN5G AMF <= 2.0.0 allows a remote attacker with access to the N2 interface to carry out denial of service against the AMF and potentially execute code by sending a PDU Session Resource Setup Response with a suffciently large FailedToSetupList IE.Show less
CVE-2024-24447 - - Jun 17, 2026 Nov 15, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A buffer overflow in the ngap_amf_handle_pdu_session_resource_setup_response function of oai-cn5g-amf up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a PDU Session Resource Setup Response with an emp...Show more A buffer overflow in the ngap_amf_handle_pdu_session_resource_setup_response function of oai-cn5g-amf up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a PDU Session Resource Setup Response with an empty Response Item list.Show less
CVE-2022-20846 1Cisco 1Ios Xr Jun 17, 2026 Nov 15, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the Cisco Discovery Protocol process to reload on an affe...Show more A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the Cisco Discovery Protocol process to reload on an affected device. This vulnerability is due to a heap buffer overflow in certain Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a heap overflow, which could cause the Cisco Discovery Protocol process to reload on the device. The bytes that can be written in the buffer overflow are restricted, which limits remote code execution.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).  Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see .Show less
CVE-2024-49778 1Justdan96 1Tsmuxer Jun 17, 2026 Nov 14, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A heap-based buffer overflow in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.
CVE-2024-49777 1Justdan96 1Tsmuxer Jun 17, 2026 Nov 14, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS), Information Disclosure and Code Execution via a crafted MKV video file.
CVE-2024-41217 1Justdan96 1Tsmuxer Jun 17, 2026 Nov 14, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02-00-45 allows attackers to cause Denial of Service (DoS) via a crafted MKV video file.
CVE-2024-41209 1Justdan96 1Tsmuxer Jun 17, 2026 Nov 14, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.
CVE-2024-41206 1Justdan96 1Tsmuxer Jun 17, 2026 Nov 14, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Information Disclosure via a crafted TS video file.
CVE-2024-50838 1Lopalopa 1E Learning Management System Jun 17, 2026 Nov 14, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the...Show more A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters.Show less
CVE-2024-50840 1Lopalopa 1E Learning Management System Jun 17, 2026 Nov 14, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class...Show more A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter.Show less
CVE-2024-50839 1Lopalopa 1E Learning Management System Jun 17, 2026 Nov 14, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the...Show more A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subject_code and title parameters.Show less
CVE-2024-50305 1Apache 1Traffic Server Jun 17, 2026 Nov 14, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the...Show more Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.Show less
CVE-2024-50956 - - Jun 17, 2026 Nov 13, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A buffer overflow in the RecvSocketData function of Inovance HCPLC_AM401-CPU1608TPTN 21.38.0.0, HCPLC_AM402-CPU1608TPTN 41.38.0.0, and HCPLC_AM403-CPU1608TN 81.38.0.0 allows attackers to cause a Denial of Service (DoS) o...Show more A buffer overflow in the RecvSocketData function of Inovance HCPLC_AM401-CPU1608TPTN 21.38.0.0, HCPLC_AM402-CPU1608TPTN 41.38.0.0, and HCPLC_AM403-CPU1608TN 81.38.0.0 allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted Modbus message.Show less
CVE-2024-8882 1Zyxel 10Gs1900 10hp Firmware Gs1900 16 FirmwareGs1900 24 Firmware+7 more Jun 17, 2026 Nov 12, 2024 N/A· v4 4.5 MEDIUM· v3 N/A· v2 A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial...Show more A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL.Show less
CVE-2024-52533 3Debian GnomeNetapp 4Active Iq Unified Manager Debian LinuxGlib+1 more Jun 17, 2026 Nov 11, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
CVE-2024-25254 1Mcafee 1Superscan Jun 17, 2026 Nov 11, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SuperScan v4.1 was discovered to contain a buffer overflow via the Hostname/IP parameter.
CVE-2024-25253 - - Jun 17, 2026 Nov 11, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Driver Booster v10.6 was discovered to contain a buffer overflow via the Host parameter under the Customize proxy module.

Previous 1...717273...212 Next