Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-32422

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-22 Aug, 2023 | 00:00
Updated At-03 Oct, 2024 | 18:21
Rejected At-
Credits

dpic 2021.01.01 has a Global buffer overflow in theyylex() function in main.c and reads out of the bound array.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:22 Aug, 2023 | 00:00
Updated At:03 Oct, 2024 | 18:21
Rejected At:
▼CVE Numbering Authority (CNA)

dpic 2021.01.01 has a Global buffer overflow in theyylex() function in main.c and reads out of the bound array.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gitlab.com/aplevich/dpic/-/commit/d317e4066c17f9ceb359b3af13264c32f6fb43cf
N/A
https://gitlab.com/aplevich/dpic/-/issues/6
N/A
Hyperlink: https://gitlab.com/aplevich/dpic/-/commit/d317e4066c17f9ceb359b3af13264c32f6fb43cf
Resource: N/A
Hyperlink: https://gitlab.com/aplevich/dpic/-/issues/6
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gitlab.com/aplevich/dpic/-/commit/d317e4066c17f9ceb359b3af13264c32f6fb43cf
x_transferred
https://gitlab.com/aplevich/dpic/-/issues/6
x_transferred
Hyperlink: https://gitlab.com/aplevich/dpic/-/commit/d317e4066c17f9ceb359b3af13264c32f6fb43cf
Resource:
x_transferred
Hyperlink: https://gitlab.com/aplevich/dpic/-/issues/6
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:22 Aug, 2023 | 19:16
Updated At:24 Aug, 2023 | 21:59

dpic 2021.01.01 has a Global buffer overflow in theyylex() function in main.c and reads out of the bound array.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
dpic_project
dpic_project
>>dpic>>2021-01-01
cpe:2.3:a:dpic_project:dpic:2021-01-01:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-120Primarynvd@nist.gov
CWE ID: CWE-120
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gitlab.com/aplevich/dpic/-/commit/d317e4066c17f9ceb359b3af13264c32f6fb43cfcve@mitre.org
Third Party Advisory
https://gitlab.com/aplevich/dpic/-/issues/6cve@mitre.org
Third Party Advisory
Hyperlink: https://gitlab.com/aplevich/dpic/-/commit/d317e4066c17f9ceb359b3af13264c32f6fb43cf
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://gitlab.com/aplevich/dpic/-/issues/6
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

491Records found
CVE-2021-32420
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.12% / 30.96%
||
7 Day CHG+0.02%
Published-22 Aug, 2023 | 00:00
Updated-04 Oct, 2024 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dpic 2021.01.01 has a Heap-based Buffer Overflow in thestorestring function in dpic.y.

Action-Not Available
Vendor-dpic_projectn/a
Product-dpicn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-32421
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 36.30%
||
7 Day CHG+0.03%
Published-22 Aug, 2023 | 00:00
Updated-03 Oct, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dpic 2021.01.01 has a Heap Use-After-Free in thedeletestringbox() function in dpic.y.

Action-Not Available
Vendor-dpic_projectn/a
Product-dpicn/a
CWE ID-CWE-416
Use After Free
CVE-2024-8748
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.73% / 72.87%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 01:15
Updated-21 Jan, 2025 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-ex3500-t0_firmwareex5510-b0_firmwarenr7101pm7300-t0_firmwareex3301-t0emg5523-t50b_firmwaredx5401-b1lte7480-m804lte5398-m904dx5401-b0_firmwareex5501-b0_firmwareex3510-b0px5301-t0ax7501-b0ex5512-t0ex3300-t0_firmwareex3500-t0vmg8623-t50bax7501-b1_firmwarevmg4005-b50bnebula_nr5101pm3100-t0ex5600-t1lte7490-m904ex3300-t0dx5401-b1_firmwarewx3100-t0emg5723-t50kpm5100-t0_firmwarewx5610-b0ee6510-10_firmwareex5401-b1_firmwareex3501-t0_firmwarewx3401-b0_firmwareex5601-t0_firmwareex7710-b0_firmwarevmg8825-t50k_firmwareex3600-t0_firmwareex3300-t1pm7500-t0vmg3927-b50bdx4510-b1vmg4927-b50a_firmwarelte3301-plusvmg3927-b50b_firmwarenebula_nr5101_firmwarewx5600-t0_firmwareemg3525-t50bpx3321-t1ee6510-10dx3300-t1ax7501-b1vmg4005-b50a_firmwarevmg4005-b60a_firmwarevmg4005-b50avmg4005-b50b_firmwarepx5301-t0_firmwarelte5398-m904_firmwarewx3401-b0ex3510-b1ex5600-t1_firmwaredx4510-b0nebula_lte3301-plusdx3300-t1_firmwareex3510-b0_firmwareemg5523-t50bex5401-b0nr7101_firmwareex5601-t1dx3300-t0ex5401-b0_firmwarepm3100-t0_firmwarevmg4927-b50apx3321-t1_firmwaredx4510-b1_firmwareex3301-t0_firmwareex5510-b0wx3401-b1vmg3927-t50k_firmwareex5401-b1ex2210-t0_firmwareex2210-t0lte5388-m804vmg4005-b60apm5100-t0lte7480-m804_firmwarenebula_nr7101_firmwareex7501-b0_firmwarewx3100-t0_firmwareemg3525-t50b_firmwarelte7490-m904_firmwarepm7300-t0vmg3625-t50bnebula_nr7101vmg8623-t50b_firmwareemg5723-t50k_firmwarenr7102ex3600-t0nr7102_firmwareex5501-b0ax7501-b0_firmwaredx3300-t0_firmwaredx3301-t0ex3300-t1_firmwaredx3301-t0_firmwareex5601-t1_firmwarevmg8825-t50kdx4510-b0_firmwareex5601-t0ex7501-b0wx5600-t0nebula_lte3301-plus_firmwarelte3301-plus_firmwareex3510-b1_firmwaredx5401-b0ex5512-t0_firmwareemg6726-b10a_firmwareex7710-b0emg6726-b10avmg3927-t50kex3501-t0pm7500-t0_firmwarewx5610-b0_firmwarevmg3625-t50b_firmwarewx3401-b1_firmwarelte5388-m804_firmwareVMG8825-T50K firmwarewx3401-b1_firmwarepm7500-t0_firmwaredx3300-t1_firmwaredx4510-b1_firmwarepm5100-t0_firmwarepx3321-t1_firmwareex2210-t0_firmwarelte5388-m804_firmwarenebula_lte3301-plus_firmwaredx5401_b1_firmwarelte5398-m904_firmwaredx5401-b0_firmwarepx5301-t0_firmwareax7501-b1_firmwarenr7102_firmwarevmg8825-t50k_firmwarepm7300-t0_firmwareax7501-b0_firmwaredx3300-t0_firmwarenr7101_firmwareee6510-10_firmwaredx3301-t0_firmwaredx4510-b0_firmwarelte7480-m804_firmwarenebula_nr5101_firmwarenebula_nr7101_firmwarelte7490-m904_firmwarelte3301-plus_firmwarewx3401-b0_firmwarewx3100-t0_firmwarewx5610-b0_firmwarepm3100-t0_firmwarewx5600-t0_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-6918
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.5||HIGH
EPSS-0.21% / 43.26%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 12:11
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause a crash of the Accutech Manager when receiving a specially crafted request over port 2536/TCP.

