CWE-121— Stack-based Buffer Overflow
3,119 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-121page 24 of 63
- CVE-2023-45984CRITICALCVSS 9.8EG 9.82023-10-16
TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg.
- CVE-2023-4601HIGHCVSS 8.1EG 8.12023-10-18
A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. Successful exploitation requires that an attacker can provide a specially crafted re…
- CVE-2023-46223CRITICALCVSS 9.8EG 9.82023-12-19
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.
- CVE-2023-46272HIGHCVSS 8.8EG 8.82025-02-19
Buffer Overflow vulnerability in Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, allows an attacker to execute arbitrary code via the implementation of the ah_auth service
- CVE-2023-46552CRITICALCVSS 9.8EG 9.82023-10-25
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAP.
- CVE-2023-46553CRITICALCVSS 9.8EG 9.82023-10-25
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formParentControl.
- CVE-2023-46559CRITICALCVSS 9.8EG 9.82023-10-25
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIPv6Addr.
- CVE-2023-46560CRITICALCVSS 9.8EG 9.82023-10-25
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup.
- CVE-2023-46562CRITICALCVSS 9.8EG 9.82023-10-25
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDosCfg.
- CVE-2023-46563CRITICALCVSS 9.8EG 9.82023-10-25
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS.
- CVE-2023-46564CRITICALCVSS 9.8EG 9.82023-10-25
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ.
- CVE-2023-46714HIGHCVSS 7.2EG 7.22024-05-14
A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via …
- CVE-2023-46718MEDIUMCVSS 6.7EG 6.72025-10-14
A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthori…
- CVE-2023-46720MEDIUMCVSS 6.7EG 6.72024-06-11
A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthori…
- CVE-2023-4685HIGHCVSS 7.8EG 7.82023-09-07
Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions 4.0.0.82 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code.
- CVE-2023-4744CRITICALCVSS 9.8EG 9.82023-09-04
A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. It has been declared as critical. Affected by this vulnerability is the function formSetDeviceName. The manipulation leads to stack-based buffer overflow. The attack can be launc…
- CVE-2023-47456CRITICALCVSS 9.1EG 9.12023-11-07
Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat.
- CVE-2023-4756MEDIUMCVSS 5.5EG 5.92023-09-04
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
- CVE-2023-47856HIGHCVSS 7.2EG 7.22024-07-08
A stack-based buffer overflow vulnerability exists in the boa set_RadvdPrefixParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send …
- CVE-2023-48262HIGHCVSS 8.1EG 8.12024-01-10
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
- CVE-2023-48264HIGHCVSS 8.1EG 8.12024-01-10
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
- CVE-2023-48265HIGHCVSS 8.1EG 8.12024-01-10
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
- CVE-2023-48266HIGHCVSS 8.1EG 8.12024-01-10
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.
- CVE-2023-48270HIGHCVSS 7.2EG 7.22024-07-08
A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequen…
- CVE-2023-48724HIGHCVSS 7.5EG 7.52024-04-09
A memory corruption vulnerability exists in the web interface functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted HTTP POST request can lead to denial of service of t…
- CVE-2023-48725HIGHCVSS 7.2EG 7.22024-03-07
A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authentic…
- CVE-2023-48906MEDIUMCVSS 4.3EG 4.32024-04-01
Stack Overflow vulnerability in Btstack 1.6 and earlier allows attackers to cause a denial of service via crafted input to the char_for_nibble function.
- CVE-2023-49073HIGHCVSS 7.2EG 7.22024-07-08
A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence…
- CVE-2023-49129HIGHCVSS 7.8EG 7.82024-01-09
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain a stack overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute…
- CVE-2023-49236CRITICALCVSS 9.8EG 9.82024-01-09
A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a user-entered scale field in the RTSP …
- CVE-2023-49287HIGHCVSS 7.7EG 7.72023-12-04
TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6.
- CVE-2023-49424CRITICALCVSS 9.8EG 9.82023-12-07
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg.
- CVE-2023-49595HIGHCVSS 7.2EG 7.22024-07-08
A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can s…
- CVE-2023-49867HIGHCVSS 7.2EG 7.22024-07-08
A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP…
- CVE-2023-49906HIGHCVSS 7.2EG 7.22024-04-09
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests c…
- CVE-2023-49907HIGHCVSS 7.2EG 7.22024-04-09
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests c…
- CVE-2023-49908HIGHCVSS 7.2EG 7.22024-04-09
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests c…
- CVE-2023-49909HIGHCVSS 7.2EG 7.22024-04-09
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests c…
- CVE-2023-49910HIGHCVSS 7.2EG 7.22024-04-09
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests c…
- CVE-2023-49911HIGHCVSS 7.2EG 7.22024-04-09
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests c…
- CVE-2023-49912HIGHCVSS 7.2EG 7.22024-04-09
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests c…
- CVE-2023-49913HIGHCVSS 7.2EG 7.22024-04-09
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests c…
- CVE-2023-50007MEDIUMCVSS 4.0EG 4.02024-04-19
FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the av_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component.
- CVE-2023-50186HIGHCVSS 8.8EG 7.52024-05-03
GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is requ…
- CVE-2023-50208HIGHCVSS 8.8EG 8.82024-05-03
D-Link G416 ovpncfg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not req…
- CVE-2023-50209HIGHCVSS 8.8EG 8.82024-05-03
D-Link G416 cfgsave Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication i…
- CVE-2023-50210HIGHCVSS 8.8EG 8.82024-05-03
D-Link G416 httpd API-AUTH Digest Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. …
- CVE-2023-50211HIGHCVSS 8.8EG 8.82024-05-03
D-Link G416 httpd API-AUTH Timestamp Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 router…
- CVE-2023-50225MEDIUMCVSS 6.8EG 6.82024-05-03
TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Aut…
- CVE-2023-50234HIGHCVSS 7.8EG 7.82024-05-03
Hancom Office Cell XLS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Cell. User interaction is …
Map vulnerabilities like CWE-121 to your infrastructure
EchelonGraph correlates every CVE — across CWE-121 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →