CWE-121— Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).— MITRE CWE catalog
3,265 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-121page 35 of 66
- CVE-2024-37047MEDIUMCVSS 6.5EG 6.52024-11-22
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute cod…
- CVE-2024-37049MEDIUMCVSS 6.5EG 6.52024-11-22
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute cod…
- CVE-2024-37050MEDIUMCVSS 6.5EG 6.52024-11-22
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute cod…
- CVE-2024-37600MEDIUMCVSS 6.8EG 6.82025-02-13
An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible stack buffer overflow in the Service Broker service affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of t…
- CVE-2024-37631HIGHCVSS 8.8EG 8.82024-06-13
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule.
- CVE-2024-37632CRITICALCVSS 9.8EG 6.52024-06-13
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth .
- CVE-2024-37633HIGHCVSS 8.8EG 8.82024-06-13
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiGuestCfg
- CVE-2024-37634CRITICALCVSS 9.8EG 9.82024-06-13
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg.
- CVE-2024-37635CRITICALCVSS 9.8EG 9.82024-06-13
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg
- CVE-2024-37639HIGHCVSS 8.8EG 8.82024-06-14
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules.
- CVE-2024-37640HIGHCVSS 8.8EG 8.82024-06-14
TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg.
- CVE-2024-37641HIGHCVSS 8.8EG 8.82024-06-14
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule
- CVE-2024-37643HIGHCVSS 8.8EG 8.82024-06-14
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth .
- CVE-2024-37645HIGHCVSS 8.8EG 8.82024-06-14
TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog .
- CVE-2024-37970HIGHCVSS 8.0EG 8.02024-07-09
Secure Boot Security Feature Bypass Vulnerability
- CVE-2024-37971HIGHCVSS 8.0EG 8.02024-07-09
Secure Boot Security Feature Bypass Vulnerability
- CVE-2024-37972HIGHCVSS 8.0EG 8.02024-07-09
Secure Boot Security Feature Bypass Vulnerability
- CVE-2024-37978HIGHCVSS 8.0EG 8.02024-07-09
Secure Boot Security Feature Bypass Vulnerability
- CVE-2024-37984HIGHCVSS 8.4EG 8.42024-07-09
Secure Boot Security Feature Bypass Vulnerability
- CVE-2024-37997HIGHCVSS 7.8EG 7.82024-07-09
A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (…
- CVE-2024-38246HIGHCVSS 7.0EG 7.02024-09-10
Win32k Elevation of Privilege Vulnerability
- CVE-2024-38309HIGHCVSS 7.8EG 7.82024-11-28
There are multiple stack-based buffer overflow vulnerabilities in V-SFT (v6.2.2.0 and earlier), TELLUS (v4.0.19.0 and earlier), and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclose…
- CVE-2024-38410HIGHCVSS 7.8EG 7.82024-11-04
Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.
- CVE-2024-38443MEDIUMCVSS 6.2EG 6.22024-06-16
C/sorting/binary_insertion_sort.c in The Algorithms - C through e5dad3f has a segmentation fault for deep recursion, which may affect common use cases such as sorting an array of 50 elements.
- CVE-2024-38509HIGHCVSS 7.2EG 7.22024-07-26
A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command.
