Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-120
Total 1026 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-30934 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2022-01-22 9.3 HIGH 8.8 HIGH
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-23219 1 Gnu 1 Glibc 2022-01-21 7.5 HIGH 9.8 CRITICAL
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
CVE-2001-0554 9 Debian, Freebsd, Ibm and 6 more 11 Debian Linux, Freebsd, Aix and 8 more 2022-01-21 10.0 HIGH N/A
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
CVE-2022-23218 1 Gnu 1 Glibc 2022-01-20 7.5 HIGH 9.8 CRITICAL
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
CVE-2021-34979 1 Netgear 2 R6260, R6260 Firmware 2022-01-19 8.3 HIGH 8.8 HIGH
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13512.
CVE-2021-30308 1 Qualcomm 172 Aqt1000, Aqt1000 Firmware, Ar8035 and 169 more 2022-01-18 7.2 HIGH 7.8 HIGH
Possible buffer overflow while printing the HARQ memory partition detail due to improper validation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2020-27745 2 Debian, Schedmd 2 Debian Linux, Slurm 2022-01-17 6.8 MEDIUM 9.8 CRITICAL
Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.
CVE-2021-46225 1 Libmeshb Project 1 Libmeshb 2022-01-14 4.3 MEDIUM 6.5 MEDIUM
A buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allows attackers to cause a Denial of Service (DoS) via a crafted MESH file.
CVE-2021-40568 1 Gpac 1 Gpac 2022-01-14 6.8 MEDIUM 7.8 HIGH
A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.
CVE-2021-45856 1 Accu-time 2 Maximus, Maximus Firmware 2022-01-14 5.0 MEDIUM 7.5 HIGH
Accu-Time Systems MAXIMUS 1.0 telnet service suffers from a remote buffer overflow which causes the telnet service to crash
CVE-2021-45970 1 Insyde 1 Insydeh2o 2022-01-13 7.5 HIGH 9.8 CRITICAL
An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the status code saved at the CommBuffer+4 location).
CVE-2021-45969 1 Insyde 1 Insydeh2o 2022-01-13 7.5 HIGH 9.8 CRITICAL
An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the CommBuffer+8 location).
CVE-2021-45971 1 Insyde 1 Insydeh2o 2022-01-13 7.5 HIGH 9.8 CRITICAL
An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (CommBufferData).
CVE-2021-40035 1 Huawei 3 Emui, Harmonyos, Magic Ui 2022-01-13 5.0 MEDIUM 7.5 HIGH
There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.
CVE-2021-40029 1 Huawei 3 Emui, Harmonyos, Magic Ui 2022-01-13 5.0 MEDIUM 7.5 HIGH
There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability.
CVE-2021-45608 1 Netgear 6 D7800, D7800 Firmware, R6400v2 and 3 more 2022-01-12 7.5 HIGH 9.8 CRITICAL
Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. Remote code execution from the WAN interface (TCP port 20005) cannot be ruled out; however, exploitability was judged to be of "rather significant complexity" but not "impossible." The overflow is in SoftwareBus_dispatchNormalEPMsgOut in the KCodes NetUSB kernel module. Affected NETGEAR devices are D7800 before 1.0.1.68, R6400v2 before 1.0.4.122, and R6700v3 before 1.0.4.122.
CVE-2021-30268 1 Qualcomm 274 Apq8009w, Apq8009w Firmware, Apq8017 and 271 more 2022-01-12 7.2 HIGH 7.8 HIGH
Possible heap Memory Corruption Issue due to lack of input validation when sending HWTC IQ Capture command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2021-30303 1 Qualcomm 478 Apq8009, Apq8009 Firmware, Apq8017 and 475 more 2022-01-12 7.2 HIGH 7.8 HIGH
Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CVE-2021-30298 1 Qualcomm 122 Ar8031, Ar8031 Firmware, Ar8035 and 119 more 2022-01-12 4.6 MEDIUM 7.8 HIGH
Possible out of bound access due to improper validation of item size and DIAG memory pools data while switching between USB and PCIE interface in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CVE-2021-30351 1 Qualcomm 392 Apq8009, Apq8009 Firmware, Apq8009w and 389 more 2022-01-12 7.5 HIGH 9.8 CRITICAL
An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking