Vulnerabilities > Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-42547 Classic Buffer Overflow vulnerability in Totolink A3100R Firmware 4.1.2Cu.5050B20200504
TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.
network
low complexity
totolink CWE-120
critical
 9.8
9.8
2024-08-12 CVE-2024-42543 Classic Buffer Overflow vulnerability in Totolink A3700R Firmware 9.1.2U.5822B20200513
TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host parameter in the loginauth function.
network
low complexity
totolink CWE-120
critical
 9.8
9.8
2024-08-12 CVE-2024-42545 Classic Buffer Overflow vulnerability in Totolink A3700R Firmware 9.1.2U.5822B20200513
TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in setWizardCfg function.
network
low complexity
totolink CWE-120
critical
 9.8
9.8
2024-08-12 CVE-2024-42520 Classic Buffer Overflow vulnerability in Totolink A3002R Firmware 4.0.0B20230531.1404
TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formParentControl.
network
low complexity
totolink CWE-120
critical
 9.8
9.8
2024-08-08 CVE-2024-7490 Classic Buffer Overflow vulnerability in Microchip Advanced Software Framework
Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwip_dhcp_find_option. This issue affects Advanced Software Framework: through 3.52.0.2574. ASF is no longer being supported.
network
low complexity
microchip CWE-120
critical
 9.8
9.8
2024-08-07 CVE-2024-20450 Classic Buffer Overflow vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow.
network
low complexity
cisco CWE-120
critical
 9.8
9.8
2024-08-07 CVE-2024-20454 Classic Buffer Overflow vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow.
network
low complexity
cisco CWE-120
critical
 9.8
9.8
2024-08-07 CVE-2024-7584 Classic Buffer Overflow vulnerability in Tenda I22 Firmware 1.0.0.3(4687)
A vulnerability, which was classified as critical, was found in Tenda i22 1.0.0.3(4687).
network
low complexity
tenda CWE-120
critical
 9.8
9.8
2024-08-07 CVE-2024-7585 Classic Buffer Overflow vulnerability in Tenda I22 Firmware 1.0.0.3(4687)
A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as critical.
network
low complexity
tenda CWE-120
critical
 9.8
9.8
2024-08-07 CVE-2024-42238 Classic Buffer Overflow vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Return error if block header overflows file Return an error from cs_dsp_power_up() if a block header is longer than the amount of data left in the file. The previous code in cs_dsp_load() and cs_dsp_load_coeff() would loop while there was enough data left in the file for a valid region.
local
low complexity
linux CWE-120
5.5
5.5