CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-120

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-43573 120 Overflow 2021-11-11 2021-11-12
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame.
2 CVE-2021-43082 120 Overflow 2021-11-03 2021-11-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0.
3 CVE-2021-42917 120 DoS Overflow 2021-11-01 2021-11-02
4.3
None Remote Medium Not required None None Partial
Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.
4 CVE-2021-42774 120 Overflow 2021-11-12 2021-11-15
7.5
None Remote Low Not required Partial Partial Partial
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote firmware download feature that could allow remote unauthenticated users to perform various attacks. In non-secure mode, the user is unauthenticated.
5 CVE-2021-42772 120 Overflow 2021-11-03 2021-11-12
6.8
None Remote Medium Not required Partial Partial Partial
Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that could allow a user to attempt various attacks. In non-secure mode, the user is unauthenticated
6 CVE-2021-42731 120 Exec Code Overflow 2021-11-16 2021-11-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7 CVE-2021-42716 120 Overflow 2021-10-21 2021-11-26
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.
8 CVE-2021-42624 120 Overflow 2021-11-04 2021-11-08
4.6
None Local Low Not required Partial Partial Partial
A local buffer overflow vulnerability exists in the latest version of Miniftpd in ftpproto.c through the tmp variable, where a crafted payload can be sent to the affected function.
9 CVE-2021-41794 120 Overflow 2021-10-07 2021-10-15
5.0
None Remote Low Not required None None Partial
ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a client-supplied length value, leading to a buffer overflow. The attacker can send a PFCP Session Establishment Request with "internet" as the PDI Network Instance. The first character is interpreted as a length value to be used in a memcpy call. The destination buffer is only 100 bytes long on the stack. Then, 'i' gets interpreted as 105 bytes to copy from the source buffer to the destination buffer.
10 CVE-2021-41054 120 Overflow 2021-09-13 2021-11-17
5.0
None Remote Low Not required None None Partial
tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.
11 CVE-2021-40985 120 DoS Overflow 2021-11-03 2021-11-05
4.3
None Remote Medium Not required None None Partial
Buffer overflow vulnerability in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.
12 CVE-2021-40818 120 Overflow 2021-09-08 2021-09-15
7.5
None Remote Low Not required Partial Partial Partial
scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer overflow during FIDO2 signature validation in webauthn registration.
13 CVE-2021-40709 120 Exec Code Overflow 2021-09-27 2021-10-01
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Photoshop versions 21.2.11 (and earlier) and 22.5 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted SVG file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
14 CVE-2021-40284 120 DoS Overflow 2021-09-09 2021-09-22
6.8
None Remote Low ??? None None Complete
D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. This vulnerability exists in the web interface "/cgi-bin/New_GUI/Igmp.asp". Authenticated remote attackers can trigger this vulnerability by sending a long string in parameter 'igmpsnoopEnable' via an HTTP request.
15 CVE-2021-40239 120 Overflow 2021-10-11 2021-10-19
7.5
None Remote Low Not required Partial Partial Partial
A Buffer Overflow vulnerability exists in the latest version of Miniftpd in the do_retr function in ftpproto.c
16 CVE-2021-39926 120 DoS Overflow 2021-11-19 2021-11-24
5.0
None Remote Low Not required None None Partial
Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file
17 CVE-2021-39925 120 DoS Overflow 2021-11-19 2021-11-24
5.0
None Remote Low Not required None None Partial
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
18 CVE-2021-39922 120 DoS Overflow 2021-11-19 2021-11-24
5.0
None Remote Low Not required None None Partial
Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
19 CVE-2021-39602 120 DoS Overflow 2021-08-23 2021-08-30
4.0
None Remote Low ??? None None Partial
A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd function in the ftpproto.c file, which could let a remote malicious user cause a Denial of Service.
20 CVE-2021-39275 120 2021-09-16 2021-11-24
7.5
None Remote Low Not required Partial Partial Partial
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
21 CVE-2021-39238 120 Overflow 2021-11-03 2021-11-04
7.5
None Remote Low Not required Partial Partial Partial
Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed products may be vulnerable to potential buffer overflow.
22 CVE-2021-38526 120 Overflow 2021-08-11 2021-08-18
5.0
None Remote Low Not required None None Partial
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94.
23 CVE-2021-38386 120 DoS Overflow 2021-08-10 2021-08-17
5.0
None Remote Low Not required None None Partial
In Contiki 3.0, a buffer overflow in the Telnet service allows remote attackers to cause a denial of service because the ls command is mishandled when a directory has many files with long names.
24 CVE-2021-38297 120 Overflow 2021-10-18 2021-11-18
7.5
None Remote Low Not required Partial Partial Partial
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
25 CVE-2021-38260 120 Overflow 2021-10-25 2021-10-28
4.6
None Local Low Not required Partial Partial Partial
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor().
26 CVE-2021-38258 120 Overflow 2021-10-25 2021-10-28
4.6
None Local Low Not required Partial Partial Partial
NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback().
27 CVE-2021-38207 120 DoS Overflow 2021-08-08 2021-10-18
5.0
None Remote Low Not required None None Partial
drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes.
