Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,220)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-30321 1Qualcomm 23Aqt1000 Firmware Qca1062 FirmwareQca1064 Firmware+20 more Jun 17, 2026 Nov 12, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity
CVE-2021-42774 1Broadcom 1Emulex Hba Manager Jun 17, 2026 Nov 12, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature...Show more Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenticated users to perform various attacks. In non-secure mode, the user is unauthenticated.Show less
CVE-2021-43573 1Realtek 1Rtl8195am Firmware Jun 17, 2026 Nov 11, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame.
CVE-2020-23902 1Wildbit Soft 1Wildbit Viewer Jun 17, 2026 Nov 10, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address may be used as a return value starting at Editor!TMethodImplement...Show more A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address may be used as a return value starting at Editor!TMethodImplementationIntercept+0x528a3.Show less
CVE-2020-23900 1Wildbit Soft 1Wildbit Viewer Jun 17, 2026 Nov 10, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address controls Code Flow starting at Editor!TMethodImplementationInterc...Show more A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address controls Code Flow starting at Editor!TMethodImplementationIntercept+0x57a3b.Show less
CVE-2020-23890 1Wildbit Soft 1Wildbit Viewer Jun 17, 2026 Nov 10, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted JPG file. Related to Data from Faulting Address is used as one or more arguments in a subsequent Function Call st...Show more A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted JPG file. Related to Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at JPGCodec+0x753648.Show less
CVE-2020-23884 1Nomacs 1Nomacs Jun 17, 2026 Nov 10, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A buffer overflow in Nomacs v3.15.0 allows attackers to cause a denial of service (DoS) via a crafted MNG file.
CVE-2021-3056 1Paloaltonetworks 1Pan Os Jun 17, 2026 Nov 10, 2021 N/A· v4 8.8 HIGH· v3 8.5 HIGH· v2 A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue imp...Show more A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. Prisma Access customers with Prisma Access 2.1 Preferred firewalls are impacted by this issue.Show less
CVE-2019-16240 1Hp 44Officejet Pro 8210 D9l63a Firmware Officejet Pro 8210 D9l64a FirmwareOfficejet Pro 8210 J3p65a Firmware+41 more Jun 17, 2026 Nov 9, 2021 N/A· v4 9.1 CRITICAL· v3 5.8 MEDIUM· v2 A Buffer Overflow and Information Disclosure issue exists in HP OfficeJet Pro Printers before 001.1937C, and HP PageWide Managed Printers and HP PageWide Pro Printers before 001.1937D exists; A maliciously crafted print...Show more A Buffer Overflow and Information Disclosure issue exists in HP OfficeJet Pro Printers before 001.1937C, and HP PageWide Managed Printers and HP PageWide Pro Printers before 001.1937D exists; A maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device.Show less
CVE-2021-41221 1Google 1Tensorflow Jun 17, 2026 Nov 5, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the `Cudnn` operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow...Show more TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the `Cudnn` operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the `input`, `input_h` and `input_c` parameters are not validated, but code assumes they have certain values. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.Show less
CVE-2021-41216 1Google 1Tensorflow Jun 17, 2026 Nov 5, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Transpose` is vulnerable to a heap buffer overflow. This occurs whenever `perm` contains negative element...Show more TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Transpose` is vulnerable to a heap buffer overflow. This occurs whenever `perm` contains negative elements. The shape inference function does not validate that the indices in `perm` are all valid. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.Show less
CVE-2021-42624 1Miniftpd Project 1Miniftpd Jun 17, 2026 Nov 4, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A local buffer overflow vulnerability exists in the latest version of Miniftpd in ftpproto.c through the tmp variable, where a crafted payload can be sent to the affected function.
CVE-2021-42772 1Broadcom 2Emulex Hba Manager One Command Manager Jun 17, 2026 Nov 3, 2021 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that...Show more Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that could allow a user to attempt various attacks. In non-secure mode, the user is unauthenticatedShow less
CVE-2020-23679 1Linux Network Project 1Linux Network Project Jun 17, 2026 Nov 3, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Buffer overflow vulnerability in Renleilei1992 Linux_Network_Project 1.0, allows attackers to execute arbitrary code, via the password field.
CVE-2020-23109 1Struktur 1Libheif Jun 17, 2026 Nov 3, 2021 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file.
CVE-2021-43082 1Apache 1Traffic Server Jun 17, 2026 Nov 3, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server...Show more Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0.Show less
CVE-2021-39238 1Hp 3Futuresmart 3 Futuresmart 4Futuresmart 5 Jun 17, 2026 Nov 3, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed products may be vulnerable to potential buffer overflow.
CVE-2021-20704 1Nec 4Clusterpro X Clusterpro X SingleserversafeExpresscluster X+1 more Jun 17, 2026 Nov 3, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier...Show more Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.Show less
CVE-2021-20703 1Nec 4Clusterpro X Clusterpro X SingleserversafeExpresscluster X+1 more Jun 17, 2026 Nov 3, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X...Show more Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.Show less
CVE-2021-20702 1Nec 4Clusterpro X Clusterpro X SingleserversafeExpresscluster X+1 more Jun 17, 2026 Nov 3, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X...Show more Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.Show less

Previous 1...157158159...211 Next