CWE-121— Stack-based Buffer Overflow
3,121 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-121page 28 of 63
- CVE-2024-11802HIGHCVSS 7.8EG 7.82024-11-28
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus…
- CVE-2024-12185MEDIUMCVSS 5.3EG 5.32024-12-05
A vulnerability has been found in code-projects Hotel Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Administrator Login Password Handler. The manipulation of the argument Str2…
- CVE-2024-12186MEDIUMCVSS 5.3EG 5.32024-12-05
A vulnerability was found in code-projects Hotel Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file hotelnew.c of the component Available Room Handler. The manipulation of the argume…
- CVE-2024-1220HIGHCVSS 8.2EG 8.22024-03-06
A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service. Successful expl…
- CVE-2024-12352MEDIUMCVSS 4.3EG 4.32024-12-09
A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based…
- CVE-2024-12803HIGHCVSS 7.2EG 9.82025-01-09
A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.
- CVE-2024-13045HIGHCVSS 7.8EG 7.82024-12-30
Ashlar-Vellum Cobalt AR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction …
- CVE-2024-13903MEDIUMCVSS 4.3EG 4.32025-03-21
A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulnerability is the function JS_GetRuntime of the file quickjs.c of the component qjs. The manipulation leads to stack-base…
- CVE-2024-1598HIGHCVSS 7.5EG 7.52024-05-14
Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567.
- CVE-2024-1783CRITICALCVSS 9.8EG 9.82024-02-23
A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of…
- CVE-2024-1941HIGHCVSS 7.8EG 7.82024-03-01
Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
- CVE-2024-20130MEDIUMCVSS 6.7EG 6.72024-12-02
In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09193…
- CVE-2024-20154HIGHCVSS 8.8EG 8.12025-01-06
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges ne…
- CVE-2024-20307MEDIUMCVSS 6.8EG 6.82024-03-27
A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected device reloading. This vulnerability exis…
- CVE-2024-20336MEDIUMCVSS 6.5EG 6.52024-03-06
A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit …
- CVE-2024-20433HIGHCVSS 8.6EG 8.62024-09-25
A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial o…
- CVE-2024-20518MEDIUMCVSS 6.5EG 6.52024-10-02
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit…
- CVE-2024-20519MEDIUMCVSS 6.5EG 6.52024-10-02
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit…
- CVE-2024-20520MEDIUMCVSS 6.5EG 6.52024-10-02
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit…
- CVE-2024-20521MEDIUMCVSS 6.5EG 6.52024-10-02
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to execute arbitrary code as the root user. To exploit…
- CVE-2024-20523MEDIUMCVSS 6.8EG 6.82024-10-02
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, r…
- CVE-2024-20524MEDIUMCVSS 6.8EG 6.82024-10-02
A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, r…
- CVE-2024-20688HIGHCVSS 7.1EG 7.12024-04-09
Secure Boot Security Feature Bypass Vulnerability
- CVE-2024-20689HIGHCVSS 7.1EG 7.12024-04-09
Secure Boot Security Feature Bypass Vulnerability
- CVE-2024-20772HIGHCVSS 7.8EG 7.82024-04-10
Media Encoder versions 24.2.1, 23.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…
- CVE-2024-20998MEDIUMCVSS 4.9EG 4.92024-04-16
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker wit…
- CVE-2024-21030MEDIUMCVSS 6.1EG 6.12024-04-16
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated at…
- CVE-2024-21053MEDIUMCVSS 4.9EG 4.92024-04-16
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multip…
- CVE-2024-21054MEDIUMCVSS 4.9EG 4.92024-04-16
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker wit…
- CVE-2024-21474HIGHCVSS 8.4EG 8.42024-05-06
Memory corruption when size of buffer from previous call is used without validation or re-initialization.
- CVE-2024-21758MEDIUMCVSS 6.4EG 6.42025-01-14
A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provided the user is able to evade FortiWeb …
- CVE-2024-22949CRITICALCVSS 9.1EG 9.12024-04-08
JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the…
- CVE-2024-23086CRITICALCVSS 9.8EG 9.82024-04-08
Apfloat v1.10.1 was discovered to contain a stack overflow via the component org.apfloat.internal.DoubleModMath::modPow(double. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the…
- CVE-2024-23110HIGHCVSS 7.8EG 7.82024-06-11
A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0 all versions allows attacker to execute unauthorized code or commands…
- CVE-2024-23125HIGHCVSS 7.8EG 7.52024-02-22
A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbi…
- CVE-2024-23126HIGHCVSS 7.8EG 7.52024-02-22
A maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitr…
- CVE-2024-23138HIGHCVSS 7.8EG 7.52024-03-18
A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the…
- CVE-2024-23374MEDIUMCVSS 6.7EG 6.72024-10-07
Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file.
- CVE-2024-23594MEDIUMCVSS 6.4EG 6.42024-04-15
A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to execute…
- CVE-2024-23797HIGHCVSS 7.8EG 7.82024-02-13
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while par…
- CVE-2024-23798HIGHCVSS 7.8EG 7.82024-02-13
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while par…
- CVE-2024-23804HIGHCVSS 7.8EG 7.82024-02-13
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while par…
- CVE-2024-23933MEDIUMCVSS 6.8EG 6.82024-09-23
Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentica…
- CVE-2024-23934HIGHCVSS 8.8EG 8.82024-09-23
Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. User interaction is…
- CVE-2024-23935HIGHCVSS 8.0EG 8.02024-09-28
Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must fir…
- CVE-2024-23938HIGHCVSS 8.8EG 8.82024-09-28
Silicon Labs Gecko OS Debug Interface Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authe…
- CVE-2024-23957HIGHCVSS 8.8EG 8.82024-09-28
Autel MaxiCharger AC Elite Business C50 DLB_HostHeartBeat Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel Ma…
- CVE-2024-23959HIGHCVSS 8.0EG 8.02024-09-28
Autel MaxiCharger AC Elite Business C50 BLE AppChargingControl Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Aut…
- CVE-2024-23967HIGHCVSS 8.0EG 8.02024-09-28
Autel MaxiCharger AC Elite Business C50 WebSocket Base64 Decoding Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of …
- CVE-2024-23982HIGHCVSS 7.5EG 7.52024-02-14
When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released be…
Map vulnerabilities like CWE-121 to your infrastructure
EchelonGraph correlates every CVE — across CWE-121 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →