Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-27965

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-05 Mar, 2021 | 01:53
Updated At-03 Aug, 2024 | 21:33
Rejected At-
Credits

The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:05 Mar, 2021 | 01:53
Updated At:03 Aug, 2024 | 21:33
Rejected At:
▼CVE Numbering Authority (CNA)

The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/kronl/cve/tree/master/MSI_Dragon_Center
x_refsource_MISC
https://www.microsoft.com/en-us/p/msi-dragon-center/9nh7n2bv1cqq?activetab=pivot:overviewtab
x_refsource_MISC
Hyperlink: https://github.com/kronl/cve/tree/master/MSI_Dragon_Center
Resource:
x_refsource_MISC
Hyperlink: https://www.microsoft.com/en-us/p/msi-dragon-center/9nh7n2bv1cqq?activetab=pivot:overviewtab
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/kronl/cve/tree/master/MSI_Dragon_Center
x_refsource_MISC
x_transferred
https://www.microsoft.com/en-us/p/msi-dragon-center/9nh7n2bv1cqq?activetab=pivot:overviewtab
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/kronl/cve/tree/master/MSI_Dragon_Center
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.microsoft.com/en-us/p/msi-dragon-center/9nh7n2bv1cqq?activetab=pivot:overviewtab
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:05 Mar, 2021 | 02:15
Updated At:16 Mar, 2021 | 12:49

The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow that allows privilege escalation via a crafted 0x80102040, 0x80102044, 0x80102050, or 0x80102054 IOCTL request.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
msi
msi
>>dragon_center>>Versions before 2.0.98.0(exclusive)
cpe:2.3:a:msi:dragon_center:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-120Primarynvd@nist.gov
CWE ID: CWE-120
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/kronl/cve/tree/master/MSI_Dragon_Centercve@mitre.org
Broken Link
Third Party Advisory
https://www.microsoft.com/en-us/p/msi-dragon-center/9nh7n2bv1cqq?activetab=pivot:overviewtabcve@mitre.org
Patch
Vendor Advisory
Hyperlink: https://github.com/kronl/cve/tree/master/MSI_Dragon_Center
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
Hyperlink: https://www.microsoft.com/en-us/p/msi-dragon-center/9nh7n2bv1cqq?activetab=pivot:overviewtab
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1017Records found
CVE-2023-4590
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.3||HIGH
EPSS-0.42% / 60.94%
||
7 Day CHG~0.00%
Published-27 Nov, 2023 | 12:08
Updated-02 Aug, 2024 | 07:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Overflow vulnerability in Frhed

Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler (SEH) registers.

Action-Not Available
Vendor-kimmovFrhed
Product-frhedFrhed
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-31895
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.1||HIGH
EPSS-2.33% / 84.19%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 11:02
Updated-13 May, 2025 | 10:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.7), RUGGEDCOM i801 (All versions < V4.3.7), RUGGEDCOM i802 (All versions < V4.3.7), RUGGEDCOM i803 (All versions < V4.3.7), RUGGEDCOM M2100 (All versions < V4.3.7), RUGGEDCOM M2200 (All versions < V4.3.7), RUGGEDCOM M969 (All versions < V4.3.7), RUGGEDCOM RMC30 (All versions < V4.3.7), RUGGEDCOM RMC8388 V4.X (All versions < V4.3.7), RUGGEDCOM RMC8388 V5.X (All versions < V5.5.4), RUGGEDCOM RP110 (All versions < V4.3.7), RUGGEDCOM RS1600 (All versions < V4.3.7), RUGGEDCOM RS1600F (All versions < V4.3.7), RUGGEDCOM RS1600T (All versions < V4.3.7), RUGGEDCOM RS400 (All versions < V4.3.7), RUGGEDCOM RS401 (All versions < V4.3.7), RUGGEDCOM RS416 (All versions < V4.3.7), RUGGEDCOM RS416P (All versions < V4.3.7), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.7), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.5.4), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.7), RUGGEDCOM RS416v2 V5.X (All versions < 5.5.4), RUGGEDCOM RS8000 (All versions < V4.3.7), RUGGEDCOM RS8000A (All versions < V4.3.7), RUGGEDCOM RS8000H (All versions < V4.3.7), RUGGEDCOM RS8000T (All versions < V4.3.7), RUGGEDCOM RS900 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RS900G (All versions < V4.3.7), RUGGEDCOM RS900G (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RS900GP (All versions < V4.3.7), RUGGEDCOM RS900L (All versions < V4.3.7), RUGGEDCOM RS900W (All versions < V4.3.7), RUGGEDCOM RS910 (All versions < V4.3.7), RUGGEDCOM RS910L (All versions < V4.3.7), RUGGEDCOM RS910W (All versions < V4.3.7), RUGGEDCOM RS920L (All versions < V4.3.7), RUGGEDCOM RS920W (All versions < V4.3.7), RUGGEDCOM RS930L (All versions < V4.3.7), RUGGEDCOM RS930W (All versions < V4.3.7), RUGGEDCOM RS940G (All versions < V4.3.7), RUGGEDCOM RS969 (All versions < V4.3.7), RUGGEDCOM RSG2100 (All versions), RUGGEDCOM RSG2100 (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2100P (All versions < V4.3.7), RUGGEDCOM RSG2100P (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2100PNC (32M) V4.X (All versions < V4.3.7), RUGGEDCOM RSG2100PNC (32M) V5.X (All versions < V5.5.4), RUGGEDCOM RSG2200 (All versions < V4.3.7), RUGGEDCOM RSG2288 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2288 V5.X (All versions < V5.5.4), RUGGEDCOM RSG2300 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2300 V5.X (All versions < V5.5.4), RUGGEDCOM RSG2300P V4.X (All versions < V4.3.7), RUGGEDCOM RSG2300P V5.X (All versions < V5.5.4), RUGGEDCOM RSG2488 V4.X (All versions < V4.3.7), RUGGEDCOM RSG2488 V5.X (All versions < V5.5.4), RUGGEDCOM RSG907R (All versions < V5.5.4), RUGGEDCOM RSG908C (All versions < V5.5.4), RUGGEDCOM RSG909R (All versions < V5.5.4), RUGGEDCOM RSG910C (All versions < V5.5.4), RUGGEDCOM RSG920P V4.X (All versions < V4.3.7), RUGGEDCOM RSG920P V5.X (All versions < V5.5.4), RUGGEDCOM RSL910 (All versions < V5.5.4), RUGGEDCOM RST2228 (All versions < V5.5.4), RUGGEDCOM RST2228P (All versions < V5.5.4), RUGGEDCOM RST916C (All versions < V5.5.4), RUGGEDCOM RST916P (All versions < V5.5.4). The DHCP client in affected devices fails to properly sanitize incoming DHCP packets. This could allow an unauthenticated remote attacker to cause memory to be overwritten, potentially allowing remote code execution.