Action-Not Available
Vendor-
Product-Accutech Manageraccutech_manager
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-5273
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.70%
||
7 Day CHG~0.00%
Published-26 Dec, 2019 | 18:49
Updated-04 Aug, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in a large heap buffer overrun error, an attacker may exploit the vulnerability by a malicious certificate, resulting a denial of service on the affected products.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-usg9500_firmwareusg9500USG9500
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-58106
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-4.6||MEDIUM
EPSS-0.04% / 13.48%
||
7 Day CHG-0.09%
Published-07 Apr, 2025 | 03:31
Updated-07 May, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-58107
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.11%
||
7 Day CHG-0.12%
Published-07 Apr, 2025 | 03:33
Updated-07 May, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-680
Integer Overflow to Buffer Overflow
CVE-2024-58110
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-4.6||MEDIUM
EPSS-0.04% / 13.48%
||
7 Day CHG-0.09%
Published-07 Apr, 2025 | 03:36
Updated-07 May, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-58109
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-4.6||MEDIUM
EPSS-0.04% / 13.48%
||
7 Day CHG-0.09%
Published-07 Apr, 2025 | 03:35
Updated-07 May, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-5304
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.29%
||
7 Day CHG~0.00%
Published-03 Jan, 2020 | 14:33
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-ar2200_firmwares6700ips_modulear1200ar3200_firmwarear2200srg1300srg1300_firmwaresecospace_usg6300srg3300_firmwarenip6300_firmwaresrg2300_firmwaresrg3300netengine16exar120-s_firmwarear1200-s_firmwarenip6600ngfw_modulear200-sar120-sar150-sar160srg2300secospace_usg6500_firmwarear150_firmwarear2200-snip6300secospace_usg6500ips_module_firmwarear150-s_firmwaresecospace_usg6600_firmwarear1200-sar3600ar150ar3200ngfw_module_firmwarear1200_firmwarear200-s_firmwarear200s5700_firmwares6700_firmwarear3600_firmwarear160_firmwarear2200-s_firmwaresecospace_antiddos8000_firmwarear200_firmwarenip6600_firmwares5700secospace_antiddos8000netengine16ex_firmwaresecospace_usg6600secospace_usg6300_firmwareAR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600;IPS Module;NGFW Module;NIP6300;NIP6600;NetEngine16EX;S5700;S6700;SRG1300;SRG2300;SRG3300;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-57392
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.61% / 89.36%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service (DoS) on the FTP service by sending a maliciously crafted message to the ProFTPD service port.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-24700
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.89% / 75.74%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 19:51
Updated-03 Aug, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in WinAPRS 2.9.0. A buffer overflow in DIGI address processing for VHF KISS packets allows a remote attacker to cause a denial of service (daemon crash) via a malicious AX.25 packet over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Action-Not Available
Vendor-winaprsn/a
Product-winaprsn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-25349
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-4.6||MEDIUM
EPSS-0.04% / 12.76%
||
7 Day CHG~0.00%
Published-18 Feb, 2026 | 21:54
Updated-19 Feb, 2026 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service

ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices.

Action-Not Available
Vendor-scadaapp
Product-scadaApp for iOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-25353
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-4.6||MEDIUM
EPSS-0.04% / 12.76%
||
7 Day CHG~0.00%
Published-18 Feb, 2026 | 21:54
Updated-19 Feb, 2026 | 15:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service

Foscam Video Management System 1.1.4.9 contains a denial of service vulnerability in the username input field that allows attackers to crash the application. Attackers can overwrite the username with a 520-byte buffer of repeated 'A' characters to trigger an application crash during device login.

Action-Not Available
Vendor-Diy Security SL
Product-Foscam Video Management System
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-20828
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 8.69%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 16:54
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfreadern/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-20839
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.08% / 88.67%
||
7 Day CHG~0.00%
Published-17 Jun, 2020 | 15:11
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.

Action-Not Available
Vendor-libvnc_projectn/aDebian GNU/LinuxSiemens AGCanonical Ltd.openSUSE
Product-ubuntu_linuxsimatic_itc1500_prosimatic_itc1900simatic_itc2200_pro_firmwaresimatic_itc2200simatic_itc1500_pro_firmwaredebian_linuxsimatic_itc1500simatic_itc1900_firmwaresimatic_itc1900_pro_firmwaresimatic_itc1500_firmwaresimatic_itc2200_firmwaresimatic_itc2200_prolibvncserversimatic_itc1900_proleapn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-0284
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-0.44% / 63.24%
||
7 Day CHG~0.00%
Published-17 Aug, 2021 | 22:50
Updated-16 Sep, 2024 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore)

A buffer overflow vulnerability in the TCP/IP stack of Juniper Networks Junos OS allows an attacker to send specific sequences of packets to the device thereby causing a Denial of Service (DoS). By repeatedly sending these sequences of packets to the device, an attacker can sustain the Denial of Service (DoS) condition. The device will abnormally shut down as a result of these sent packets. A potential indicator of compromise will be the following message in the log files: "eventd[13955]: SYSTEM_ABNORMAL_SHUTDOWN: System abnormally shut down" This issue is only triggered by traffic destined to the device. Transit traffic will not trigger this issue. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 17.3 versions prior to 17.3R3-S12; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S2, 20.4R3; 21.1 versions prior to 21.1R2; 21.2 versions prior to 21.2R1-S1, 21.2R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-20502
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.49% / 65.72%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 19:14
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer overflow via a long body2.ghp message parameter.

