CWE-121— Stack-based Buffer Overflow
3,121 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-121page 29 of 63
- CVE-2024-24684HIGHCVSS 7.8EG 7.82024-05-28
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulne…
- CVE-2024-24685HIGHCVSS 7.8EG 7.82024-05-28
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulne…
- CVE-2024-24686HIGHCVSS 7.8EG 7.82024-05-28
Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulne…
- CVE-2024-2485HIGHCVSS 8.8EG 8.82024-03-15
A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer …
- CVE-2024-2486HIGHCVSS 8.8EG 8.82024-03-15
A vulnerability was found in Tenda AC18 15.03.05.05. It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer ov…
- CVE-2024-2487HIGHCVSS 8.8EG 8.82024-03-15
A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName/mac leads to st…
- CVE-2024-2488HIGHCVSS 8.8EG 8.82024-03-15
A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIP leads to stack-based buffe…
- CVE-2024-2489HIGHCVSS 8.8EG 8.82024-03-15
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It …
- CVE-2024-2490HIGHCVSS 8.8EG 8.82024-03-15
A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads t…
- CVE-2024-24962CRITICALCVSS 9.8EG 9.82024-05-28
A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacke…
- CVE-2024-24963CRITICALCVSS 9.8EG 9.82024-05-28
A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacke…
- CVE-2024-25137MEDIUMCVSS 4.3EG 4.32024-03-26
In AutomationDirect C-MORE EA9 HMI there is a program that copies a buffer of a size controlled by the user into a limited sized buffer on the stack which may lead to a stack overflow. The result of this stack-based buffer overflow can le…
- CVE-2024-25176CRITICALCVSS 9.8EG 9.82025-07-07
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c.
- CVE-2024-25331CRITICALCVSS 9.3EG 9.32024-03-12
DIR-822 Rev. B Firmware v2.02KRB09 and DIR-822-CA Rev. B Firmware v2.03WWb01 suffer from a LAN-Side Unauthenticated Remote Code Execution (RCE) vulnerability elevated from HNAP Stack-Based Buffer Overflow.
- CVE-2024-25391HIGHCVSS 8.4EG 8.42024-03-27
A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in RT-Thread through 5.0.2.
- CVE-2024-25393CRITICALCVSS 9.8EG 9.82024-03-27
A stack buffer overflow occurs in net/at/src/at_server.c in RT-Thread through 5.0.2.
- CVE-2024-2546HIGHCVSS 8.8EG 8.82024-03-17
A vulnerability has been found in Tenda AC18 15.13.07.09 and classified as critical. Affected by this vulnerability is the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflo…
- CVE-2024-2547HIGHCVSS 8.8EG 8.82024-03-17
A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function R7WebsSecurityHandler. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be…
- CVE-2024-2558HIGHCVSS 8.8EG 8.82024-03-17
A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overf…
- CVE-2024-25746HIGHCVSS 8.8EG 8.82024-02-22
Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the add_white_node function.
- CVE-2024-25748HIGHCVSS 8.8EG 8.82024-02-22
A Stack Based Buffer Overflow vulnerability in tenda AC9 AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetIpMacBind function.
- CVE-2024-25751CRITICALCVSS 9.8EG 9.82024-02-26
A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetSysTime function.
- CVE-2024-25753HIGHCVSS 8.8EG 8.82024-02-22
Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the formSetDeviceName function.
- CVE-2024-25756HIGHCVSS 8.0EG 8.02024-02-22
A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the formWifiBasicSet function.
- CVE-2024-2581HIGHCVSS 8.8EG 8.82024-03-18
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer ove…
- CVE-2024-26010HIGHCVSS 7.5EG 7.52024-06-11
A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.…
- CVE-2024-26180HIGHCVSS 8.0EG 8.02024-04-09
Secure Boot Security Feature Bypass Vulnerability
- CVE-2024-26304CRITICALCVSS 9.8EG 9.82024-05-01
There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protoco…
- CVE-2024-26305CRITICALCVSS 9.8EG 9.82024-05-01
There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP por…
- CVE-2024-2703HIGHCVSS 8.8EG 8.82024-03-20
A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49. Affected is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument mac leads to stack-based buffer overflow. I…
- CVE-2024-2704HIGHCVSS 8.8EG 8.82024-03-20
A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49. Affected by this vulnerability is the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-b…
- CVE-2024-2705HIGHCVSS 8.8EG 8.82024-03-20
A vulnerability, which was classified as critical, has been found in Tenda AC10U 1.0/15.03.06.49. Affected by this issue is the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to s…
- CVE-2024-2706HIGHCVSS 8.8EG 8.82024-03-20
A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49. This affects the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overfl…
- CVE-2024-2708HIGHCVSS 8.8EG 8.82024-03-20
A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow…
- CVE-2024-2709HIGHCVSS 8.8EG 8.82024-03-20
A vulnerability was found in Tenda AC10U 15.03.06.49. It has been classified as critical. Affected is the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer …
- CVE-2024-2710HIGHCVSS 8.8EG 8.82024-03-20
A vulnerability was found in Tenda AC10U 15.03.06.49. It has been declared as critical. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime leads to…
- CVE-2024-2711HIGHCVSS 8.8EG 8.82024-03-20
A vulnerability was found in Tenda AC10U 15.03.06.48. It has been rated as critical. Affected by this issue is the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceMac leads to stack-ba…
- CVE-2024-27128MEDIUMCVSS 6.4EG 6.42024-05-21
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already …
- CVE-2024-27129MEDIUMCVSS 6.4EG 6.42024-05-21
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already …
- CVE-2024-27130HIGHCVSS 7.2EG 7.22024-05-21
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vuln…
- CVE-2024-27337HIGHCVSS 7.8EG 7.82024-04-03
Kofax Power PDF TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is requir…
- CVE-2024-27459HIGHCVSS 7.8EG 7.82024-07-08
The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.
- CVE-2024-27567MEDIUMCVSS 6.5EG 6.52024-03-01
LBT T300- T390 v2.2.1.8 were discovered to contain a stack overflow via the vpn_client_ip parameter in the config_vpn_pptp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
- CVE-2024-27568MEDIUMCVSS 6.5EG 6.52024-03-01
LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the apn_name_3g parameter in the setupEC20Apn function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
- CVE-2024-27569MEDIUMCVSS 6.5EG 6.52024-03-01
LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the init_nvram function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
- CVE-2024-27570HIGHCVSS 7.5EG 7.52024-03-01
LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the generate_conf_router function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
- CVE-2024-27571HIGHCVSS 7.5EG 7.52024-03-01
LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the makeCurRemoteApList function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
- CVE-2024-2763HIGHCVSS 8.8EG 8.82024-03-21
A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.48. Affected by this issue is the function formSetCfm of the file goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buff…
- CVE-2024-2764HIGHCVSS 8.8EG 8.82024-03-21
A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.48. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument endIP leads to stack-based buffer o…
- CVE-2024-27655HIGHCVSS 8.8EG 8.82024-02-29
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SOAPACTION parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.
Map vulnerabilities like CWE-121 to your infrastructure
EchelonGraph correlates every CVE — across CWE-121 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →