Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,227)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-51002 1Netgear 4R6400v2 Firmware R7000p FirmwareR8500 Firmware+1 more Jun 17, 2026 Nov 5, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the l2tp_user_ip parameter at l2tp.cgi. This vulnerability allows attackers to cause a...Show more Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the l2tp_user_ip parameter at l2tp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.Show less
CVE-2024-51001 1Netgear 1R8500 Firmware Jun 17, 2026 Nov 5, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the sysDNSHost parameter at ddns.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-51000 1Netgear 1R8500 Firmware Jun 17, 2026 Nov 5, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component wireless.cgi via the opmode, opmode_an, and opmode_an_2 parameters. These vulnerabilities allow attackers to cau...Show more Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component wireless.cgi via the opmode, opmode_an, and opmode_an_2 parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request.Show less
CVE-2024-50999 1Netgear 1R8500 Firmware Jun 17, 2026 Nov 5, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at password.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted reque...Show more Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at password.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.Show less
CVE-2024-50998 1Netgear 1R8500 Firmware Jun 17, 2026 Nov 5, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component openvpn.cgi via the openvpn_service_port and openvpn_service_port_tun parameters. These vulnerabilities allow at...Show more Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component openvpn.cgi via the openvpn_service_port and openvpn_service_port_tun parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request.Show less
CVE-2024-50997 1Netgear 4R6400v2 Firmware R7000p FirmwareR8500 Firmware+1 more Jun 17, 2026 Nov 5, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. This vulnerability allows attackers to cause a...Show more Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.Show less
CVE-2024-50996 1Netgear 4R6400v2 Firmware R7000p FirmwareR8500 Firmware+1 more Jun 17, 2026 Nov 5, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. This vulnerability allows attackers to cause...Show more Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.Show less
CVE-2024-50995 1Netgear 1R8500 Firmware Jun 17, 2026 Nov 5, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST reque...Show more Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.Show less
CVE-2024-50994 1Netgear 1R8500 Firmware Jun 17, 2026 Nov 5, 2024 N/A· v4 5.7 MEDIUM· v3 N/A· v2 Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component ipv6_fix.cgi via the ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, and ipv6_lan_length parameters. These vu...Show more Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component ipv6_fix.cgi via the ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, and ipv6_lan_length parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request.Show less
CVE-2024-38423 1Qualcomm 203205 Mobile Platform Firmware 215 Mobile Platform Firmware315 5g Iot Modem Firmware+200 more Jun 17, 2026 Nov 4, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption while processing GPU page table switch.
CVE-2024-38409 1Qualcomm 25Fastconnect 6700 Firmware Fastconnect 6900 FirmwareFastconnect 7800 Firmware+22 more Jun 17, 2026 Nov 4, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption while station LL statistic handling.
CVE-2024-33030 1Qualcomm 22Ar8035 Firmware Fastconnect 6900 FirmwareFastconnect 7800 Firmware+19 more Jun 17, 2026 Nov 4, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Memory corruption while parsing IPC frequency table parameters for LPLH that has size greater than expected size.
CVE-2024-44234 1Apple 6Ipados Iphone OsMacos+3 more Jun 17, 2026 Nov 1, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1,...Show more The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination.Show less
CVE-2024-44233 1Apple 6Ipados Iphone OsMacos+3 more Jun 17, 2026 Nov 1, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1,...Show more The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination.Show less
CVE-2024-44232 1Apple 6Ipados Iphone OsMacos+3 more Jun 17, 2026 Nov 1, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1,...Show more The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Parsing a maliciously crafted video file may lead to unexpected system termination.Show less
CVE-2024-48289 - - Jun 17, 2026 Nov 1, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in the Bluetooth Low Energy implementation of Cypress Bluetooth SDK v3.66 allows attackers to cause a Denial of Service (DoS) via supplying a crafted LL_PAUSE_ENC_REQ packet.
CVE-2024-10559 1Razormist 1Airport Booking Management System Jun 17, 2026 Oct 31, 2024 4.8 MEDIUM· v4 7.8 HIGH· v3 4.3 MEDIUM· v2 A vulnerability was found in SourceCodester Airport Booking Management System 1.0 and classified as critical. Affected by this issue is the function Details. The manipulation of the argument passport/name leads to buffer...Show more A vulnerability was found in SourceCodester Airport Booking Management System 1.0 and classified as critical. Affected by this issue is the function Details. The manipulation of the argument passport/name leads to buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.Show less
CVE-2024-9997 1Autodesk 10Autocad Autocad Advance SteelAutocad Architecture+7 more Jun 17, 2026 Oct 29, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or...Show more A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.Show less
CVE-2024-8592 1Autodesk 8Autocad Autocad Advance SteelAutocad Architecture+5 more Jun 17, 2026 Oct 29, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted CATPART file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensiti...Show more A maliciously crafted CATPART file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.Show less
CVE-2024-10467 1Mozilla 2Firefox Thunderbird Jun 17, 2026 Oct 29, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited...Show more Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.Show less

Previous 1...747576...212 Next