Vulnerabilities (CVE)

Filtered by CWE-120
Total 710 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-6352 2025-01-13 N/A 4.3 MEDIUM
A malformed packet can cause a buffer overflow in the APS layer of the Ember ZNet stack and lead to an assert
CVE-2024-6350 2025-01-08 N/A 6.5 MEDIUM
A malformed 802.15.4 packet causes a buffer overflow to occur leading to an assert and a denial of service. A watchdog reset clears the error condition automatically.
CVE-2022-48439 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-01-07 N/A 4.4 MEDIUM
In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
CVE-2024-47864 2024-12-23 N/A 5.3 MEDIUM
home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerability in the hidden debug function. A remote unauthenticated attacker may get the web console of the product down.
CVE-2024-32664 1 Oisf 1 Suricata 2024-12-19 N/A 5.3 MEDIUM
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false.
CVE-2020-6923 2024-12-19 N/A 5.7 MEDIUM
The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow.
CVE-2017-13308 1 Google 1 Android 2024-12-19 N/A 6.7 MEDIUM
In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2018-9386 1 Google 1 Android 2024-12-19 N/A 6.7 MEDIUM
In reboot_block_command of htc reboot_block driver, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2018-9403 1 Google 1 Android 2024-12-19 N/A 6.7 MEDIUM
In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_- interface.c, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege in a privileged process with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-40659 1 Google 1 Android 2024-12-17 N/A 5.5 MEDIUM
In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-31670 2024-12-13 N/A 6.3 MEDIUM
rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf functions in librz/bin/format/mach0/dyldcache.c.
CVE-2024-6343 1 Zyxel 16 Atp100, Atp100w, Atp200 and 13 more 2024-12-13 N/A 4.9 MEDIUM
A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.
CVE-2024-54105 1 Huawei 1 Harmonyos 2024-12-12 N/A 5.1 MEDIUM
Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-44157 1 Apple 2 Apple Tv, Itunes 2024-12-12 N/A 5.5 MEDIUM
A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination.
CVE-2022-29974 2024-12-12 N/A 4.3 MEDIUM
AMI (aka American Megatrends) NTFS driver 1.0.0 (fixed in late 2021 or early 2022) has a buffer overflow. This driver is, for example, used in certain ASUS devices.
CVE-2024-46657 2024-12-11 N/A 5.5 MEDIUM
Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2024-44160 1 Apple 1 Macos 2024-12-11 N/A 5.5 MEDIUM
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination.
CVE-2024-12354 1 Razormist 1 Phone Contact Manager System 2024-12-10 4.3 MEDIUM 5.3 MEDIUM
A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. Affected is the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVE-2024-12343 1 Tp-link 2 Vn020 F3v, Vn020 F3v Firmware 2024-12-10 6.1 MEDIUM 6.5 MEDIUM
A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used.
CVE-2024-40536 2024-12-06 N/A 5.3 MEDIUM
Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 were discovered to contain a stack overflow via the pin_3g_code parameter in the config_3g_para function.