Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,201)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-16887 1Irfanview 1Irfanview Jun 17, 2026 Sep 25, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc.
CVE-2019-16724 1Upredsun 1File Sharing Wizard Jun 17, 2026 Sep 24, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 a...Show more File Sharing Wizard 1.5.0 allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter, a similar issue to CVE-2010-2330 and CVE-2010-2331.Show less
CVE-2019-14753 1Sick 2Fx0 Gent00000 Firmware Fx0 Gpnt00000 Firmware Jun 17, 2026 Sep 24, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow
CVE-2019-16746 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Jun 17, 2026 Sep 24, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.
CVE-2019-16702 1Integard Pro Project 1Integard Pro Jun 17, 2026 Sep 23, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI.
CVE-2019-9677 1Dahuasecurity 9Ipc Hdbw4x2x Firmware Ipc Hdw1x2x FirmwareIpc Hdw2x2x Firmware+6 more Jun 17, 2026 Sep 18, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW...Show more The specific fields of CGI interface of some Dahua products are not strictly verified, an attacker can cause a buffer overflow by constructing malicious packets. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X for versions which Build time is before August 18, 2019.Show less
CVE-2019-14835 8Canonical DebianFedoraproject+5 more 34Aff A700s Firmware Data Availability ServicesDebian Linux+31 more Jun 17, 2026 Sep 17, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged gu...Show more A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.Show less
CVE-2018-20336 1Asus 1Asuswrt Merlin Nov 21, 2024 Sep 17, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak.
CVE-2019-16239 5Canonical DebianFedoraproject+2 more 5Debian Linux FedoraLeap+2 more Jun 17, 2026 Sep 17, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 process_http_response in OpenConnect before 8.05 has a Buffer Overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes.
CVE-2010-5333 2Integard Home Project Integard Pro Project 2Integard Home Integard Pro Nov 21, 2024 Sep 13, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. An SEH-overwri...Show more The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. An SEH-overwrite buffer overflow already existed for the vulnerable software. This CVE is to track an alternate exploitation method, utilizing an EIP-overwrite buffer overflow.Show less
CVE-2019-12261 6Belden NetappOracle+3 more 13Communications Eagle E Series Santricity Os ControllerGarrettcom Magnum Dx940e Firmware+10 more Jun 17, 2026 Aug 9, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.
CVE-2019-12260 6Belden NetappOracle+3 more 13Communications Eagle E Series Santricity Os ControllerGarrettcom Magnum Dx940e Firmware+10 more Jun 17, 2026 Aug 9, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.
CVE-2019-12255 5Belden NetappSiemens+2 more 12E Series Santricity Os Controller Garrettcom Magnum Dx940e FirmwareHirschmann Hios+9 more Jun 17, 2026 Aug 9, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow.
CVE-2019-12257 5Belden NetappSiemens+2 more 10E Series Santricity Os Controller Garrettcom Magnum Dx940e FirmwareHirschmann Hios+7 more Jun 17, 2026 Aug 9, 2019 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.
CVE-2019-12256 5Belden NetappSiemens+2 more 12E Series Santricity Os Controller Garrettcom Magnum Dx940e FirmwareHirschmann Hios+9 more Jun 17, 2026 Aug 9, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options.
CVE-2019-1010218 1Cherokee Project 1Cherokee Web Server Jun 17, 2026 Jul 22, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 (Current stable) is affected by: Buffer Overflow - CWE-120. The impact is: Crash. The component is: Main cherokee command. The attack vector is: Overwrit...Show more Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 (Current stable) is affected by: Buffer Overflow - CWE-120. The impact is: Crash. The component is: Main cherokee command. The attack vector is: Overwrite argv[0] to an insane length with execl. The fixed version is: There's no fix yet.Show less
CVE-2019-6327 1Hp 10Laserjet Pro M280 M281 T6b80a Firmware Laserjet Pro M280 M281 T6b81a FirmwareLaserjet Pro M280 M281 T6b82a Firmware+7 more Jun 17, 2026 Jun 17, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 HP Color LaserJet Pro M280-M281 Multifunction Printer series (before v. 20190419), HP LaserJet Pro MFP M28-M31 Printer series (before v. 20190426) may have an IPP Parser potentially vulnerable to Buffer Overflow.
CVE-2019-5439 1Videolan 1Vlc Media Player Jun 17, 2026 Jun 13, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
CVE-2019-3705 1Dell 4Idrac6 Firmware Idrac7 FirmwareIdrac8 Firmware+1 more Jun 17, 2026 Apr 26, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An u...Show more Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system.Show less
CVE-2019-9134 1Solideos 1Architectural Information System Jun 17, 2026 Apr 9, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Architectural Information System 1.0 and earlier versions have a Stack-based buffer overflow, allows remote attackers to execute arbitrary code.

Previous 1...198199200...211 Next