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_ros_rmc20ruggedcom_ros_rsg2100ruggedcom_rs8000ruggedcom_rs910ruggedcom_rsg900ruggedcom_ros_rs900gpruggedcom_ros_i800ruggedcom_ros_rs8000ruggedcom_rs900gruggedcom_rsg900cruggedcom_rsg2300ruggedcom_ros_rs401ruggedcom_ros_i801ruggedcom_ros_rmc30ruggedcom_rp110ruggedcom_rsg900gruggedcom_rst2228ruggedcom_rs900gpruggedcom_ros_rs920wruggedcom_rsg2200ruggedcom_ros_rmc40ruggedcom_rs910wruggedcom_rsg2488ruggedcom_rst916pruggedcom_m2200ruggedcom_ros_rs416ruggedcom_rs920lruggedcom_rsg2100ruggedcom_rs8000aruggedcom_ros_m969ruggedcom_rsg920pruggedcom_rmc40ruggedcom_rs900lruggedcom_ros_rsg2100pruggedcom_rmc20ruggedcom_ros_rs969ruggedcom_ros_rs910lruggedcom_ros_rsg2288ruggedcom_rsg900rruggedcom_ros_i802ruggedcom_rmcruggedcom_rs401ruggedcom_ros_rs900wruggedcom_ros_rsg900cruggedcom_rs900ruggedcom_rs930lruggedcom_rs920wruggedcom_ros_i803ruggedcom_ros_rmc8388ruggedcom_rs416ruggedcom_ros_rs8000truggedcom_ros_rs900ruggedcom_ros_rsg900rruggedcom_ros_rst2228ruggedcom_rs930wruggedcom_ros_rs910wruggedcom_ros_rs900gruggedcom_ros_rsg2300ruggedcom_ros_rs416v2ruggedcom_rsg2300pruggedcom_rmc30ruggedcom_ros_rsg900gruggedcom_rs969ruggedcom_ros_rs940gruggedcom_rs416v2ruggedcom_i803ruggedcom_ros_rs900lruggedcom_i802ruggedcom_ros_rs8000hruggedcom_rs8000hruggedcom_rs400ruggedcom_ros_rsg920pruggedcom_rs940gruggedcom_i801ruggedcom_ros_rsl910ruggedcom_rs8000truggedcom_ros_rst916pruggedcom_rsl910ruggedcom_ros_rp110ruggedcom_ros_rsg2300pruggedcom_ros_rs910ruggedcom_ros_rst916cruggedcom_ros_rs400ruggedcom_rsg2288ruggedcom_m2100ruggedcom_ros_rs930lruggedcom_ros_m2100ruggedcom_rst916cruggedcom_ros_m2200ruggedcom_ros_rsg2200ruggedcom_ros_rmc41ruggedcom_rs900wruggedcom_ros_rs8000aruggedcom_m969ruggedcom_ros_rsg900ruggedcom_ros_rs920lruggedcom_rmc41ruggedcom_ros_rmcruggedcom_rmc8388ruggedcom_ros_rsg2488ruggedcom_rsg2100pruggedcom_i800ruggedcom_rs910lruggedcom_ros_rs930wRUGGEDCOM RS910WRUGGEDCOM M969RUGGEDCOM RS1600FRUGGEDCOM RS900 (32M) V5.XRUGGEDCOM RSL910RUGGEDCOM RSG2300 V5.XRUGGEDCOM RS400RUGGEDCOM RST2228RUGGEDCOM i803RUGGEDCOM RSG920P V4.XRUGGEDCOM RS416v2 V5.XRUGGEDCOM RMC30RUGGEDCOM i800RUGGEDCOM RMC8388 V5.XRUGGEDCOM RS910LRUGGEDCOM RS900G (32M) V5.XRUGGEDCOM RSG2100PNC (32M) V5.XRUGGEDCOM RS930WRUGGEDCOM RS969RUGGEDCOM i802RUGGEDCOM RS1600RUGGEDCOM RSG2288 V5.XRUGGEDCOM RS900GRUGGEDCOM RS416v2 V4.XRUGGEDCOM RS920WRUGGEDCOM RSG2100 (32M) V4.XRUGGEDCOM RSG2100PRUGGEDCOM RSG2100P (32M) V5.XRUGGEDCOM RMC8388 V4.XRUGGEDCOM RP110RUGGEDCOM RSG2100RUGGEDCOM RS8000ARUGGEDCOM RS900WRUGGEDCOM RSG2200RUGGEDCOM M2200RUGGEDCOM RS940GRUGGEDCOM RSG2300P V4.XRUGGEDCOM RSG2300 V4.XRUGGEDCOM RS8000TRUGGEDCOM RS900G (32M) V4.XRUGGEDCOM RST2228PRUGGEDCOM RSG908CRUGGEDCOM RS416Pv2 V5.XRUGGEDCOM RS900GPRUGGEDCOM RSG2300P V5.XRUGGEDCOM RST916PRUGGEDCOM RS920LRUGGEDCOM RS900LRUGGEDCOM RS416Pv2 V4.XRUGGEDCOM RS1600TRUGGEDCOM RS8000RUGGEDCOM RS401RUGGEDCOM RS900 (32M) V4.XRUGGEDCOM RST916CRUGGEDCOM RSG2488 V5.XRUGGEDCOM RSG2488 V4.XRUGGEDCOM i801RUGGEDCOM RS930LRUGGEDCOM RSG2100 (32M) V5.XRUGGEDCOM RSG909RRUGGEDCOM RSG920P V5.XRUGGEDCOM RS910RUGGEDCOM M2100RUGGEDCOM RSG907RRUGGEDCOM RS416RUGGEDCOM RS416PRUGGEDCOM RSG2100PNC (32M) V4.XRUGGEDCOM RS8000HRUGGEDCOM RSG2288 V4.XRUGGEDCOM RSG910CRUGGEDCOM RSG2100P (32M) V4.X
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-35398
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 35.63%
||
7 Day CHG~0.00%
Published-28 May, 2024 | 14:38
Updated-03 Apr, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setMacFilterRules.

