← Back
CWE-120

4,220 CVEs • Abstraction: Base • Likelihood of Exploit: High

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

JSON object

Loading...

CVEs (4,220)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-20701
1Nec
4Clusterpro X
Clusterpro X SingleserversafeExpresscluster X+1 more
Jun 17, 2026
Nov 3, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 Sing...Show more
Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.Show less
CVE-2021-20700
1Nec
4Clusterpro X
Clusterpro X SingleserversafeExpresscluster X+1 more
Jun 17, 2026
Nov 3, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 Sing...Show more
Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.Show less
CVE-2020-21574
1C Http Project
1C Http
Jun 17, 2026
Nov 2, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Buffer overflow vulnerability in YotsuyaNight c-http v0.1.0, allows attackers to cause a denial of service via a long url request which is passed to the delimitedread function.
CVE-2020-21572
1Gilcc Project
1Gilcc
Jun 17, 2026
Nov 2, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Buffer overflow vulnerability in function src_parser_trans_stage_1_2_3 trgil gilcc before commit 803969389ca9c06237075a7f8eeb1a19e6651759, allows attackers to cause a denial of service.
CVE-2020-20658
1Libiec Iccp Mod Project
1Libiec Iccp Mod
Jun 17, 2026
Nov 2, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows attackers to cause a denail of service when trying to calloc an unexpectiedly large space.
CVE-2020-20657
1Libiec Iccp Mod Project
1Libiec Iccp Mod
Jun 17, 2026
Nov 2, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows attackers to cause a denial of service via an unexpected packet while trying to connect.
CVE-2020-18440
1Phpok
1Phpok
Jun 17, 2026
Nov 2, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code.
CVE-2021-27722
1Nsasoft
1Spotauditor
Jun 17, 2026
Nov 2, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the "Key" or "Name" field while registering.
CVE-2021-42917
1Kodi
1Kodi
Jun 17, 2026
Nov 1, 2021
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.
CVE-2021-31627
1Tendacn
1Ac9 Firmware
Jun 17, 2026
Oct 29, 2021
N/A· v4
8.8 HIGH· v3
5.8 MEDIUM· v2
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter.
CVE-2021-31624
1Tendacn
1Ac9 Firmware
Jun 17, 2026
Oct 29, 2021
N/A· v4
8.8 HIGH· v3
5.8 MEDIUM· v2
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter.
CVE-2021-36999
1Huawei
2Emui
Magic Ui
Jun 17, 2026
Oct 28, 2021
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
There is a Buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by sending malicious images and inducing users to open the images may cause remote code execution.
CVE-2021-38260
1Nxp
1Mcuxpresso Software Development Kit
Jun 17, 2026
Oct 25, 2021
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor().
CVE-2021-38258
1Nxp
1Mcuxpresso Software Development Kit
Jun 17, 2026
Oct 25, 2021
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback().
CVE-2020-28969
1Aplixio
1Pdf Shapingup
Jun 17, 2026
Oct 22, 2021
N/A· v4
7.8 HIGH· v3
6.8 MEDIUM· v2
Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.
CVE-2020-28967
1Flashget
1Flashget
Jun 17, 2026
Oct 22, 2021
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
FlashGet v1.9.6 was discovered to contain a buffer overflow in the 'current path directory' function. This vulnerability allows attackers to elevate local process privileges via overwriting the registers.
CVE-2020-28963
1Krylack
1Zip Password Recovery
Jun 17, 2026
Oct 22, 2021
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
Passcovery Co. Ltd ZIP Password Recovery v3.70.69.0 was discovered to contain a buffer overflow via the decompress function.
CVE-2021-42716
2Fedoraproject
Nothings
2Fedora
Stb Image.h
Jun 17, 2026
Oct 21, 2021
N/A· v4
7.1 HIGH· v3
5.8 MEDIUM· v2
An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buf...Show more
An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.Show less
CVE-2021-30297
1Qualcomm
89Apq8017 Firmware
Apq8053 FirmwareApq8096au Firmware+86 more
Jun 17, 2026
Oct 20, 2021
N/A· v4
7.1 HIGH· v3
3.6 LOW· v2
Possible out of bound read due to improper validation of packet length while handling data transfer in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Indus...Show more
Possible out of bound read due to improper validation of packet length while handling data transfer in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon WearablesShow less
CVE-2021-1984
1Qualcomm
95Apq8017 Firmware
Apq8053 FirmwareApq8064au Firmware+92 more
Jun 17, 2026
Oct 20, 2021
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
Possible buffer overflow due to improper validation of index value while processing the plugin block in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Sn...Show more
Possible buffer overflow due to improper validation of index value while processing the plugin block in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon WearablesShow less