VYPR

CWE-121

Stack-based Buffer Overflow

VariantDraftLikelihood: High

Description

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (790)

page 10 of 40
  • CVE-2023-6095HigApr 26, 2024
    risk 0.58cvss 8.9epss 0.01

    Vladimir Kononovich, a Security Researcher has found a flaw that allows for a remote code execution on the DVR. An attacker could inject malicious HTTP headers into request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please…

  • CVE-2018-10636HigAug 13, 2018
    risk 0.58cvss 8.8epss 0.10

    CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an…

  • CVE-2017-15118HigJul 27, 2018
    risk 0.58cvss 8.3epss 0.12

    A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If…

  • CVE-2017-3193HigDec 16, 2017
    risk 0.58cvss 8.8epss 0.06

    Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service.

  • CVE-2026-7273HigJun 16, 2026
    risk 0.57cvss 8.8epss 0.00

    A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request.

  • CVE-2026-45648HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.01

    Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.

  • CVE-2026-11557HigJun 8, 2026
    risk 0.57cvss 8.8epss 0.00

    A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The…

  • CVE-2026-11553HigJun 8, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename results in stack-based buffer overflow. The attack can be launched remotely. The exploit has…

  • CVE-2026-11528HigJun 8, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Interface. The manipulation of the argument callback results in stack-based buffer overflow. The attack may be…

  • CVE-2026-11524HigJun 8, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Management Interface. The manipulation of the argument wifiFilterListRemark leads to stack-based buffer overflow.…

  • CVE-2026-11523HigJun 8, 2026
    risk 0.57cvss 8.8epss 0.00

    A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be…

  • CVE-2026-11522HigJun 8, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirrorMirroredPorts results in stack-based buffer overflow. The attack can be…

  • CVE-2026-11504HigJun 8, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule Configuration Endpoint. Performing a manipulation of the argument schedStartTime/schedEndTime results in…

  • CVE-2026-11503HigJun 8, 2026
    risk 0.57cvss 8.8epss 0.00

    A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set of the component Wi-Fi Configuration Endpoint. Such manipulation of the argument ssid leads to…

  • CVE-2026-11498HigJun 8, 2026
    risk 0.57cvss 8.8epss 0.04

    A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. Affected by this issue is the function asp_voip_OtherSet of the file /boaform/voip_other_set of the component Web Management Interface. Performing a manipulation of the argument funckey_transfer results in…

  • CVE-2026-11413HigJun 6, 2026
    risk 0.57cvss 8.8epss 0.00

    A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The…

  • CVE-2026-11024HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Stack buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-35085HigJun 3, 2026
    risk 0.57cvss 8.8epss 0.00

    A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.

  • CVE-2026-35084HigJun 3, 2026
    risk 0.57cvss 8.8epss 0.00

    A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.

  • CVE-2026-35083HigJun 3, 2026
    risk 0.57cvss 8.8epss 0.00

    A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.