Action-Not Available
Vendor-n/aTOTOLINK
Product-cp900l_firmwarecp900ln/acp900_l
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-35426
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 41.74%
||
7 Day CHG+0.02%
Published-08 Nov, 2024 | 00:00
Updated-05 Jun, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vmir e8117 was discovered to contain a stack overflow via the init_local_vars function at /src/vmir_wasm_parser.c.

Action-Not Available
Vendor-lonelycodern/avmir
Product-vmirn/avmir
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-36290
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.23% / 46.05%
||
7 Day CHG+0.02%
Published-14 Jan, 2025 | 14:21
Updated-21 Aug, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-wn533a8_firmwarewl-wn533a8Wavlink AC3000
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-35571
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.76%
||
7 Day CHG~0.00%
Published-20 May, 2024 | 17:20
Updated-17 Mar, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ax1806ax1806_firmwaren/aax1806_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-30321
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 50.27%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 06:16
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-aqt1000_firmwareqca2066wcd9380_firmwarewsa8830qca1062_firmwarewcn6851_firmwarewcn6856_firmwaresc8280xp_firmwareqca6430wsa8835wcd9340wsa8810_firmwarewcd9380wcd9341_firmwareqca6420_firmwarewsa8810wcn6855wcn6851wcn6856wcn6855_firmwarewcd9385wcd9341qca2066_firmwareqca6430_firmwareqca1064_firmwarewcn3998qca1062sd_8cx_firmwareqca6391_firmwarewcd9385_firmwaresd_8cxaqt1000wcd9340_firmwarewsa8815sc8280xpwcn6850qca6320wsa8830_firmwareqca1064wsa8815_firmwarewcn6850_firmwarewsa8835_firmwareqca6320_firmwarewcn3998_firmwareqca6391qca6420Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-35099
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.22% / 44.88%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 19:25
Updated-05 May, 2025 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth.

Action-Not Available
Vendor-n/aTOTOLINK
Product-lr350lr350_firmwaren/alr350_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2011-3915
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.57% / 67.47%
||
7 Day CHG~0.00%
Published-13 Dec, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF fonts.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-34945
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.51%
||
7 Day CHG~0.00%
Published-10 May, 2024 | 12:50
Updated-04 Apr, 2025 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the PPW parameter at ip/goform/WizardHandle.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-fh1206fh1206_firmwaren/afh1206_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-33874
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 56.60%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 16:47
Updated-18 Apr, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c.

Action-Not Available
Vendor-n/aThe HDF Group
Product-hdf5n/ahdf5
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-33180
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.76%
||
7 Day CHG+0.17%
Published-16 Jul, 2024 | 00:00
Updated-02 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-ac18_firmwareac18n/aac18
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-33278
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.12% / 90.42%
||
7 Day CHG~0.00%
Published-24 Jun, 2024 | 00:00
Updated-02 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper length validation for the cookie field.

Action-Not Available
Vendor-n/aASUS (ASUSTeK Computer Inc.)
Product-n/art-ax88u_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-28672
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.22% / 83.81%
||
7 Day CHG~0.00%
Published-29 Mar, 2021 | 20:06
Updated-03 Aug, 2024 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before 33.65.51 and 33.59.01 (Bridge), B7025/30/35 before 58.65.51 and 58.59.11 (Bridge), C400 before 67.65.51 and 67.59.01 (Bridge), C405 before 68.65.51 and 68.59.01 (Bridge), C500/C600 before 61.65.51 and 61.59.01 (Bridge), C505/C605 before 62.65.51 and 62.59.01 (Bridge), C7000 before 56.65.51 and 56.59.01 (Bridge), C7020/25/30 before 57.65.51 and 57.59.01 (Bridge), C8000/C9000 before 70.65.51 and 70.59.01 (Bridge), C8000W before 72.65.51 allows remote attackers to execute arbitrary code through a buffer overflow in Web page parameter handling.