28 CVE-2021-38192 120 Overflow 2021-08-08 2021-08-16
5.0
None Remote Low Not required None None Partial
An issue was discovered in the prost-types crate before 0.8.0 for Rust. An overflow can occur during conversion from Timestamp to SystemTime.
29 CVE-2021-38160 120 2021-08-07 2021-10-18
7.2
None Local Low Not required Complete Complete Complete
** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior.
30 CVE-2021-38111 120 Overflow 2021-08-04 2021-08-17
5.8
None Local Network Low Not required Partial Partial Partial
The DEF CON 27 badge allows remote attackers to exploit a buffer overflow by sending an oversized packet via the NFMI (Near Field Magnetic Induction) protocol.
31 CVE-2021-38089 120 DoS Overflow 2021-09-20 2021-09-23
6.8
None Remote Medium Not required Partial Partial Partial
Buffer Overflow vulnerability in function config_input in libavfilter/vf_bm3d.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
32 CVE-2021-37726 120 Overflow 2021-10-12 2021-11-24
10.0
None Remote Low Not required Complete Complete Complete
A remote buffer overflow vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba Instant 8.7.x.x: 8.7.0.0 through 8.7.1.2. Aruba has released patches for Aruba Instant (IAP) that address this security vulnerability.
33 CVE-2021-37716 120 Overflow 2021-09-07 2021-10-12
7.5
None Remote Low Not required Partial Partial Partial
A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.15. Aruba has released patches for Aruba SD-WAN Software and Gateways and ArubaOS that address this security vulnerability.
34 CVE-2021-37388 120 Exec Code Overflow 2021-08-06 2021-08-13
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST request allows an attacker to crash the webserver and might even gain remote code execution.
35 CVE-2021-37166 120 DoS Overflow 2021-08-02 2021-08-10
7.8
None Remote Low Not required None None Complete
A buffer overflow issue leading to denial of service was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When HMI3 starts up, it binds a local service to a TCP port on all interfaces of the device, and takes extensive time for the GUI to connect to the TCP socket, allowing the connection to be hijacked by an external attacker.
36 CVE-2021-37165 120 Exec Code Overflow 2021-08-02 2021-08-10
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead to remote code execution.
37 CVE-2021-37162 120 Exec Code Overflow 2021-08-02 2021-08-10
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. If an attacker sends a malformed UDP message, a buffer underflow occurs, leading to an out-of-bounds copy and possible remote code execution.
38 CVE-2021-37161 120 Exec Code Overflow 2021-08-02 2021-08-10
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow issue was discovered in the HMI3 Control Panel contained within the Swisslog Healthcare Nexus Panel, operated by released versions of software before Nexus Software 7.2.5.7. A buffer overflow allows an attacker to overwrite an internal queue data structure and can lead to remote code execution.
39 CVE-2021-36999 120 Exec Code Overflow 2021-10-28 2021-11-01
6.8
None Remote Medium Not required Partial Partial Partial
There is a Buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by sending malicious images and inducing users to open the images may cause remote code execution.
40 CVE-2021-36333 120 Overflow 2021-11-23 2021-11-27
2.1
None Local Low Not required None None Partial
Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflow Vulnerability. A local low privileged attacker, may potentially exploit this vulnerability, leading to an application crash.
41 CVE-2021-36155 120 2021-07-09 2021-07-13
5.0
None Remote Low Not required None None Partial
LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service.
42 CVE-2021-36148 120 Overflow 2021-07-02 2021-07-08
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervisor/arch/x86/vtd.c allows an irte_alloc_bitmap buffer overflow.
43 CVE-2021-36075 120 Exec Code Overflow 2021-09-01 2021-09-09
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Bridge version 11.1 (and earlier) is affected by a Buffer Overflow vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
44 CVE-2021-36051 120 Exec Code Overflow 2021-10-04 2021-10-27
6.8
None Remote Medium Not required Partial Partial Partial
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a specially-crafted .cpp file.
45 CVE-2021-35977 120 Exec Code Overflow 2021-10-08 2021-10-16
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution.
46 CVE-2021-35945 120 Overflow 2021-09-29 2021-10-03
5.0
None Remote Low Not required None None Partial
Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached.
47 CVE-2021-35944 120 Overflow 2021-09-29 2021-10-03
5.0
None Remote Low Not required None None Partial
Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached.
48 CVE-2021-35297 120 Exec Code Overflow 2021-10-01 2021-10-08
6.8
None Remote Medium Not required Partial Partial Partial
Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remote code execution via a crafted DBF file that triggers a buffer overflow. An attacker can use the Structured Exception Handler (SEH) records and redirect execution to attacker-controlled code.
49 CVE-2021-34829 120 Exec Code 2021-07-15 2021-07-20
8.3
None Local Network Low Not required Complete Complete Complete
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HNAP_AUTH HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12065.
50 CVE-2021-34828 120 Exec Code 2021-07-15 2021-07-20
8.3
None Local Network Low Not required Complete Complete Complete
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the SOAPAction HTTP header. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-12066.
Total number of vulnerabilities : 982   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.