Vulnerabilities > Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-04 | CVE-2024-38409 | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption while station LL statistic handling. | 7.8 |
| 2024-11-04 | CVE-2024-38423 | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption while processing GPU page table switch. | 7.8 |
| 2024-10-31 | CVE-2024-10559 | Classic Buffer Overflow vulnerability in Razormist Airport Booking Management System 1.0 A vulnerability was found in SourceCodester Airport Booking Management System 1.0 and classified as critical. | 7.8 |
| 2024-10-28 | CVE-2024-44144 | Classic Buffer Overflow vulnerability in Apple products A buffer overflow was addressed with improved size validation. | 5.5 |
| 2024-10-25 | CVE-2024-10371 | Classic Buffer Overflow vulnerability in Razormist Payroll Management System 1.0 A vulnerability classified as critical has been found in SourceCodester Payroll Management System 1.0. | 9.8 |
| 2024-10-21 | CVE-2022-48948 | Classic Buffer Overflow vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Prevent buffer overflow in setup handler Setup function uvc_function_setup permits control transfer requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE), data stage handler for OUT transfer uses memcpy to copy req->actual bytes to uvc_event->data.data array of size 60. | 7.8 |
| 2024-10-21 | CVE-2022-49023 | Classic Buffer Overflow vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix buffer overflow in elem comparison For vendor elements, the code here assumes that 5 octets are present without checking. | 7.8 |
| 2024-10-21 | CVE-2024-49869 | Classic Buffer Overflow vulnerability in Linux Kernel 6.11 In the Linux kernel, the following vulnerability has been resolved: btrfs: send: fix buffer overflow detection when copying path to cache entry Starting with commit c0247d289e73 ("btrfs: send: annotate struct name_cache_entry with __counted_by()") we annotated the variable length array "name" from the name_cache_entry structure with __counted_by() to improve overflow detection. | 7.8 |
| 2024-10-21 | CVE-2024-49996 | Classic Buffer Overflow vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: cifs: Fix buffer overflow when parsing NFS reparse points ReparseDataLength is sum of the InodeType size and DataBuffer size. So to get DataBuffer size it is needed to subtract InodeType's size from ReparseDataLength. Function cifs_strndup_from_utf16() is currentlly accessing buf->DataBuffer at position after the end of the buffer because it does not subtract InodeType size from the length. | 7.8 |
| 2024-10-21 | CVE-2024-47751 | Classic Buffer Overflow vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() Within kirin_pcie_parse_port(), the pcie->num_slots is compared to pcie->gpio_id_reset size (MAX_PCI_SLOTS) which is correct and would lead to an overflow. Thus, fix condition to pcie->num_slots + 1 >= MAX_PCI_SLOTS and move pcie->num_slots increment below the if-statement to avoid out-of-bounds array access. Found by Linux Verification Center (linuxtesting.org) with SVACE. [kwilczynski: commit log] | 7.8 |