CWE-121— Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).— MITRE CWE catalog
3,263 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-121page 20 of 66
- CVE-2023-32141HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. A…
- CVE-2023-32142HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-1360 webproc var:page Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authenti…
- CVE-2023-32144HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-1360 webproc COMM_MakeCustomMsg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers…
- CVE-2023-32146HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authe…
- CVE-2023-32149HIGHCVSS 8.8EG 8.82024-05-03
D-Link DIR-2640 prog.cgi Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers.…
- CVE-2023-32971LOWCVSS 3.8EG 3.82023-10-06
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have…
- CVE-2023-32972LOWCVSS 3.8EG 3.82023-10-06
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have…
- CVE-2023-32973LOWCVSS 3.8EG 3.82023-10-13
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have…
- CVE-2023-33028CRITICALCVSS 9.8EG 9.82023-10-03
Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.
- CVE-2023-33218CRITICALCVSS 9.1EG 9.12023-12-15
The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. This could potentially lead to a Remote Code execution on the targeted device.
- CVE-2023-33219CRITICALCVSS 9.1EG 9.12023-12-15
The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the…
- CVE-2023-33220CRITICALCVSS 9.1EG 9.12023-12-15
During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on th…
- CVE-2023-33222MEDIUMCVSS 6.8EG 6.82023-12-15
When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could l…
- CVE-2023-33308CRITICALCVSS 9.8EG 9.82023-07-26
A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute …
- CVE-2023-34095CRITICALCVSS 9.8EG 9.82023-06-14
cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends (CPDB) project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of `scanf(3)`. cpdb-libs uses the `fscanf…
- CVE-2023-34285HIGHCVSS 8.8EG 8.82024-05-03
NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentic…
- CVE-2023-34287HIGHCVSS 7.8EG 7.82024-05-03
Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction …
- CVE-2023-34302HIGHCVSS 7.8EG 7.82024-05-03
Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction …
- CVE-2023-34306HIGHCVSS 8.8EG 7.82024-05-03
Ashlar-Vellum Graphite VC6 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interac…
- CVE-2023-34365CRITICALCVSS 9.8EG 9.82023-10-11
A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to tr…
- CVE-2023-34426CRITICALCVSS 9.8EG 9.82023-10-11
A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request …
- CVE-2023-34552HIGHCVSS 8.8EG 8.82023-08-01
In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the ca…
- CVE-2023-35012MEDIUMCVSS 6.7EG 6.72023-07-17
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow t…
- CVE-2023-35055HIGHCVSS 8.8EG 8.82023-10-11
A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerabili…
- CVE-2023-35056HIGHCVSS 8.8EG 8.82023-10-11
A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerabili…
- CVE-2023-35127HIGHCVSS 7.8EG 7.82023-11-22
Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V-Simulator parses a specially-crafted input file.
- CVE-2023-35322HIGHCVSS 8.8EG 8.82023-07-11
Windows Deployment Services Remote Code Execution Vulnerability
- CVE-2023-35355HIGHCVSS 7.8EG 7.82023-09-12
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
- CVE-2023-35634HIGHCVSS 8.0EG 8.02023-12-12
Windows Bluetooth Driver Remote Code Execution Vulnerability
- CVE-2023-35702HIGHCVSS 7.8EG 7.82024-01-08
Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigg…
- CVE-2023-35703HIGHCVSS 7.8EG 7.82024-01-08
Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigg…
- CVE-2023-35704HIGHCVSS 7.8EG 7.82024-01-08
Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigg…
- CVE-2023-35710HIGHCVSS 7.8EG 7.82024-05-03
Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to e…
- CVE-2023-35718HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-2622 DDP Change ID Password Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-26…
- CVE-2023-35725HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-262…
- CVE-2023-35726HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-262…
- CVE-2023-35727HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-2622 DDP Reboot Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. …
- CVE-2023-35728HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-2622 DDP Reboot Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. …
- CVE-2023-35729HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-2622 DDP Reset Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. A…
- CVE-2023-35730HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-2622 DDP Reset Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. A…
- CVE-2023-35731HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-2622 DDP Reset Factory Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 ro…
- CVE-2023-35732HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-2622 DDP Reset Factory Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 ro…
- CVE-2023-35733HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-2622 DDP Change ID Password Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-26…
- CVE-2023-35735HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-2622 DDP Change ID Password New Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-262…
- CVE-2023-35736HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-2622 DDP Change ID Password New Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-262…
- CVE-2023-35737HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-2622 DDP Configuration Backup Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-…
- CVE-2023-35738HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-2622 DDP Configuration Backup Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-…
- CVE-2023-35739HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-2622 DDP Configuration Backup Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Lin…
- CVE-2023-35740HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-2622 DDP Configuration Backup Server Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP…
- CVE-2023-35741HIGHCVSS 8.8EG 8.82024-05-03
D-Link DAP-2622 DDP Configuration Backup Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 …
Map vulnerabilities like CWE-121 to your infrastructure
EchelonGraph correlates every CVE — across CWE-121 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →