CWE-121— Stack-based Buffer Overflow
3,118 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-121page 14 of 63
- CVE-2022-0650HIGHCVSS 8.0EG 8.02023-03-28
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The spec…
- CVE-2022-1068MEDIUMCVSS 5.5EG 7.52022-04-01
Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used.
- CVE-2022-1211MEDIUMCVSS 6.3EG 6.52022-04-03
A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it …
- CVE-2022-1355MEDIUMCVSS 6.1EG 6.12022-08-31
A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and cau…
- CVE-2022-1405HIGHCVSS 7.8EG 7.82022-08-31
CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition.
- CVE-2022-1669MEDIUMCVSS 6.8EG 8.12022-05-24
A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in th…
- CVE-2022-1888HIGHCVSS 7.8EG 7.82022-08-31
Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer overflow while processing a specifically crafted project file, which may allow an attacker to execute arbitrary code.
- CVE-2022-2025CRITICALCVSS 9.8EG 9.82022-09-23
an attacker with knowledge of user/pass of Grandstream GSD3710 in its 1.0.11.13 version, could overflow the stack since it doesn't check the param length before use the strcopy instruction. The explotation of this vulnerability may lead an…
- CVE-2022-20699CRITICALCVSS 10.0EG 10.0⚠ KEV2022-02-10
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication a…
- CVE-2022-2070CRITICALCVSS 9.8EG 9.82022-09-23
In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to overflow the stack since it doesn't check the param length before using the sscanf instruction. Because of that, an attacker could create a socket and connect with a remote …
- CVE-2022-20700CRITICALCVSS 10.0EG 10.0⚠ KEV2022-02-10
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication a…
- CVE-2022-20701CRITICALCVSS 10.0EG 10.0⚠ KEV2022-02-10
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication a…
- CVE-2022-20702CRITICALCVSS 10.0EG 10.02022-02-10
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication a…
- CVE-2022-20703CRITICALCVSS 10.0EG 10.0⚠ KEV2022-02-10
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication a…
- CVE-2022-20704CRITICALCVSS 10.0EG 4.82022-02-10
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication a…
- CVE-2022-20705CRITICALCVSS 10.0EG 9.82022-02-10
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication a…
- CVE-2022-20706CRITICALCVSS 10.0EG 8.12022-02-10
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication a…
- CVE-2022-20707CRITICALCVSS 10.0EG 7.32022-02-10
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication a…
- CVE-2022-20708CRITICALCVSS 10.0EG 10.0⚠ KEV2022-02-10
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication a…
- CVE-2022-20709CRITICALCVSS 10.0EG 10.02022-02-10
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication a…
- CVE-2022-20710CRITICALCVSS 10.0EG 10.02022-02-10
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication a…
- CVE-2022-20711CRITICALCVSS 10.0EG 10.02022-02-10
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication a…
- CVE-2022-20712CRITICALCVSS 10.0EG 10.02022-02-10
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication a…
- CVE-2022-20749CRITICALCVSS 10.0EG 10.02022-02-10
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication a…
- CVE-2022-20753MEDIUMCVSS 4.7EG 7.22022-05-04
A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient vali…
- CVE-2022-2078MEDIUMCVSS 5.5EG 5.52022-06-30
A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.
- CVE-2022-20824HIGHCVSS 8.8EG 8.82022-08-25
A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) con…
- CVE-2022-20825CRITICALCVSS 9.8EG 9.82022-06-15
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpe…
- CVE-2022-21137HIGHCVSS 7.8EG 7.82022-01-14
Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code.
- CVE-2022-21201HIGHCVSS 8.8EG 8.82022-08-05
A stack-based buffer overflow vulnerability exists in the confers ucloud_add_node_new functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can sen…
- CVE-2022-21228HIGHCVSS 7.8EG 9.82022-04-12
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
- CVE-2022-22178HIGHCVSS 7.5EG 7.52022-01-19
A Stack-based Buffer Overflow vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on MX Series and SRX series allows an unauthenticated networked attacker to cause a flowd crash and thereby a Denial of Service …
- CVE-2022-22274CRITICALCVSS 9.8EG 9.82022-03-25
A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall.
- CVE-2022-22281HIGHCVSS 7.8EG 7.82022-05-13
A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system.
- CVE-2022-22989CRITICALCVSS 9.8EG 9.82022-01-13
My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow …
- CVE-2022-23006LOWCVSS 1.8EG 6.72022-09-27
A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerabi…
- CVE-2022-2304HIGHCVSS 7.8EG 7.82022-07-05
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
- CVE-2022-23103CRITICALCVSS 9.8EG 9.82022-08-05
A stack-based buffer overflow vulnerability exists in the confsrv confctl_set_app_language functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker ca…
- CVE-2022-23122CRITICALCVSS 9.8EG 9.82023-03-28
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue …
- CVE-2022-23125CRITICALCVSS 9.8EG 9.82023-03-28
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsi…
- CVE-2022-23399CRITICALCVSS 9.8EG 9.82022-08-05
A stack-based buffer overflow vulnerability exists in the confsrv set_port_fwd_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a…
- CVE-2022-23460MEDIUMCVSS 5.9EG 7.52022-08-19
Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program usi…
- CVE-2022-23462MEDIUMCVSS 6.2EG 7.52022-10-21
IOWOW is a C utility library and persistent key/value storage engine. Versions 1.4.15 and prior contain a stack buffer overflow vulnerability that allows for Denial of Service (DOS) when it parses scientific notation numbers present in JSO…
- CVE-2022-23803HIGHCVSS 7.8EG 7.82022-02-16
A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead …
- CVE-2022-23804HIGHCVSS 7.8EG 7.82022-02-16
A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead …
- CVE-2022-23918CRITICALCVSS 9.8EG 9.82022-08-05
A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malic…
- CVE-2022-23919CRITICALCVSS 9.8EG 9.82022-08-05
A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malic…
- CVE-2022-23946HIGHCVSS 7.8EG 7.82022-02-04
A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code exe…
- CVE-2022-23947HIGHCVSS 7.8EG 7.82022-02-04
A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code exe…
- CVE-2022-2402MEDIUMCVSS 6.5EG 6.52022-09-06
The vulnerability in the driver dlpfde.sys enables a user logged into the system to perform system calls leading to kernel stack overflow, resulting in a system crash, for instance, a BSOD.
Map vulnerabilities like CWE-121 to your infrastructure
EchelonGraph correlates every CVE — across CWE-121 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →