Vulnerabilities (CVE)

Filtered by CWE-120
Total 819 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6994 1 Belden 14 Hirschmann Eagle20, Hirschmann Eagle30, Hirschmann Embedded Ethernet Switch and 11 more 2021-06-17 7.5 HIGH 9.8 CRITICAL
A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30.
CVE-2021-0101 1 Intel 2 Efi Bios 7215, Server Board M10jnp2sb 2021-06-17 5.8 MEDIUM 8.8 HIGH
Buffer overflow in the BMC firmware for Intel(R) Server BoardM10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable an escalation of privilege via adjacent access.
CVE-2021-30475 2 Aomedia, Fedoraproject 2 Aomedia, Fedora 2021-06-17 7.5 HIGH 9.8 CRITICAL
aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.
CVE-2021-25408 2 Google, Samsung 5 Android, Exynos 2100, Exynos 980 and 2 more 2021-06-16 4.6 MEDIUM 7.8 HIGH
A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution.
CVE-2021-20699 1 Sharp-nec-display 42 C651q, C651q Firmware, C751q and 39 more 2021-06-16 10.0 HIGH 9.8 CRITICAL
Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UN552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V964Q R2.000 and prior to it, C961Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it) allows an attacker a buffer overflow and to execute remote code by sending long parameters that contains specific characters in http request.
CVE-2021-25383 1 Google 1 Android 2021-06-16 7.5 HIGH 9.8 CRITICAL
An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
CVE-2020-11182 1 Qualcomm 536 Aqt1000, Aqt1000 Firmware, Pm3003a and 533 more 2021-06-15 10.0 HIGH 9.8 CRITICAL
Possible heap overflow while parsing NAL header due to lack of check of length of data received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2020-11165 1 Qualcomm 510 Aqt1000, Aqt1000 Firmware, Ar8035 and 507 more 2021-06-15 7.2 HIGH 7.8 HIGH
Memory corruption due to buffer overflow while copying the message provided by HLOS into buffer without validating the length of buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CVE-2021-25385 1 Google 1 Android 2021-06-15 7.5 HIGH 9.8 CRITICAL
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
CVE-2021-25386 1 Google 1 Android 2021-06-15 7.5 HIGH 9.8 CRITICAL
An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
CVE-2020-11292 1 Qualcomm 354 Apq8009, Apq8009 Firmware, Apq8009w and 351 more 2021-06-15 7.2 HIGH 7.8 HIGH
Possible buffer overflow in voice service due to lack of input validation of parameters in QMI Voice API in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2019-16746 1 Linux 1 Linux Kernel 2021-06-14 7.5 HIGH 9.8 CRITICAL
An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.
CVE-2020-26422 1 Wireshark 1 Wireshark 2021-06-14 5.0 MEDIUM 5.3 MEDIUM
Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file
CVE-2020-12723 5 Fedoraproject, Netapp, Opensuse and 2 more 6 Fedora, Oncommand Workflow Automation, Snap Creator Framework and 3 more 2021-06-14 5.0 MEDIUM 7.5 HIGH
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
CVE-2020-10188 1 Netkit Telnet Project 1 Netkit Telnet 2021-06-14 10.0 HIGH 9.8 CRITICAL
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.
CVE-2019-5063 1 Opencv 1 Opencv 2021-06-14 6.8 MEDIUM 8.8 HIGH
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability.
CVE-2019-17133 1 Linux 1 Linux Kernel 2021-06-14 7.5 HIGH 9.8 CRITICAL
In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.
CVE-2019-5064 1 Opencv 1 Opencv 2021-06-14 6.8 MEDIUM 8.8 HIGH
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.
CVE-2021-32625 2 Fedoraproject, Redislabs 2 Fedora, Redis 2021-06-14 6.5 MEDIUM 8.8 HIGH
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer (on 32-bit systems ONLY) can be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix for CVE-2021-29477 which only addresses the problem on 64-bit systems but fails to do that for 32-bit. 64-bit systems are not affected. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the `redis-server` executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command.
CVE-2009-0948 1 Apple 1 Files 2021-06-10 7.5 HIGH 9.8 CRITICAL
Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02.