CWE-120
4,201 CVEs • Abstraction: Base • Likelihood of Exploit: High
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
CVEs (4,201)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as...Show more |
4Fedoraproject OpensuseRedhat+1 more8Edk Ii Enterprise LinuxEnterprise Linux Eus+5 moreJun 17, 2026 Mar 27, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. |
Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability. |
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer ov...Show more |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as...Show more |
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as...Show more |
1Moxa 4Eds 405a Firmware Eds 408a FirmwareEds 510a Firmware+1 moreJun 17, 2026 Mar 5, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Several buffer overflow vulnerabilities have been identified in Moxa IKS and EDS, which may allow remote code execution. |
2Canonical Freerdp2Freerdp Ubuntu LinuxJun 17, 2026 Nov 29, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution. |
2Canonical Freerdp2Freerdp Ubuntu LinuxJun 17, 2026 Nov 29, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution. |
Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on...Show more |
1Yitechnology 1Yi Home Camera Firmware Nov 21, 2024 Nov 2, 2018 N/A· v4 7.5 HIGH· v3 5.1 MEDIUM· v2 An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_in...Show more |
1Yitechnology 1Yi Home Camera Firmware Nov 21, 2024 Nov 2, 2018 N/A· v4 7.5 HIGH· v3 5.1 MEDIUM· v2 An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted QR Code can cause a buffer overflow, resulting in code execution. The trans_in...Show more |
1Yitechnology 1Yi Home Camera Firmware Nov 21, 2024 Nov 2, 2018 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker c...Show more |
2Debian Redhat5Debian Linux Enterprise Linux ServerEnterprise Linux Virtualization+2 moreNov 21, 2024 Oct 31, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote a...Show more |
4Canonical DebianRedhat+1 more9Debian Linux Enterprise Linux DesktopEnterprise Linux Server+6 moreJun 9, 2025 Oct 26, 2018 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. |
1Fujielectric 1Alpha5 Smart Loader Firmware Nov 21, 2024 Oct 1, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure vulnerability occurs when parsing certain file types. |
An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy call overflows the destinati...Show more |
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, wh...Show more |
An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buff...Show more |
An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buff...Show more |