Action-Not Available
Vendor-n/aXerox Corporation
Product-versalink_c505versalink_c400_firmwareversalink_b7025versalink_c7000versalink_b605phaser_6510versalink_c9000versalink_b7030versalink_b615versalink_b600versalink_b600_firmwareversalink_b7035_firmwareversalink_c600_firmwareversalink_c605_firmwareversalink_b610versalink_b405versalink_c500versalink_c405_firmwareversalink_c8000_firmwareversalink_c505_firmwareversalink_c405versalink_c7030versalink_c8000w_firmwareversalink_c500_firmwareversalink_b7035versalink_c400workcentre_6515_firmwareversalink_c605versalink_c7025_firmwareversalink_b7030_firmwareversalink_c8000versalink_c8000wversalink_b400versalink_b605_firmwareversalink_c7020_firmwareversalink_c7020workcentre_6515versalink_c7030_firmwareversalink_c7000_firmwareversalink_b615_firmwareversalink_c7025versalink_c600versalink_b610_firmwareversalink_c9000_firmwareversalink_b405_firmwarephaser_6510_firmwareversalink_b7025_firmwareversalink_b400_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-26777
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.95% / 75.44%
||
7 Day CHG~0.00%
Published-02 Dec, 2021 | 03:26
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary code.

Action-Not Available
Vendor-circutorn/a
Product-compact_dc-s_basic_firmwarecompact_dc-s_basicn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-32017
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 40.77%
||
7 Day CHG~0.00%
Published-01 May, 2024 | 06:14
Updated-13 Feb, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer overflows in RIOT

RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. The size check in the `gcoap_dns_server_proxy_get()` function contains a small typo that may lead to a buffer overflow in the subsequent `strcpy()`. In detail, the length of the `_uri` string is checked instead of the length of the `_proxy` string. The `_gcoap_forward_proxy_copy_options()` function does not implement an explicit size check before copying data to the `cep->req_etag` buffer that is `COAP_ETAG_LENGTH_MAX` bytes long. If an attacker can craft input so that `optlen` becomes larger than `COAP_ETAG_LENGTH_MAX`, they can cause a buffer overflow. If the input above is attacker-controlled and crosses a security boundary, the impact of the buffer overflow vulnerabilities could range from denial of service to arbitrary code execution. This issue has yet to be patched. Users are advised to add manual bounds checking.

Action-Not Available
Vendor-RIOT-OSriot-os
Product-RIOTriot
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-45614
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.87% / 74.31%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 22:43
Updated-14 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Action-Not Available
Vendor-HP Inc.Aruba NetworksHewlett Packard Enterprise (HPE)
Product-arubaosinstantosAruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; arubaosinstantos
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-27357
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.46% / 63.15%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 12:07
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c.

Action-Not Available
Vendor-riot-osn/a
Product-riotn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-3119
Matching Score-4
Assigner-Pentraze Cybersecurity
ShareView Details
Matching Score-4
Assigner-Pentraze Cybersecurity
CVSS Score-9||CRITICAL
EPSS-1.40% / 79.67%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 23:55
Updated-03 Feb, 2025 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-Buffer Overflow in 'Call-ID' and 'X-Call-ID' SIP Header Processing in sngrep

A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages.

Action-Not Available
Vendor-irontecirontecirontec
Product-sngrepsngrepsngrep
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27698
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.46% / 63.15%
||
7 Day CHG~0.00%
Published-06 Apr, 2021 | 12:08
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c through the _parse_options() function.

Action-Not Available
Vendor-riot-osn/a
Product-riotn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-27707
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.11% / 86.28%
||
7 Day CHG~0.00%
Published-14 Apr, 2021 | 15:00
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/"portMappingIndex "request. This occurs because the "formDelPortMapping" function directly passes the parameter "portMappingIndex" to strcpy without limit.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-g3g1_firmwareg1g3_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2003-1228
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-12.37% / 93.63%
||
7 Day CHG~0.00%
Published-16 Aug, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the prepare_reply function in request.c for Mathopd 1.2 through 1.5b13, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via an HTTP request with a long path.

Action-Not Available
Vendor-mathopdn/a
Product-mathopdn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2003-1387
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.98% / 92.74%
||
7 Day CHG~0.00%
Published-19 Oct, 2007 | 10:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2011-1291
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.94% / 82.68%
||
7 Day CHG~0.00%
Published-25 Mar, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 10.0.648.204 does not properly handle base strings, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a "buffer error."

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-27391
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-9.8||CRITICAL
EPSS-2.86% / 85.72%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 10:47
Updated-23 Apr, 2025 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.

Action-Not Available
Vendor-Siemens AG
Product-apogee_pxc_compact_\(p2_ethernet\)apogee_pxc_modular_\(bacnet\)_firmwareapogee_pxc_compact_\(p2_ethernet\)_firmwaretalon_tc_compact_\(bacnet\)apogee_mbc_\(ppc\)_\(p2_ethernet\)_firmwareapogee_pxc_bacnet_automation_controllerapogee_mbc_\(ppc\)_\(p2_ethernet\)apogee_pxc_bacnet_automation_controller_firmwareapogee_mec_\(ppc\)_\(p2_ethernet\)talon_tc_compact_\(bacnet\)_firmwareapogee_pxc_modular_\(p2_ethernet\)talon_tc_modular_\(bacnet\)apogee_pxc_modular_\(p2_ethernet\)_firmwareapogee_pxc_modular_\(bacnet\)apogee_mec_\(ppc\)_\(p2_ethernet\)_firmwaretalon_tc_modular_\(bacnet\)_firmwareAPOGEE PXC Modular (P2 Ethernet)APOGEE PXC Compact (BACnet)APOGEE MEC (PPC) (P2 Ethernet)APOGEE PXC Modular (BACnet)APOGEE MBC (PPC) (P2 Ethernet)TALON TC Modular (BACnet)APOGEE PXC Compact (P2 Ethernet)TALON TC Compact (BACnet)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-30635
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 57.96%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 00:00
Updated-25 Mar, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tenda F1202 v1.2.0.20(408) has a stack overflow vulnerability located in the funcpara1 parameter in the formSetCfm function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-f1202_firmwaref1202n/af1202
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2003-0595
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-10.09% / 92.79%
||
7 Day CHG~0.00%
Published-25 Jul, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in WiTango Application Server and Tango 2000 allows remote attackers to execute arbitrary code via a long cookie to Witango_UserReference.

