Software vulnerabilites are bugs , defect or backdoors which can be exploited to gain control over system or destroy data.
Buffer overflow happens when data in buffer overlaps certain parts of buffer and it is executed to give us control of system. Old languages such as c, c++ are highly vulnerable to this attack whereas mordern languages such as python and java hav prebuilt immunity to this attack.
It occurs when string submitted as data is evaluated as a command by application. This can give attacker ability to run and execute code , read database and cause segmentation fault.
Cross site scripting or XSS attack are type of injection attacks. Malicious script can access cookies , session token and sensitive information. This script are injected into trusted website. This can be done by adding script in query string.
SQL injection is software vulnerability which allows users to pass command as string which runs on system. This gives attacker access to databasse and can destroy it. To prevent this , input from user should always be pass as string and not straight command.