Vulnerabilities (CVE)

Filtered by CWE-120
Total 3585 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-4889 1 Fabian 1 Tourism Management System 2025-10-23 4.3 MEDIUM 5.3 MEDIUM
A vulnerability has been found in code-projects Tourism Management System 1.0 and classified as critical. This vulnerability affects the function AddUser of the component User Registration. The manipulation of the argument username/password leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
CVE-2023-41064 1 Apple 3 Ipados, Iphone Os, Macos 2025-10-23 N/A 7.8 HIGH
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2021-30983 1 Apple 2 Ipados, Iphone Os 2025-10-23 9.3 HIGH 7.8 HIGH
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to execute arbitrary code with kernel privileges.
CVE-2025-60343 2025-10-23 N/A 7.5 HIGH
Multiple buffer overflows in the AdvSetMacMtuWan function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the wanMTU, wanSpeed, cloneType, mac, serviceName, serverName, wanMTU2, wanSpeed2, cloneType2, mac2, serviceName2, and serverName2 parameters.
CVE-2013-1331 1 Microsoft 1 Office 2025-10-22 9.3 HIGH 7.8 HIGH
Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
CVE-2013-0641 7 Adobe, Apple, Linux and 4 more 12 Acrobat, Acrobat Reader, Mac Os X and 9 more 2025-10-22 9.3 HIGH 7.8 HIGH
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.
CVE-2010-2572 1 Microsoft 1 Powerpoint 2025-10-22 9.3 HIGH 7.8 HIGH
Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
CVE-2007-5659 1 Adobe 2 Acrobat, Acrobat Reader 2025-10-22 9.3 HIGH 7.8 HIGH
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.
CVE-2006-2492 1 Microsoft 2 Office, Works Suite 2025-10-22 7.6 HIGH 8.8 HIGH
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
CVE-2004-0210 1 Microsoft 3 Interix, Windows 2000, Windows Nt 2025-10-22 7.2 HIGH 7.8 HIGH
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
CVE-2020-5135 1 Sonicwall 2 Sonicos, Sonicosv 2025-10-22 7.5 HIGH 9.8 CRITICAL
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.
CVE-2020-15999 6 Debian, Fedoraproject, Freetype and 3 more 6 Debian Linux, Fedora, Freetype and 3 more 2025-10-22 4.3 MEDIUM 9.6 CRITICAL
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15069 1 Sophos 2 Xg Firewall, Xg Firewall Firmware 2025-10-22 7.5 HIGH 9.8 CRITICAL
Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless access. Hotfix HF062020.1 was published for all firewalls running v17.x.
CVE-2019-11043 6 Canonical, Debian, Fedoraproject and 3 more 23 Ubuntu Linux, Debian Linux, Fedora and 20 more 2025-10-22 7.5 HIGH 8.7 HIGH
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
CVE-2018-6789 3 Canonical, Debian, Exim 3 Ubuntu Linux, Debian Linux, Exim 2025-10-22 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
CVE-2017-7269 1 Microsoft 2 Internet Information Services, Windows Server 2003 2025-10-22 10.0 HIGH 9.8 CRITICAL
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
CVE-2017-6862 1 Netgear 6 Wnr2000v3, Wnr2000v3 Firmware, Wnr2000v4 and 3 more 2025-10-22 7.5 HIGH 9.8 CRITICAL
NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.
CVE-2016-6366 1 Cisco 45 7604, 7606-s, 7609-s and 42 more 2025-10-22 8.5 HIGH 8.8 HIGH
Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.
CVE-2016-10174 1 Netgear 56 D6100, D6100 Firmware, D7000 and 53 more 2025-10-22 10.0 HIGH 9.8 CRITICAL
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
CVE-2016-0099 1 Microsoft 7 Windows 10 1507, Windows 10 1511, Windows 7 and 4 more 2025-10-22 7.2 HIGH 7.8 HIGH
The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."