Action-Not Available
Vendor-terascriptn/a
Product-wintango_application_servern/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2010-5333
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-7.22% / 91.24%
||
7 Day CHG~0.00%
Published-13 Sep, 2019 | 15:40
Updated-07 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. An SEH-overwrite buffer overflow already existed for the vulnerable software. This CVE is to track an alternate exploitation method, utilizing an EIP-overwrite buffer overflow.

Action-Not Available
Vendor-integard_home_projectintegard_pro_projectn/a
Product-integard_prointegard_homen/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-29646
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.57% / 67.61%
||
7 Day CHG+0.14%
Published-17 Dec, 2024 | 00:00
Updated-17 Jun, 2025 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields.

Action-Not Available
Vendor-n/aRadare2 (r2)
Product-radare2n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-29243
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 48.96%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 00:00
Updated-17 Jun, 2025 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at /apply.cgi.

Action-Not Available
Vendor-szlbtn/aszlbt
Product-lbt-t300-mini1lbt-t300-mini1_firmwaren/albt-t300-mini_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-25149
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-0.71% / 71.43%
||
7 Day CHG~0.00%
Published-29 Mar, 2021 | 23:58
Updated-03 Aug, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.

Action-Not Available
Vendor-n/aSiemens AGAruba Networks
Product-scalance_w1750d_firmwareinstantscalance_w1750dAruba Instant Access Points
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2010-3441
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-6.43% / 90.67%
||
7 Day CHG~0.00%
Published-18 Feb, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote attackers to execute arbitrary code via (1) a crafted input file, related to the PUT0 and PUT1 output macros; (2) a crafted input file, related to the trim_title function; and possibly (3) a long -O option on a command line.

Action-Not Available
Vendor-moinejfn/aFedora Project
Product-fedoraabcm2psn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2002-0698
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-17.12% / 94.74%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_servern/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-26621
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-8.1||HIGH
EPSS-3.31% / 86.72%
||
7 Day CHG~0.00%
Published-25 Mar, 2022 | 18:02
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netis Korea MEX01 Buffer overflow vulnerability

An Buffer Overflow vulnerability leading to remote code execution was discovered in MEX01. Remote attackers can use this vulnerability by using the property that the target program copies parameter values to memory through the strcpy() function.

Action-Not Available
Vendor-netuNetU Corp.
Product-mex01mex01_firmwareMEX01
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2001-1323
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.12% / 83.43%
||
7 Day CHG~0.00%
Published-03 May, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob function.

Action-Not Available
Vendor-n/aMIT (Massachusetts Institute of Technology)
Product-kerberos_5n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2010-1450
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.82% / 85.60%
||
7 Day CHG~0.00%
Published-27 May, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.

Action-Not Available
Vendor-n/aPython Software Foundation
Product-pythonn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2010-1205
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-17.03% / 94.72%
||
7 Day CHG~0.00%
Published-30 Jun, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

Action-Not Available
Vendor-libpngn/aMozilla CorporationSUSECanonical Ltd.Debian GNU/LinuxGoogle LLCFedora ProjectVMware (Broadcom Inc.)openSUSEApple Inc.
Product-ubuntu_linuxfedorafirefoxiphone_osthunderbirditunessafariseamonkeyworkstationchromeopensusedebian_linuxmac_os_x_serverlinux_enterprise_serverplayerlibpngmac_os_xn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-2452
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-7||HIGH
EPSS-0.14% / 34.75%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 15:43
Updated-13 Feb, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer wraparound, under-allocation, and heap buffer overflow in Eclipse ThreadX NetX Duo __portable_aligned_alloc()

In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. This could cause subsequent heap buffer overflows.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-threadx_netx_duoThreadX
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-23613
Matching Score-4
Assigner-Exodus Intelligence
ShareView Details
Matching Score-4
Assigner-Exodus Intelligence
CVSS Score-10||CRITICAL
EPSS-7.65% / 91.51%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 23:32
Updated-29 May, 2025 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symantec Deployment Solution Remote Code Execution

A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.

Action-Not Available
Vendor-Symantec CorporationBroadcom Inc.
Product-symantec_deployment_solutionsDeployment Solution
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2000-1094
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.94% / 91.69%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument.

Action-Not Available
Vendor-n/aAOL (Yahoo Inc.)
Product-aimn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2009-5041
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.70% / 71.16%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 15:35
Updated-07 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

overkill has buffer overflow via long player names that can corrupt data on the server machine

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-overkilln/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-2331
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.10% / 28.87%
||
7 Day CHG~0.00%
Published-09 Mar, 2024 | 10:00
Updated-16 Apr, 2025 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Tourist Reservation System System.cpp ad_writedata buffer overflow

A vulnerability was found in SourceCodester Tourist Reservation System 1.0. It has been declared as critical. This vulnerability affects the function ad_writedata of the file System.cpp. The manipulation of the argument ad_code leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256282 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodesterrazormist
Product-tourist_reservation_systemTourist Reservation System
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-23616
Matching Score-4
Assigner-Exodus Intelligence
ShareView Details
Matching Score-4
Assigner-Exodus Intelligence
CVSS Score-10||CRITICAL
EPSS-6.30% / 90.57%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 23:32
Updated-23 Aug, 2024 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symantec Server Management Suite Buffer Overflow

A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.

