Vulnerabilities > Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

DATE CVE VULNERABILITY TITLE RISK
2016-12-14 CVE-2016-9034 Classic Buffer Overflow vulnerability in Joyent Smartos 20120614/20161110T013148Z
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system.
local
high complexity
joyent CWE-120
7.0
2016-12-14 CVE-2016-9033 Classic Buffer Overflow vulnerability in Joyent Smartos 20161110T013148Z
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system.
local
high complexity
joyent CWE-120
7.0
2016-12-14 CVE-2016-9032 Classic Buffer Overflow vulnerability in Joyent Smartos 20161110T013148Z
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system.
local
high complexity
joyent CWE-120
7.0
2016-12-10 CVE-2016-7422 Classic Buffer Overflow vulnerability in multiple products
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.
local
low complexity
qemu opensuse redhat CWE-120
6.0
2016-12-10 CVE-2016-6834 Classic Buffer Overflow vulnerability in multiple products
The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the current fragment length.
local
low complexity
qemu debian CWE-120
4.4
2016-12-10 CVE-2016-6490 Classic Buffer Overflow vulnerability in Qemu
The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer.
local
low complexity
qemu CWE-120
4.4
2016-11-04 CVE-2016-8668 Classic Buffer Overflow vulnerability in multiple products
The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging failure to limit DMA buffer size.
local
low complexity
qemu opensuse CWE-120
2.1
2016-10-10 CVE-2016-5343 Classic Buffer Overflow vulnerability in Linux Kernel
drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write request, as demonstrated by a voice_svc_send_req buffer overflow.
network
low complexity
linux CWE-120
7.5
2016-09-26 CVE-2016-4303 Classic Buffer Overflow vulnerability in multiple products
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.
network
low complexity
iperf3-project novell opensuse debian CWE-120
7.5
2016-08-18 CVE-2016-6366 Classic Buffer Overflow vulnerability in Cisco products
Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.
network
low complexity
cisco CWE-120
8.8