Action-Not Available
Vendor-echatservern/a
Product-easy_chat_servern/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-20823
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 5.29%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 17:00
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a buffer overflow because a looping correction does not occur after JavaScript updates Field APs.

Action-Not Available
Vendor-n/aFoxit Software Incorporated
Product-phantompdfn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-6711
Matching Score-4
Assigner-Hitachi Energy
ShareView Details
Matching Score-4
Assigner-Hitachi Energy
CVSS Score-5.9||MEDIUM
EPSS-0.18% / 39.53%
||
7 Day CHG~0.00%
Published-19 Dec, 2023 | 14:53
Updated-25 Sep, 2024 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an RTU500 CMU.

Action-Not Available
Vendor-Hitachi Energy Ltd.
Product-rtu500_firmwarertu500RTU500 series CMU Firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-20423
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.62% / 70.24%
||
7 Day CHG~0.00%
Published-27 Jan, 2020 | 04:21
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error.

Action-Not Available
Vendor-lustren/a
Product-lustren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-24764
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.94% / 76.46%
||
7 Day CHG~0.00%
Published-22 Mar, 2022 | 00:00
Updated-04 Nov, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack buffer overflow in pjproject

PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.

Action-Not Available
Vendor-teluupjsipDebian GNU/Linux
Product-pjsipdebian_linuxpjproject
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-53027
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.31% / 54.44%
||
7 Day CHG-0.03%
Published-03 Mar, 2025 | 10:07
Updated-11 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in WLAN Host

Transient DOS may occur while processing the country IE.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429w_firmwareqcm8550_firmwareqcs410_firmwaresd865_5gapq8017sw5100psxr1120sa6150p_firmwarewcn6650qca6595qcs610_firmwarewcd9335snapdragon_8\+_gen_1wcd9370qca8081_firmwaresnapdragon_429_firmwareqca6696qam8620p_firmwarewcd9340_firmwaresa8530pwcd9341_firmwaresxr2330p_firmwarewcd9395_firmwareqcn6024qcc2073_firmwareqcc710_firmwareqca6426wcn6740_firmwarefastconnect_6700wcn3610snapdragon_695_5gsa4150psnapdragon_888_5gwsa8832_firmwareqca8337qca6426_firmwarewcd9395snapdragon_4_gen_2_firmwareqca6574au_firmwareqca6564_firmwaresm6370qam8295pwcd9341qca6574ausnapdragon_820_automotivewcd9390sa8620p_firmwarewsa8810_firmwarewsa8845h_firmwaresnapdragon_429csra6640sa9000p_firmwaresrv1hsnapdragon_778g\+_5g_firmwaresnapdragon_865\+_5gsm8650q_firmwarewcn3660b_firmwareqcs9100qca6554asnapdragon_8\+_gen_2snapdragon_820_automotive_firmwareqcs5430fastconnect_6800_firmwaresnapdragon_865\+_5g_firmwaresd835_firmwareqcn6024_firmwaresnapdragon_x65_5gqcm5430qcm5430_firmwarevideo_collaboration_vc1_platform_firmwaresa4155psnapdragon_888\+_5g_firmwaresa8770pqcm6125_firmwareqcc710snapdragon_xr2_5g_firmwaresnapdragon_xr1_firmwaresa8540psxr1120_firmwareqca6777aqsnapdragon_660_firmwaresnapdragon_4_gen_2fastconnect_6900snapdragon_w5\+_gen_1_wearable_firmwaresnapdragon_8_gen_2_firmwarevideo_collaboration_vc1_platformsnapdragon_x72_5gqep8111sa7255psm8635qfw7114wcd9385_firmwareqca6310qam8255p_firmwaresnapdragon_778g_5gsa8155_firmwaresdx61qcs4490snapdragon_662_firmwareqca6787aqwsa8845sa6155pqcm6125qca6564au_firmwarewsa8810205video_collaboration_vc5_platform_firmwareqam8650psa9000psrv1h_firmwareqca6595ausxr2250p_firmwaresm7315_firmwaresnapdragon_865_5g_firmwarewcd9326_firmwaresa6155p_firmwarewsa8840mdm9640_firmwaresrv1m_firmwareqcs8550_firmwaresd835qfw7124_firmwareqca6436_firmwaresnapdragon_x35_5g_firmwareqcs4490_firmwarewcn3910_firmwaresnapdragon_7c\+_gen_3_compute_firmwaresm4125_firmwaresm8635psnapdragon_680_4gwcn3910snapdragon_212_firmwarewcd9370_firmwareqca9367snapdragon_8_gen_2snapdragon_480\+_5g_firmwareqcc2076snapdragon_835_pc_firmwarewcn3660bqca6574asa7255p_firmwarewcn3620_firmwareqca6174asnapdragon_695_5g_firmwaresa8195pwcd9340qcs8250_firmwareqcm2290talynplussnapdragon_auto_5g_modem-rf_gen_2qcm6490sa8540p_firmwaresxr2250psm8550p_firmwareqcm8550wcn3988snapdragon_x55_5g_firmwaresm6370_firmwareqcn9274qcn9024sa8775pqca6574sxr2230p_firmwareqca6777aq_firmwaresa8775p_firmwareqamsrv1hsmart_audio_400qcn9024_firmwarewsa8845hwcd9326sa6150pqcs410qcm2290_firmwaresm8650qsa8155p_firmwareqca6564asa8155pwsa8830snapdragon_870_5g_firmwaresm8550psa6145psnapdragon_x65_5g_firmwaresm7675_firmwaresa8255p_firmwaresnapdragon_888\+_5gsnapdragon_x75_5gqcc2073ar8035sm7635_firmwaremsm8996auqamsrv1m_firmwareqca6564sa8650p_firmwaresa6155wcn3620snapdragon_x72_5g_firmwaresrv1l_firmwareqcs9100_firmwareqcn6224qcs615snapdragon_782gqca6698aqwcn3950_firmwaresa7775p_firmwaresm7635sa8530p_firmwarefastconnect_6200sm7325p_firmwaresa8145p_firmwarewcd9378snapdragon_210_firmwaresm8635p_firmwaresa8150p_firmwarefastconnect_6700_firmwarevideo_collaboration_vc3_platform_firmwarewcn3990snapdragon_778g_5g_firmwaresnapdragon_780g_5gqcs6490qcs8250snapdragon_210snapdragon_x5_lte_firmwarefastconnect_6200_firmwaresnapdragon_778g\+_5gwsa8830_firmwareqcn6224_firmwareqca6678aq_firmwarewsa8845_firmwaresd660_firmwarewsa8832sdx61_firmwarewcd9378_firmwareqcc2076_firmwaresrv1lsxr2130_firmwaresrv1msm7675pqca6678aqar8035_firmwaresnapdragon_680_4g_firmwareqca6320sa4150p_firmwaresd888_firmwareqca6564auqcs6125_firmwaresm4635snapdragon_460wsa8815_firmwaresnapdragon_865_5gsa8195p_firmwareqca8337_firmwareqcm4290snapdragon_480_5g_firmwaresnapdragon_4_gen_1_firmwaresnapdragon_xr2\+_gen_1sg8275p_firmwareqca9377_firmwaresnapdragon_x62_5gqcm6490_firmwaresnapdragon_685_4gsm4635_firmwaresm4125205_firmwarewcn3950qcs6125qca6797aq_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_7c\+_gen_3_computetalynplus_firmwaresa8295p_firmwaresmart_audio_400_firmwaresnapdragon_460_firmwaresa4155p_firmwaresa8155qcn6274_firmwaresd888qca6320_firmwareqca6584auwcn6755_firmwaresw5100_firmwarewcn6740wcn6650_firmwareqca6310_firmwarefastconnect_6800qfw7114_firmwaresnapdragon_662qcs7230qca6595_firmwaresnapdragon_x5_ltefastconnect_7800_firmwaresm8635_firmwarefastconnect_6900_firmwareapq8017_firmwarewcd9380sa6145p_firmwareqam8255psxr2230psa6155_firmwaresnapdragon_xr2_5gsa8150psxr2330pwcn6755snapdragon_888_5g_firmwaresnapdragon_835_pcsnapdragon_8\+_gen_2_firmwaremsm8996au_firmwaresnapdragon_auto_5g_modem-rf_firmwaresm6650sw5100video_collaboration_vc3_platformqca6688aqqam8295p_firmwaresnapdragon_8_gen_1_firmwarewcn3990_firmwaresm7315qca6175a_firmwareqca6698aq_firmwareqcs2290qca6564a_firmwarewcd9385qcs2290_firmwaresnapdragon_xr2\+_gen_1_firmwareqca9367_firmwarewcn3610_firmwaresnapdragon_8_gen_1sa8255pqcs7230_firmwareqcs4290wcd9390_firmwaresnapdragon_x62_5g_firmwaresnapdragon_8_gen_3qep8111_firmwareqcs615_firmwaresg8275psnapdragon_782g_firmwaresnapdragon_x55_5gsnapdragon_auto_5g_modem-rfqca6554a_firmwaresxr2130snapdragon_4_gen_1snapdragon_870_5gcsra6640_firmwareqamsrv1msnapdragon_480\+_5gqca6174a_firmwaresnapdragon_685_4g_firmwaresm7325pqam8650p_firmwarevideo_collaboration_vc5_platformqcs6490_firmwaresm6650_firmwaresnapdragon_480_5gwcn3980_firmwareqam8620pmdm9640qca6436wcd9335_firmwaresdm429wwsa8835wsa8840_firmwareqca6391_firmwareqca6584au_firmwareqcn6274qfw7124qca6595au_firmwareqcs8300_firmwaresw5100p_firmwareqca6696_firmwareqcs4290_firmwareqcs8300wcd9380_firmwareqca6574_firmwarewsa8815sd660csra6620mdm9628qca8081sg4150pqam8775pqca9377snapdragon_ar2_gen_1_firmwaresd_8_gen1_5gqca6797aqmdm9628_firmwaresnapdragon_x35_5gsa8620psnapdragon_660qca6574a_firmwareqcm4290_firmwaresnapdragon_8\+_gen_1_firmwareqca6175asd_8_gen1_5g_firmwareqca6787aq_firmwarewcd9375_firmwareqca6391snapdragon_x75_5g_firmwaresa7775psnapdragon_8_gen_3_firmwareqcn9274_firmwareqcs5430_firmwaresg4150p_firmwaresnapdragon_780g_5g_firmwaresa8770p_firmwarecsra6620_firmwaresa8295pqcs8550fastconnect_7800sa8650pqam8775p_firmwaresd865_5g_firmwaresnapdragon_xr1wcd9375qca6688aq_firmwaresnapdragon_ar2_gen_1wcn3988_firmwareqamsrv1h_firmwaresm7675sa8145psnapdragon_212wsa8835_firmwarewcn3980sm7675p_firmwaresnapdragon_w5\+_gen_1_wearableqcs610Snapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-51888
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.88% / 75.53%
||
7 Day CHG~0.00%
Published-24 Jan, 2024 | 00:00
Updated-05 Sep, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in the nomath() function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL.

