Vulnerabilities (CVE)

Filtered by CWE-120
Total 2085 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-20723 1 Adobe 1 Substance 3d Painter 2024-02-16 N/A 7.8 HIGH
Substance3D - Painter versions 9.1.1 and earlier are affected by a Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-46847 2 Redhat, Squid-cache 10 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Arm 64 and 7 more 2024-02-16 N/A 7.5 HIGH
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
CVE-2001-0191 2 Andynorman, Gnu 2 Gnuserv, Xemacs 2024-02-14 10.0 HIGH N/A
gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length.
CVE-2021-46064 1 Irfanview 1 Irfanview 2024-02-14 6.8 MEDIUM 7.8 HIGH
IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit version of the binary). The vulnerability triggers when the user opens malicious .tiff image.
CVE-2022-30024 1 Tp-link 6 Tl-wr841, Tl-wr841 Firmware, Tl-wr841n and 3 more 2024-02-14 N/A 8.8 HIGH
A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. This affects TL-WR841 V12 TL-WR841N(EU)_V12_160624 and TL-WR841 V11 TL-WR841N(EU)_V11_160325 , TL-WR841N_V11_150616 and TL-WR841 V10 TL-WR841N_V10_150310 are also affected.
CVE-2021-45757 1 Asus 2 Rt-ac68u, Rt-ac68u Firmware 2024-02-14 7.8 HIGH 7.5 HIGH
ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blocking.cgi, which may cause a denial of service (DoS).
CVE-2021-45756 1 Asus 4 Rt-ac5300, Rt-ac5300 Firmware, Rt-ac68u and 1 more 2024-02-14 7.5 HIGH 9.8 CRITICAL
Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are affected by a buffer overflow in blocking_request.cgi.
CVE-2010-5333 2 Integard Home Project, Integard Pro Project 2 Integard Home, Integard Pro 2024-02-14 7.5 HIGH 9.8 CRITICAL
The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. An SEH-overwrite buffer overflow already existed for the vulnerable software. This CVE is to track an alternate exploitation method, utilizing an EIP-overwrite buffer overflow.
CVE-2023-46284 1 Siemens 4 Opcenter Quality, Simatic Pcs Neo, Sinumerik Integrate Runmyhmi \/automotive and 1 more 2024-02-13 N/A 7.5 HIGH
A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.
CVE-2023-46283 1 Siemens 4 Opcenter Quality, Simatic Pcs Neo, Sinumerik Integrate Runmyhmi \/automotive and 1 more 2024-02-13 N/A 7.5 HIGH
A vulnerability has been identified in Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 7), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.
CVE-2024-0338 1 Apachefriends 1 Xampp 2024-02-09 N/A 9.8 CRITICAL
A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH).
CVE-2000-1094 1 Aol 1 Aim 2024-02-09 7.5 HIGH N/A
Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument.
CVE-1999-0046 10 Bsdi, Debian, Digital and 7 more 10 Bsd Os, Debian Linux, Ultrix and 7 more 2024-02-09 10.0 HIGH N/A
Buffer overflow of rlogin program using TERM environmental variable.
CVE-2002-1337 7 Gentoo, Hp, Netbsd and 4 more 9 Linux, Alphaserver Sc, Hp-ux and 6 more 2024-02-09 10.0 HIGH N/A
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
CVE-2003-0595 1 Terascript 1 Wintango Application Server 2024-02-09 7.5 HIGH N/A
Buffer overflow in WiTango Application Server and Tango 2000 allows remote attackers to execute arbitrary code via a long cookie to Witango_UserReference.
CVE-2023-33077 1 Qualcomm 192 Aqt1000, Aqt1000 Firmware, Ar8035 and 189 more 2024-02-08 N/A 7.8 HIGH
Memory corruption in HLOS while converting from authorization token to HIDL vector.
CVE-2023-33072 1 Qualcomm 490 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 487 more 2024-02-08 N/A 7.8 HIGH
Memory corruption in Core while processing control functions.
CVE-2023-33069 1 Qualcomm 226 9206 Lte Modem, 9206 Lte Modem Firmware, Aqt1000 and 223 more 2024-02-08 N/A 7.8 HIGH
Memory corruption in Audio while processing the calibration data returned from ACDB loader.
CVE-2023-33068 1 Qualcomm 226 9206 Lte Modem, 9206 Lte Modem Firmware, Aqt1000 and 223 more 2024-02-08 N/A 7.8 HIGH
Memory corruption in Audio while processing IIR config data from AFE calibration block.
CVE-2023-43519 1 Qualcomm 268 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 265 more 2024-02-08 N/A 9.8 CRITICAL
Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size.