Action-Not Available
Vendor-Broadcom Inc.Symantec Corporation
Product-symantec_server_management_suiteServer Management Suiteserver_management_suite
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-23286
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.11% / 77.26%
||
7 Day CHG~0.00%
Published-08 Mar, 2024 | 01:36
Updated-13 Feb, 2025 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. Processing an image may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosvisionosmacosvisionOSiOS and iPadOStvOSmacOSwatchOSipadosmacostvosiphone_osvisionoswatchos
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-23614
Matching Score-4
Assigner-Exodus Intelligence
ShareView Details
Matching Score-4
Assigner-Exodus Intelligence
CVSS Score-10||CRITICAL
EPSS-2.13% / 83.48%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 23:32
Updated-05 Sep, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Symantec Messaging Gateway Buffer Overflow

A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root.

Action-Not Available
Vendor-Broadcom Inc.Symantec Corporation
Product-symantec_messaging_gatewayMessaging Gateway
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-44632
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.90% / 74.76%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 21:58
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/upgrade_info feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.

Action-Not Available
Vendor-n/aTP-Link Systems Inc.
Product-tl-wr886ntl-wr886n_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-1999-0284
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.44% / 87.03%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command.

Action-Not Available
Vendor-n/aIBM CorporationMicrosoft Corporation
Product-lotus_domino_mail_serverexchange_servern/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-21480
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.3||HIGH
EPSS-0.10% / 27.96%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 14:32
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio

Memory corruption while playing audio file having large-sized input buffer.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca6678aq_firmwareqcm8550_firmwaresa6150p_firmwaresd865_5gsw5100pwsa8832wsa8845_firmwaresnapdragon_480_5g_mobileqca6595srv1mqca6678aqqca8081_firmwarewcd9370snapdragon_x35_5g_modem-rfar8035_firmwareqca6696wcd9340_firmwaresa8530psa4150p_firmwarewcd9395_firmwareqcn6024qcc710_firmwaresnapdragon_8\+_gen_1_mobilewcn6740_firmwarefastconnect_6700snapdragon_685_4g_mobilesa4150pwsa8815_firmwarewsa8832_firmwaresa8195p_firmwareqca8337_firmwareqca8337wcd9395sg8275p_firmwareqcm6490_firmwareqca6574au_firmwaresnapdragon_x72_5g_modem-rfqam8295pqcm4490_firmwareqca6574auwcd9390sa8620p_firmwarewcn3950wsa8810_firmwarewsa8845h_firmwaresa9000p_firmwaresrv1hqca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaretalynplus_firmwareqcs5430sa8295p_firmwareqcn6024_firmwaresa4155p_firmwareqcm5430qcm5430_firmwaresa4155psa8770pqca6584auqcn6274_firmwaressg2115pqcc710snapdragon_xr2_5g_firmwaresw5100_firmwaresa8540pwcn6740snapdragon_8_gen_3_mobile_firmwareqfw7114_firmwareqca6595_firmwarefastconnect_7800_firmwarefastconnect_6900snapdragon_w5\+_gen_1_wearable_firmwareqep8111sa7255pqfw7114wcd9385_firmwarefastconnect_6900_firmwareqam8255p_firmwarewcd9380sa6145p_firmwareqam8255psxr2230psnapdragon_xr2_5gsnapdragon_x65_5g_modem-rfsa8150pqcs4490snapdragon_680_4g_mobilewsa8845sa6155psxr1230pwsa8810qam8650psa9000psrv1h_firmwaresw5100qca6595auvideo_collaboration_vc3_platformsnapdragon_4_gen_1_mobile_firmwaresxr2250p_firmwaresa6155p_firmwaresnapdragon_685_4g_mobile_firmwarewsa8840qam8295p_firmwaresrv1m_firmwareqcs8550_firmwaresnapdragon_x35_5g_modem-rf_firmwaresnapdragon_8_gen_2_mobile_firmwareqfw7124_firmwareqca6698aq_firmwaresnapdragon_4_gen_2_mobile_firmwarewcd9385snapdragon_8_gen_1_mobilesnapdragon_695_5g_mobile_firmwareqcs4490_firmwaresnapdragon_680_4g_mobile_firmwaresa8255psxr1230p_firmwarewcd9390_firmwaresnapdragon_8_gen_2_mobileqep8111_firmwaresg8275pwcd9370_firmwaressg2125psa7255p_firmwareqca6574asnapdragon_8\+_gen_2_mobilesnapdragon_x72_5g_modem-rf_firmwareqcm4490qca6174asa8195psnapdragon_x65_5g_modem-rf_firmwarewcd9340snapdragon_480\+_5g_mobile_firmwareqamsrv1msnapdragon_auto_5g_modem-rf_gen_2talynplusqca6174a_firmwareqcm6490sa8540p_firmwareqam8650p_firmwaresm8550p_firmwaresxr2250pqcm8550wcn3988qcs6490_firmwareqcn9024qca6584au_firmwarewcn3980_firmwareqcn6274qca6574qfw7124sa8775psnapdragon_w5\+_gen_1_wearableqca6595au_firmwaresxr2230p_firmwarewsa8835wsa8840_firmwaresw5100p_firmwaresa8775p_firmwareqamsrv1hqca6696_firmwareqcn9024_firmwarewsa8845hwcd9380_firmwaresa6150pqca6574_firmwaresa8155p_firmwareqca8081wsa8815sg4150psa8155psd_8_gen1_5gwsa8830qam8775pqca6797aqsnapdragon_ar2_gen_1_firmwaresm8550psa6145psnapdragon_x75_5g_modem-rfqcm4325_firmwaresa8620psa8255p_firmwarear8035qca6574a_firmwareqamsrv1m_firmwaresnapdragon_4_gen_1_mobilesnapdragon_4_gen_2_mobilesa8650p_firmwareqcm4325sd_8_gen1_5g_firmwarewcd9375_firmwareqcn6224qcs5430_firmwareqca6698aqsg4150p_firmwaressg2125p_firmwarewcn3950_firmwaresa8530p_firmwaresa8295psa8770p_firmwareqcs8550snapdragon_480\+_5g_mobilefastconnect_6200fastconnect_7800sa8145p_firmwaresa8650pqam8775p_firmwaresd865_5g_firmwaresnapdragon_480_5g_mobile_firmwaresnapdragon_8\+_gen_2_mobile_firmwarewcd9375sa8150p_firmwaresnapdragon_ar2_gen_1wcn3988_firmwarefastconnect_6700_firmwareqamsrv1h_firmwarevideo_collaboration_vc3_platform_firmwaresa8145psnapdragon_8\+_gen_1_mobile_firmwaresnapdragon_x75_5g_modem-rf_firmwarewsa8835_firmwaressg2115p_firmwareqcs6490snapdragon_695_5g_mobilesnapdragon_8_gen_3_mobilewcn3980fastconnect_6200_firmwarewsa8830_firmwareqcn6224_firmwaresnapdragon_8_gen_1_mobile_firmwareSnapdragonqam8255p_firmwaresa6155p_firmwareqca8337_firmwareqcm4490_firmwareqcm8550_firmwaresa6150p_firmwareqca6678aq_firmwareqcn6274_firmwareqcs4490_firmwareqcm6490_firmwaresa4155p_firmwarefastconnect_6900_firmwareqcs8550_firmwareqca6797aq_firmwareqcn6224_firmwaresa6145p_firmwarefastconnect_6700_firmwareqcn9024_firmwaresa7255p_firmwarefastconnect_7800_firmwareqca6595au_firmwareqamsrv1m_firmwareqca6698aq_firmwareqcm5430_firmwareqca6174a_firmwareqam8650p_firmwareqam8775p_firmwareqca6584au_firmwareqep8111_firmwareqca6696_firmwareqca6595_firmwareqcs6490_firmwareqfw7114_firmwareqcs5430_firmwarequalcomm_video_collaboration_vc3_platform_firmwareqcn6024_firmwaresa4150p_firmwareqcm4325_firmwareqamsrv1h_firmwareqca6574_firmwareqcc710_firmwareqam8295p_firmwareqca6574a_firmwarefastconnect_6200_firmwareqca6574au_firmwareqca8081_firmwareqfw7124_firmwarear8035_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-21463
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.3||HIGH
EPSS-0.08% / 25.16%
||
7 Day CHG+0.02%
Published-01 Apr, 2024 | 15:06
Updated-13 Jan, 2025 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in Audio