Action-Not Available
Vendor-ctann/a
Product-mathtexn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-50991
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-12.94% / 94.14%
||
7 Day CHG~0.00%
Published-05 Jan, 2024 | 00:00
Updated-13 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-i29_firmwarei29n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-5412
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-7.5||HIGH
EPSS-0.80% / 74.26%
||
7 Day CHG~0.00%
Published-03 Sep, 2024 | 01:18
Updated-24 Feb, 2026 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-dx4510-b0_firmwareex5601-t1_firmwareex5512-t0vmg4005-b50aex5510-b0vmg3927-t50k_firmwareax7501-b0_firmwareax7501-b1_firmwarenebula_fwa510_firmwarenr7103_firmwareex7501-b0_firmwaredx3300-t1_firmwarenebula_lte3301-pluspm5100-t0_firmwarenr5103ev2vmg3625-t50bnr5307ax7501-b0vmg3927-t50kpx3321-t1ex5401-b0_firmwaredx5401-b0ex7710-b0_firmwarenebula_fwa505_firmwareex3501-t0_firmwarewx3401-b0dx4510-b0nebula_fwa505nebula_lte3301-plus_firmwarepm7300-t0_firmwarevmg4005-b60a_firmwareemg3525-t50b_firmwarepm3100-t0dx5401-b0_firmwareex5401-b0vmg8825-t50kscr50axe_firmwaredx5401-b1nr7302_firmwareex5401-b1_firmwareemg3525-t50bemg5723-t50kex5510-b0_firmwarewx3100-t0dx5401-b1_firmwareex5601-t1nr5103ev2_firmwarenr7303nr7302wx3401-b0_firmwarepm7300-t0nr7501_firmwarenr5103_firmwareemg5723-t50k_firmwarevmg8623-t50b_firmwarenebula_fwa710_firmwareex3301-t0ex3510-b0dx3301-t0ex7501-b0wx5600-t0_firmwareex5401-b1nr5103ex3500-t0ex3300-t1_firmwarescr_50axedx3301-t0_firmwareex3500-t0_firmwarevmg8825-t50k_firmwarevmg3625-t50b_firmwarenr7303_firmwarevmg8623-t50bvmg4005-b50a_firmwareex5601-t0_firmwareex3301-t0_firmwarenebula_fwa710vmg4005-b60adx3300-t0ex5601-t0nr5307_firmwaredx3300-t1ex3510-b0_firmwareex7710-b0wx3100-t0_firmwareex3300-t0ex3300-t1nebula_fwa510wx5600-t0pm5100-t0ex5512-t0_firmwarenr7501ex3300-t0_firmwareemg5523-t50b_firmwarepx3321-t1_firmwarenr7103ex3501-t0ax7501-b1dx3300-t0_firmwareemg5523-t50bpm3100-t0_firmwareVMG8825-T50K firmwarevmg8825-t50k_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-51886
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.67% / 71.61%
||
7 Day CHG~0.00%
Published-24 Jan, 2024 | 00:00
Updated-30 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in the main() function in Mathtex 1.05 and before allows a remote attacker to cause a denial of service when using \convertpath.