- CVE-2024-38576HIGHCVSS 7.1EG 7.12024-06-19
In the Linux kernel, the following vulnerability has been resolved: rcu: Fix buffer overflow in print_cpu_stall_info() The rcuc-starvation output from print_cpu_stall_info() might overflow the buffer if there is a huge difference in jiff…
- CVE-2024-3874HIGHCVSS 8.8EG 8.82024-04-16
A vulnerability was found in Tenda W20E 15.11.0.6. It has been declared as critical. This vulnerability affects the function formSetRemoteWebManage of the file /goform/SetRemoteWebManage. The manipulation of the argument remoteIP leads to …
- CVE-2024-3875HIGHCVSS 8.8EG 8.82024-04-16
A vulnerability was found in Tenda F1202 1.2.0.20(408). It has been rated as critical. This issue affects the function fromNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. T…
- CVE-2024-3876HIGHCVSS 8.8EG 8.82024-04-16
A vulnerability classified as critical has been found in Tenda F1202 1.2.0.20(408). Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. It is p…
- CVE-2024-3877HIGHCVSS 8.8EG 8.82024-04-16
A vulnerability classified as critical was found in Tenda F1202 1.2.0.20(408). Affected by this vulnerability is the function fromqossetting of the file /goform/fromqossetting. The manipulation of the argument qos leads to stack-based buff…
- CVE-2024-3878HIGHCVSS 8.8EG 8.82024-04-16
A vulnerability, which was classified as critical, has been found in Tenda F1202 1.2.0.20(408). Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page…
- CVE-2024-3879HIGHCVSS 8.8EG 8.82024-04-16
A vulnerability, which was classified as critical, was found in Tenda W30E 1.0.1.25(633). This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It …
- CVE-2024-3881HIGHCVSS 8.8EG 8.82024-04-16
A vulnerability was found in Tenda W30E 1.0.1.25(633) and classified as critical. This issue affects the function frmL7PlotForm of the file /goform/frmL7ProtForm. The manipulation of the argument page leads to stack-based buffer overflow. …
- CVE-2024-3882HIGHCVSS 8.8EG 8.82024-04-16
A vulnerability was found in Tenda W30E 1.0.1.25(633). It has been classified as critical. Affected is the function fromRouteStatic of the file /goform/fromRouteStatic. The manipulation of the argument page leads to stack-based buffer over…
- CVE-2024-3905HIGHCVSS 8.8EG 8.82024-04-17
A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been classified as critical. This affects the function R7WebsSecurityHandler of the file /goform/execCommand. The manipulation of the argument password leads to stack-based buf…
- CVE-2024-3906HIGHCVSS 8.8EG 8.82024-04-17
A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been declared as critical. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-…
- CVE-2024-3907HIGHCVSS 8.8EG 8.82024-04-17
A vulnerability was found in Tenda AC500 2.0.1.9(1307). It has been rated as critical. This issue affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. …
- CVE-2024-3909HIGHCVSS 8.8EG 8.82024-04-17
A vulnerability classified as critical was found in Tenda AC500 2.0.1.9(1307). Affected by this vulnerability is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based bu…
- CVE-2024-3910HIGHCVSS 8.8EG 8.82024-04-17
A vulnerability, which was classified as critical, has been found in Tenda AC500 2.0.1.9(1307). Affected by this issue is the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to st…
- CVE-2024-39354HIGHCVSS 7.8EG 7.82024-11-11
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code.
- CVE-2024-39357CRITICALCVSS 9.1EG 9.12025-01-14
A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenti…
- CVE-2024-39359CRITICALCVSS 9.1EG 9.12025-01-14
A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authen…
- CVE-2024-39389HIGHCVSS 7.8EG 7.82024-08-14
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user i…
- CVE-2024-39480HIGHCVSS 7.8EG 7.82024-07-05
In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion with the Tab key, kdb will use strncpy() to insert the completed symbol …
- CVE-2024-39556MEDIUMCVSS 6.4EG 6.42024-07-10
A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a…
- CVE-2024-39603CRITICALCVSS 9.1EG 9.12025-01-14
A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make…
- CVE-2024-39605HIGHCVSS 7.8EG 7.82024-11-11
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code.
- CVE-2024-39757CRITICALCVSS 9.1EG 9.12025-01-14
A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authentic…
- CVE-2024-39779MEDIUMCVSS 4.7EG 4.72025-02-12
Stack-based buffer overflow in some drivers for Intel(R) Ethernet Connection I219 Series before version 12.19.1.39 may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2024-39791CRITICALCVSS 10.0EG 10.02024-08-12
Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to execute arbitrary code.
Map vulnerabilities like CWE-121 to your infrastructure
EchelonGraph correlates every CVE — across CWE-121 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →