Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,224)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-31209 1Infiray 1Iray A8z3 Firmware Jun 17, 2026 Jul 17, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand.
CVE-2021-34987 1Parallels 1Parallels Desktop Jun 17, 2026 Jul 15, 2022 N/A· v4 8.2 HIGH· v3 N/A· v2 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.1 (49187). An attacker must first obtain the ability to execute high-privileged code on the target gues...Show more This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.1 (49187). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the HDAudio virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-14969.Show less
CVE-2022-32406 1Gtkradiant Project 1Gtkradiant Jun 17, 2026 Jul 14, 2022 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the component q3map2. This vulnerability can cause a Denial of Service (DoS) via a crafted MAP file.
CVE-2022-30024 1Tp Link 3Tl Wr841 Firmware Tl Wr841n(eu) FirmwareTl Wr841n Firmware Jun 17, 2026 Jul 14, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the...Show more A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. This affects TL-WR841 V12 TL-WR841N(EU)_V12_160624 and TL-WR841 V11 TL-WR841N(EU)_V11_160325 , TL-WR841N_V11_150616 and TL-WR841 V10 TL-WR841N_V10_150310 are also affected.Show less
CVE-2022-34756 1Schneider Electric 1Easergy P5 Firmware Jun 17, 2026 Jul 13, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Products: Easergy P5 (V01.4...Show more A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Products: Easergy P5 (V01.401.102 and prior)Show less
CVE-2022-32096 1Rhonabwy Project 1Rhonabwy Jun 17, 2026 Jul 13, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE token.
CVE-2022-2211 2Libguestfs Redhat 2Enterprise Linux Libguestfs Jun 17, 2026 Jul 12, 2022 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by mistake or maliciou...Show more A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by mistake or malicious actor.Show less
CVE-2022-34741 1Huawei 3Emui HarmonyosMagic Ui Jun 17, 2026 Jul 12, 2022 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation.
CVE-2022-34740 1Huawei 3Emui HarmonyosMagic Ui Jun 17, 2026 Jul 12, 2022 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation.
CVE-2021-39999 1Huawei 1Ese620x Vess Firmware Jun 17, 2026 Jul 12, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 There is a buffer overflow vulnerability in eSE620X vESS V100R001C10SPC200 and V100R001C20SPC200. An attacker can exploit this vulnerability by sending a specific message to the target device due to insufficient validati...Show more There is a buffer overflow vulnerability in eSE620X vESS V100R001C10SPC200 and V100R001C20SPC200. An attacker can exploit this vulnerability by sending a specific message to the target device due to insufficient validation of packets. Successful exploit could cause a denial of service condition.Show less
CVE-2022-26649 1Siemens 29Scalance X200 4p Irt Firmware Scalance X201 3p Irt FirmwareScalance X201 3p Irt Pro Firmware+26 more Jun 17, 2026 Jul 12, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5...Show more A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the URI of incoming HTTP GET requests. This could allow an unauthenticated remote attacker to crash affected devices.Show less
CVE-2022-26648 1Siemens 29Scalance X200 4p Irt Firmware Scalance X201 3p Irt FirmwareScalance X201 3p Irt Pro Firmware+26 more Jun 17, 2026 Jul 12, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5...Show more A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). Affected devices do not properly validate the GET parameter XNo of incoming HTTP requests. This could allow an unauthenticated remote attacker to crash affected devices.Show less
CVE-2021-37778 1Gps Sdr Sim Project 1Gps Sdr Sim Jun 17, 2026 Jun 30, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 There is a buffer overflow in gps-sdr-sim v1.0 when parsing long command line parameters, which can lead to DoS or code execution.
CVE-2022-2078 3Debian LinuxRedhat 4Debian Linux Enterprise LinuxLinux Kernel+1 more Jun 17, 2026 Jun 30, 2022 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly t...Show more A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.Show less
CVE-2022-32140 1Codesys 2Plcwinnt Runtime Toolkit Jun 17, 2026 Jun 24, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service c...Show more Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is not required.Show less
CVE-2022-21742 1Realtek 7Rtl8152b Firmware Rtl8153 FirmwareRtl8153b Firmware+4 more Jun 17, 2026 Jun 20, 2022 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services.
CVE-2022-31784 1Mitel 2Mivoice Business Mivoice Business Express Jun 17, 2026 Jun 17, 2022 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the management interfac...Show more A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the management interface) to conduct a buffer overflow attack due to insufficient validation of URL parameters. A successful exploit could allow arbitrary code execution.Show less
CVE-2022-31626 2Debian Php 2Debian Linux Php Jun 17, 2026 Jun 16, 2022 N/A· v4 8.8 HIGH· v3 6.0 MEDIUM· v2 In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection,...Show more In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.Show less
CVE-2021-41413 1Ok File Formats Project 1Ok File Formats Jun 17, 2026 Jun 15, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 ok-file-formats master 2021-9-12 is affected by a buffer overflow in ok_jpg_convert_data_unit_grayscale and ok_jpg_convert_YCbCr_to_RGB.
CVE-2022-22087 1Qualcomm 155Apq8009 Firmware Apq8009w FirmwareApq8017 Firmware+152 more Jun 17, 2026 Jun 14, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...Show more memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesShow less

Previous 1...145146147...212 Next