CWE-121
Stack-based Buffer Overflow
Description
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Hierarchy (View 1000)
CVEs mapped to this weakness (790)
page 10 of 40| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-6095 | Hig | 0.58 | 8.9 | 0.01 | Apr 26, 2024 | Vladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please… | ||
| CVE-2018-10636 | Hig | 0.58 | 8.8 | 0.10 | Aug 13, 2018 | CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an… | ||
| CVE-2017-15118 | Hig | 0.58 | 8.3 | 0.12 | Jul 27, 2018 | A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If… | ||
| CVE-2017-3193 | Hig | 0.58 | 8.8 | 0.06 | Dec 16, 2017 | Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service. | ||
| CVE-2026-7273 | Hig | 0.57 | 8.8 | 0.00 | Jun 16, 2026 | A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request. | ||
| CVE-2026-45648 | Hig | 0.57 | 8.8 | 0.01 | Jun 9, 2026 | Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network. | ||
| CVE-2026-11557 | Hig | 0.57 | 8.8 | 0.00 | Jun 8, 2026 | A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The… | ||
| CVE-2026-11553 | Hig | 0.57 | 8.8 | 0.00 | Jun 8, 2026 | A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename results in stack-based buffer overflow. The attack can be launched remotely. The exploit has… | ||
| CVE-2026-11528 | Hig | 0.57 | 8.8 | 0.00 | Jun 8, 2026 | A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Interface. The manipulation of the argument callback results in stack-based buffer overflow. The attack may be… | ||
| CVE-2026-11524 | Hig | 0.57 | 8.8 | 0.00 | Jun 8, 2026 | A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Management Interface. The manipulation of the argument wifiFilterListRemark leads to stack-based buffer overflow.… | ||
| CVE-2026-11523 | Hig | 0.57 | 8.8 | 0.00 | Jun 8, 2026 | A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be… | ||
| CVE-2026-11522 | Hig | 0.57 | 8.8 | 0.00 | Jun 8, 2026 | A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow. The attack can be… | ||
| CVE-2026-11504 | Hig | 0.57 | 8.8 | 0.00 | Jun 8, 2026 | A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule Configuration Endpoint. Performing a manipulation of the argument schedStartTime/schedEndTime results in… | ||
| CVE-2026-11503 | Hig | 0.57 | 8.8 | 0.00 | Jun 8, 2026 | A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to… | ||
| CVE-2026-11498 | Hig | 0.57 | 8.8 | 0.04 | Jun 8, 2026 | A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. Affected by this issue is the function asp_voip_OtherSet of the file /boaform/voip_other_set of the component Web Management Interface. Performing a manipulation of the argument funckey_transfer results in… | ||
| CVE-2026-11413 | Hig | 0.57 | 8.8 | 0.00 | Jun 6, 2026 | A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The… | ||
| CVE-2026-11024 | Hig | 0.57 | 8.8 | 0.00 | Jun 4, 2026 | Stack buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-35085 | Hig | 0.57 | 8.8 | 0.00 | Jun 3, 2026 | A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root. | ||
| CVE-2026-35084 | Hig | 0.57 | 8.8 | 0.00 | Jun 3, 2026 | A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root. | ||
| CVE-2026-35083 | Hig | 0.57 | 8.8 | 0.00 | Jun 3, 2026 | A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root. |
- risk 0.58cvss 8.9epss 0.01
Vladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please…
- risk 0.58cvss 8.8epss 0.10
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an…
- risk 0.58cvss 8.3epss 0.12
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If…
- risk 0.58cvss 8.8epss 0.06
Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service.
- risk 0.57cvss 8.8epss 0.00
A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request.
- risk 0.57cvss 8.8epss 0.01
Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.00
A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The…
- risk 0.57cvss 8.8epss 0.00
A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename results in stack-based buffer overflow. The attack can be launched remotely. The exploit has…
- risk 0.57cvss 8.8epss 0.00
A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Interface. The manipulation of the argument callback results in stack-based buffer overflow. The attack may be…
- risk 0.57cvss 8.8epss 0.00
A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Management Interface. The manipulation of the argument wifiFilterListRemark leads to stack-based buffer overflow.…
- risk 0.57cvss 8.8epss 0.00
A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be…
- risk 0.57cvss 8.8epss 0.00
A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow. The attack can be…
- risk 0.57cvss 8.8epss 0.00
A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule Configuration Endpoint. Performing a manipulation of the argument schedStartTime/schedEndTime results in…
- risk 0.57cvss 8.8epss 0.00
A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to…
- risk 0.57cvss 8.8epss 0.04
A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. Affected by this issue is the function asp_voip_OtherSet of the file /boaform/voip_other_set of the component Web Management Interface. Performing a manipulation of the argument funckey_transfer results in…
- risk 0.57cvss 8.8epss 0.00
A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The…
- risk 0.57cvss 8.8epss 0.00
Stack buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.57cvss 8.8epss 0.00
A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.
- risk 0.57cvss 8.8epss 0.00
A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.
- risk 0.57cvss 8.8epss 0.00
A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.