Action-Not Available
Vendor-ctann/a
Product-mathtexn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-46847
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.6||HIGH
EPSS-38.21% / 97.28%
||
7 Day CHG~0.00%
Published-03 Nov, 2023 | 07:58
Updated-25 Feb, 2026 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Squid: denial of service in http digest authentication

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

Action-Not Available
Vendor-Red Hat, Inc.Squid Cache
Product-enterprise_linux_serversquidenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_for_ibm_z_systemsenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_for_power_little_endianenterprise_linux_for_arm_64Red Hat Enterprise Linux 7.7 Advanced Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 6 Extended Lifecycle SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.1 Update Services for SAP SolutionsRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 9.0 Extended Update SupportRed Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 9
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-46566
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.62% / 70.35%
||
7 Day CHG~0.00%
Published-29 Apr, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory class.

Action-Not Available
Vendor-n/amsoulier
Product-n/atftpy
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-47347
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.04%
||
7 Day CHG~0.00%
Published-15 Nov, 2023 | 00:00
Updated-29 Aug, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP messages whose Sequence Number is mutated to overflow bytes.

Action-Not Available
Vendor-free5gcn/a
Product-free5gcn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-58108
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-4.6||MEDIUM
EPSS-0.04% / 13.48%
||
7 Day CHG-0.09%
Published-07 Apr, 2025 | 03:34
Updated-07 May, 2025 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-54105
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.1||MEDIUM
EPSS-0.10% / 28.11%
||
7 Day CHG~0.00%
Published-12 Dec, 2024 | 11:59
Updated-12 Dec, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-47307
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.66%
||
7 Day CHG~0.00%
Published-30 Nov, 2023 | 00:00
Updated-02 Aug, 2024 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 allows attackers to cause a denial of service via the ApCliAuthMode parameter.

Action-Not Available
Vendor-szlbtn/a
Product-lbt-t300-t310lbt-t300-t310_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-47345
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 47.95%
||
7 Day CHG~0.00%
Published-15 Nov, 2023 | 00:00
Updated-29 Aug, 2024 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is mutated to zero.

Action-Not Available
Vendor-free5gcn/a
Product-free5gcn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-47346
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.12%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 00:00
Updated-03 Sep, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted PFCP messages.

