Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,201)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-3275 1Tenda 1F453 Firmware Feb 27, 2026 Feb 27, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Executing a manipulation of the argument entrys can lead to buffer ove...Show more A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Executing a manipulation of the argument entrys can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.Show less
CVE-2026-3274 1Tenda 1F453 Firmware Feb 27, 2026 Feb 27, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A security flaw has been discovered in Tenda F453 1.0.0.3. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in...Show more A security flaw has been discovered in Tenda F453 1.0.0.3. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.Show less
CVE-2026-3273 1Tenda 1F453 Firmware Feb 27, 2026 Feb 27, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component httpd. Such manipulation of the argument mit_ssid_...Show more A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component httpd. Such manipulation of the argument mit_ssid_index leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.Show less
CVE-2026-3272 1Tenda 1F453 Firmware Feb 27, 2026 Feb 27, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. This manipulation of the argument page causes buffer overflow....Show more A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.Show less
CVE-2026-3271 1Tenda 1F453 Firmware Feb 27, 2026 Feb 27, 2026 7.4 HIGH· v4 9.8 CRITICAL· v3 9.0 HIGH· v2 A vulnerability was found in Tenda F453 1.0.0.3. This impacts the function fromP2pListFilter of the file /goform/P2pListFilterof of the component httpd. The manipulation of the argument page results in buffer overflow. T...Show more A vulnerability was found in Tenda F453 1.0.0.3. This impacts the function fromP2pListFilter of the file /goform/P2pListFilterof of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.Show less
CVE-2026-27942 2Fast Xml Parser Project Naturalintelligence 2Fast Xml Parser Fast Xml Parser Mar 2, 2026 Feb 26, 2026 2.7 LOW· v4 7.5 HIGH· v3 N/A· v2 fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when us...Show more fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with `preserveOrder:true`. Version 5.3.8 fixes the issue. As a workaround, use XML builder with `preserveOrder:false` or check the input data before passing to builder.Show less
CVE-2026-3169 1Tenda 1F453 Firmware Feb 25, 2026 Feb 25, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A security vulnerability has been detected in Tenda F453 1.0.0.3. This impacts the function fromSafeEmailFilter of the file /goform/SafeEmailFilter of the component httpd. The manipulation of the argument page leads to b...Show more A security vulnerability has been detected in Tenda F453 1.0.0.3. This impacts the function fromSafeEmailFilter of the file /goform/SafeEmailFilter of the component httpd. The manipulation of the argument page leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.Show less
CVE-2026-3168 1Tenda 1F453 Firmware Feb 25, 2026 Feb 25, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromNatStaticSetting of the file /goform/NatStaticSetting of the component httpd. Executing a manipulation of the argument page can lead to...Show more A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromNatStaticSetting of the file /goform/NatStaticSetting of the component httpd. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.Show less
CVE-2026-3167 1Tenda 1F453 Firmware Feb 25, 2026 Feb 25, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A security flaw has been discovered in Tenda F453 1.0.0.3. The impacted element is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component httpd. Performing a manipulation of the argument webS...Show more A security flaw has been discovered in Tenda F453 1.0.0.3. The impacted element is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component httpd. Performing a manipulation of the argument webSiteId results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.Show less
CVE-2026-3166 1Tenda 1F453 Firmware Feb 25, 2026 Feb 25, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was identified in Tenda F453 1.0.0.3. The affected element is the function fromRouteStatic of the file /goform/RouteStatic of the component httpd. Such manipulation of the argument page leads to buffer ov...Show more A vulnerability was identified in Tenda F453 1.0.0.3. The affected element is the function fromRouteStatic of the file /goform/RouteStatic of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.Show less
CVE-2026-3165 1Tenda 1F453 Firmware Feb 25, 2026 Feb 25, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was determined in Tenda F453 1.0.0.3. Impacted is the function fromSetWifiGusetBasic of the file /goform/AdvSetWrlsafeset of the component httpd. This manipulation of the argument mit_ssid causes buffer o...Show more A vulnerability was determined in Tenda F453 1.0.0.3. Impacted is the function fromSetWifiGusetBasic of the file /goform/AdvSetWrlsafeset of the component httpd. This manipulation of the argument mit_ssid causes buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.Show less
CVE-2025-61147 1Struktur 1Libde265 Mar 24, 2026 Feb 23, 2026 N/A· v4 6.2 MEDIUM· v3 N/A· v2 strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table().
CVE-2026-3016 1Utt 1810g Firmware Feb 24, 2026 Feb 23, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. The affected element is the function strcpy of the file /goform/formP2PLimitConfig. The manipulation of the argument except leads to buffer overflow. R...Show more A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. The affected element is the function strcpy of the file /goform/formP2PLimitConfig. The manipulation of the argument except leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.Show less
CVE-2026-3015 1Utt 1810g Firmware Feb 24, 2026 Feb 23, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/formPolicyRouteConf. Executing a manipulation of the argument GroupName can lead to buffer overflow...Show more A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/formPolicyRouteConf. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.Show less
CVE-2026-2981 1Utt 1810g Firmware Feb 24, 2026 Feb 23, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was found in UTT HiPER 810G up to 1.7.7-1711. The affected element is the function strcpy of the file /goform/formTaskEdit_ap. The manipulation of the argument txtMin2 results in buffer overflow. The atta...Show more A vulnerability was found in UTT HiPER 810G up to 1.7.7-1711. The affected element is the function strcpy of the file /goform/formTaskEdit_ap. The manipulation of the argument txtMin2 results in buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.Show less
CVE-2026-2980 1Utt 1810g Firmware Feb 24, 2026 Feb 23, 2026 7.3 HIGH· v4 7.2 HIGH· v3 8.3 HIGH· v2 A vulnerability has been found in UTT HiPER 810G up to 1.7.7-1711. Impacted is the function strcpy of the file /goform/setSysAdm. The manipulation of the argument passwd1 leads to buffer overflow. The attack may be initi...Show more A vulnerability has been found in UTT HiPER 810G up to 1.7.7-1711. Impacted is the function strcpy of the file /goform/setSysAdm. The manipulation of the argument passwd1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2026-2935 1Utt 1810g Firmware Feb 24, 2026 Feb 22, 2026 7.3 HIGH· v4 7.2 HIGH· v3 8.3 HIGH· v2 A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/ConfigExceptMSN. Executing a manipulation of the argument remark can lead to buffer overflow...Show more A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/ConfigExceptMSN. Executing a manipulation of the argument remark can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.Show less
CVE-2026-2911 1Tenda 1Fh451 Firmware Feb 23, 2026 Feb 22, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to initiate the attack...Show more A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2026-2904 1Utt 1810g Firmware Feb 24, 2026 Feb 22, 2026 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability was determined in UTT HiPER 810G 1.7.7-171114. This affects the function strcpy of the file /goform/ConfigExceptAli. Executing a manipulation can lead to buffer overflow. The attack can be launched remote...Show more A vulnerability was determined in UTT HiPER 810G 1.7.7-171114. This affects the function strcpy of the file /goform/ConfigExceptAli. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.Show less
CVE-2026-2034 1Santesoft 1Dicom Viewer Pro Feb 26, 2026 Feb 20, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User...Show more Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28129.Show less

Previous 1...161718...211 Next