Memory corruption while processing Codec2 during v13k decoder pitch synthesis.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfw7124_firmwarewcn6740_firmwaresnapdragon_685_4g_mobile_firmwareqcn6274wsa8840_firmwareqam8255p_firmwareqca6797aq_firmwaresa4155p_firmwaresnapdragon_888\+_5g_mobilesrv1hsa7255psnapdragon_8_gen_3_mobile_firmwarewcd9370snapdragon_4_gen_2_mobileqca6595au_firmwaresa8145p_firmwareqfw7114sxr1230pqcn6024snapdragon_4_gen_1_mobile_firmwarewsa8810_firmwareqam8650p_firmwareqca6574_firmwaresnapdragon_8\+_gen_2_mobilesnapdragon_8_gen_1_mobileqcc710_firmwaresa8650p_firmwareqcm4490_firmwareqca6595auar8035sa7255p_firmwarewcd9340sa6145pwcn3950wcd9395_firmwarewsa8845h_firmwaretalynplus_firmwareqca6696qcm4325qca8337ssg2115pqca6584au_firmwareqca6574au_firmwaresnapdragon_685_4g_mobilewsa8845wcd9375_firmwaresxr1230p_firmwaresnapdragon_680_4g_mobile_firmwareqcm4325_firmwaresa6150p_firmwaresnapdragon_888_5g_mobile_firmwarewsa8835_firmwaresnapdragon_4_gen_1_mobilesd_8_gen1_5gqamsrv1hsg4150p_firmwaresnapdragon_x75_5g_modem-rfwcd9390_firmwaresnapdragon_888_5g_mobilewsa8815_firmwaresnapdragon_8_gen_2_mobileqca6574asw5100talynplussnapdragon_8\+_gen_2_mobile_firmwarewsa8815sm8550p_firmwarewcd9385_firmwaresw5100p_firmwaresa8620p_firmwarewcn3950_firmwarewcd9395sw5100pqam8650psa8770psnapdragon_xr2_5g_firmwareqca6574a_firmwaresa8620psa8145psnapdragon_480_5g_mobile_firmwareqca6696_firmwaresnapdragon_w5\+_gen_1_wearable_firmwaresa6155pqep8111sa8150pwsa8830_firmwaresnapdragon_ar2_gen_1qca6698aqqamsrv1h_firmwarewcn3980_firmwareqcs8550qam8775pwcd9380_firmwaresnapdragon_x65_5g_modem-rfsxr2250p_firmwareqca6174a_firmwareqca8081snapdragon_695_5g_mobilewsa8840wcn3988_firmwareqca6574auqcn9024ssg2125par8035_firmwaresa8195psnapdragon_8_gen_3_mobileqca8337_firmwareqamsrv1msxr2230psa8770p_firmwarefastconnect_6700_firmwarewsa8832qcc710qcs4490snapdragon_x35_5g_modem-rffastconnect_7800_firmwaresa8155pqam8255pqfw7124qcm4490srv1h_firmwaresnapdragon_auto_5g_modem-rf_gen_2sg8275p_firmwarewsa8845_firmwareqcn6224sa8255p_firmwarewcn3980snapdragon_4_gen_2_mobile_firmwaresnapdragon_ar2_gen_1_firmwareqcm8550snapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_480\+_5g_mobilewcd9390snapdragon_w5\+_gen_1_wearablewsa8835qca6678aq_firmwaresnapdragon_680_4g_mobilesw5100_firmwarefastconnect_7800qcn6274_firmwaresxr2250pwsa8830sa8295p_firmwareqfw7114_firmwaresa8295pwcd9375qcs8550_firmwarefastconnect_6900snapdragon_xr2_5gsnapdragon_x35_5g_modem-rf_firmwaresa6150psnapdragon_695_5g_mobile_firmwarefastconnect_6200_firmwaresrv1m_firmwaresnapdragon_8_gen_2_mobile_firmwareqca6584auqca6595sa8155p_firmwarewcn6740qca6595_firmwaresnapdragon_480\+_5g_mobile_firmwareqep8111_firmwarefastconnect_6700qcn6224_firmwareqca6174asa8255psnapdragon_480_5g_mobilesnapdragon_x65_5g_modem-rf_firmwarewcn3988sa4155pqcn6024_firmwaressg2115p_firmwareqca6797aqwsa8845hqam8775p_firmwareqamsrv1m_firmwarefastconnect_6900_firmwareqam8295p_firmwaressg2125p_firmwarewcd9380wsa8832_firmwaresa8650pwcd9385sd865_5g_firmwaresm8550pwcd9340_firmwaresg4150psa8195p_firmwaresa4150p_firmwaresnapdragon_x75_5g_modem-rf_firmwareqca6574sa8150p_firmwaresa8775pqca8081_firmwaresa9000p_firmwaresnapdragon_8\+_gen_1_mobile_firmwareqcn9024_firmwareqcs4490_firmwaresa4150psa6155p_firmwaresrv1mqam8295psnapdragon_888\+_5g_mobile_firmwaresa9000psnapdragon_8_gen_1_mobile_firmwaresxr2230p_firmwaresa8775p_firmwareqca6698aq_firmwarefastconnect_6200sd865_5gqca6678aqsg8275pqcm8550_firmwaresa6145p_firmwarewcd9370_firmwaresd_8_gen1_5g_firmwaresnapdragon_8\+_gen_1_mobilewsa8810Snapdragonqam8255p_firmwaretalynplus_firmwareqca8337_firmwarewcd9380_firmwaresa6150p_firmwaresa8145p_firmwaresxr2230p_firmwaresg8275p_firmwarear8035_firmwareqcn6224_firmwaresxr1230p_firmwarewcn3950_firmwaresnapdragon_888_5g_mobile_platform_firmwaresa8150p_firmwareqca6595au_firmwaresnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_4_gen_2_mobile_platform_firmwaressg2125p_firmwaresnapdragon_480_5g_mobile_platform_firmwareqca6584au_firmwareqep8111_firmwareqfw7114_firmwarewcd9385_firmwareqcn6024_firmwareqcm4325_firmwareqamsrv1h_firmwareqca6574_firmwaresd_8_gen1_5g_firmwarewcd9340_firmwarewsa8845_firmwareqam8295p_firmwaresnapdragon_xr2_5g_platform_firmwaresa9000p_firmwareqca6574a_firmwaresnapdragon_695_5g_mobile_platform_firmwareqca6574au_firmwarefastconnect_6200_firmwarewcd9375_firmwareqca8081_firmwarewsa8845h_firmwarewcn3980_firmwaresnapdragon_680_4g_mobile_platform_firmwarewcn6740_firmwaresa8620p_firmwaresa6155p_firmwaresnapdragon_x65_5g_modem-rf_system_firmwareqcm8550_firmwareqcm4490_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareqca6678aq_firmwareqcn6274_firmwareqcs4490_firmwaresa8775p_firmwarewsa8840_firmwaresa4155p_firmwaresa8650p_firmwarewsa8832_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwaresrv1h_firmwareqcs8550_firmwarewcn3988_firmwareqca6797aq_firmwaresa6145p_firmwaresa8155p_firmwarefastconnect_6700_firmwareqcn9024_firmwaresa7255p_firmwarewsa8810_firmwarefastconnect_7800_firmwaresnapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwarewcd9395_firmwaresw5100p_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareqca6698aq_firmwareqamsrv1m_firmwaresrv1m_firmwareqca6174a_firmwareqam8650p_firmwaresa8770p_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwareqam8775p_firmwareqca6696_firmwareqca6595_firmwaresa4150p_firmwarewcd9370_firmwaresm8550p_firmwareqcc710_firmwaresnapdragon_8_gen_3_mobile_platform_firmwarewcd9390_firmwarewsa8830_firmwaresd865_5g_firmwarewsa8815_firmwaresxr2250p_firmwarewsa8835_firmwaresa8195p_firmwaressg2115p_firmwaresw5100_firmwareqfw7124_firmwaresa8295p_firmwaresg4150p_firmwaresnapdragon_8_gen_2_mobile_platform_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-21828
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.46% / 63.15%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 21:03
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the label for later reference. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-attn/a
Product-xmillAT&T
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 20
  • 21
  • Next
Details not found