Action-Not Available
Vendor-free5gcn/a
Product-upffree5gcsmfn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-47091
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.13%
||
7 Day CHG~0.00%
Published-25 Dec, 2023 | 00:00
Updated-23 Apr, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through 4.6.9 before 4.6.10, and SNS 4.7.0 through 4.7.1 before 4.7.2. An attacker can overflow the cookie threshold, making an IPsec connection impossible.

Action-Not Available
Vendor-stormshieldn/a
Product-stormshield_network_securityn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-45463
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.52%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 00:00
Updated-15 Oct, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aNetis Systems Co., Ltd.
Product-n3mn3m_firmwaren/an3m_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-46283
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.05%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 11:27
Updated-14 Jan, 2025 | 10:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.

Action-Not Available
Vendor-Siemens AG
Product-sinumerik_integrate_runmyhmi_\/automotiveopcenter_qualitysimatic_pcs_neototally_integrated_automation_portalSIMATIC PCS neoTotally Integrated Automation Portal (TIA Portal) V18Opcenter Execution FoundationOpcenter QualityTotally Integrated Automation Portal (TIA Portal) V17Totally Integrated Automation Portal (TIA Portal) V16Totally Integrated Automation Portal (TIA Portal) V14Totally Integrated Automation Portal (TIA Portal) V15.1SINEC NMS
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-45464
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.21%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 00:00
Updated-18 Sep, 2024 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the servDomain parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aNetis Systems Co., Ltd.
Product-n3mn3m_firmwaren/an3m
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-45468
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.21%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 00:00
Updated-17 Sep, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aNetis Systems Co., Ltd.
Product-n3mn3m_firmwaren/an3m
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-46060
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.29% / 79.82%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 00:00
Updated-27 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Buffer Overflow vulnerability in Tenda AC500 v.2.0.1.9 allows a remote attacker to cause a denial of service via the port parameter at the goform/setVlanInfo component.

Action-Not Available
Vendor-n/aTenda Technology Co., Ltd.
Product-n/aac500
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-46284
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.05%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 11:27
Updated-25 Feb, 2026 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.

Action-Not Available
Vendor-Siemens AG
Product-sinumerik_integrate_runmyhmi_\/automotiveopcenter_qualitysimatic_pcs_neototally_integrated_automation_portalOpcenter Execution FoundationTotally Integrated Automation Portal (TIA Portal) V15.1Totally Integrated Automation Portal (TIA Portal) V16SIMATIC PCS neoTotally Integrated Automation Portal (TIA Portal) V18Totally Integrated Automation Portal (TIA Portal) V17Totally Integrated Automation Portal (TIA Portal) V14SINEC NMSOpcenter Quality
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-44838
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.84%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the TXPower parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/adir-823g-firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-44836
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.84%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/adir-823g_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-44833
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.84%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the GuardInt parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/adir-823g_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-44834
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.84%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the StartTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/adir-823g_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-44831
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 65.96%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Type parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/adir-823g_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-4452
Matching Score-4
Assigner-Moxa Inc.
ShareView Details
Matching Score-4
Assigner-Moxa Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 18.59%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 14:24
Updated-06 Sep, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Web Server Buffer Overflow Vulnerability

A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot.

Action-Not Available
Vendor-Moxa Inc.
Product-edr-g902-tedr-g903_firmwareedr-g902-t_firmwareedr-810-vpn-2gsfp-t_firmwareedr-810-2gsfp-t_firmwareedr-810-2gsfp-tedr-810-2gsfpedr-g903edr-810-vpn-2gsfp_firmwareedr-810-vpn-2gsfp-tedr-g902edr-810-vpn-2gsfpedr-g903-tedr-g902_firmwareedr-810-2gsfp_firmwareedr-g903-t_firmwareEDR G903 Series EDR-810 Series EDR G902 Series
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-44837
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.84%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Password parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/adir-823g_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-44828
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.84%
||
7 Day CHG~0.00%
Published-05 Oct, 2023 | 00:00
Updated-19 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the CurrentPassword parameter in the CheckPasswdSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-823gdir-823g_firmwaren/adir-823g_firmware
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 9
  • 10
  • Next
Details not found