CWE-120 · Buffer Copy without Checking Size of Input (Classic Buffer Overflow)
4276 CVEs classified under CWE-120 (Buffer Copy without Checking Size of Input (Classic Buffer Overflow)). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-4689 | Critical | 10.0 | 2026-03-24 | Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34… |
CVE-2025-48611 | Critical | 10.0 | 2026-03-10 | In DeviceId of DeviceId.java, there is a possible desync in persistence due to a missing bounds check. This could lead to local escalation of privilege with no… |
CVE-2024-36290 | Critical | 10.0 | 2025-01-14 | A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can l… |
CVE-2024-25139 | Critical | 10.0 | 2024-03-14 | In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After h… |
CVE-2024-22039 | Critical | 10.0 | 2024-03-12 | A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x IP6 (All versions < IP6 SR3), Ce… |
CVE-2024-23621 | Critical | 10.0 | 2024-01-26 | A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve… |
CVE-2024-23616 | Critical | 10.0 | 2024-01-26 | A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability… |
CVE-2024-23615 | Critical | 10.0 | 2024-01-26 | A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to a… |
CVE-2024-23614 | Critical | 10.0 | 2024-01-26 | A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to ac… |
CVE-2024-23613 | Critical | 10.0 | 2024-01-26 | A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit… |
CVE-2023-1424 | Critical | 10.0 | 2023-05-24 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELS… |
CVE-2021-33975 | Critical | 10.0 | 2023-04-19 | Buffer Overflow vulnerability in Qihoo 360 Total Security v10.8.0.1060 and v10.8.0.1213 allows attacker to escalate privileges. |
CVE-2021-33972 | Critical | 10.0 | 2023-04-19 | Buffer Overflow vulnerability in Qihoo 360 Safe Browser v13.0.2170.0 allows attacker to escalate priveleges. |
CVE-2023-24482 | Critical | 10.0 | 2023-02-14 | A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33)… |
CVE-2022-32548 | Critical | 10.0 | 2022-08-29 | An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via t… |
CVE-2022-22683 | Critical | 10.0 | 2022-07-28 | Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote… |
CVE-2022-31481 | Critical | 10.0 | 2022-06-06 | An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID… |
CVE-2022-22570 | Critical | 10.0 | 2022-04-01 | A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who ha… |
CVE-2017-16740 | Critical | 10.0 | 2018-01-09 | A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The stack-… |
CVE-2025-20333 | Critical | 9.9 | 2025-09-25 | A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Softwa… |