CWE-121
Stack-based Buffer Overflow
Description
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Hierarchy (View 1000)
CVEs mapped to this weakness (790)
page 40 of 40| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-9190 | 0.00 | — | 0.06 | Jan 10, 2015 | Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist. | |||
| CVE-2014-5407 | 0.00 | — | 0.00 | Sep 15, 2014 | Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file. | |||
| CVE-2014-0770 | 0.00 | — | 0.03 | Apr 12, 2014 | By providing an overly long string to the UserName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely. | |||
| CVE-2014-0768 | 0.00 | — | 0.03 | Apr 12, 2014 | An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. The attacker may then remotely execute arbitrary code. | |||
| CVE-2014-0767 | 0.00 | — | 0.03 | Apr 12, 2014 | An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control. This will overflow the static stack buffer. The attacker may then execute code on the target device remotely. | |||
| CVE-2014-0766 | 0.00 | — | 0.03 | Apr 12, 2014 | An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer on the stack to overflow the static stack buffer. An attacker may use this vulnerability to remotely execute arbitrary code. | |||
| CVE-2014-0765 | 0.00 | — | 0.03 | Apr 12, 2014 | To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the value of the argument is overly long, the static stack buffer can be overflowed. This will allow the attacker to execute arbitrary code remotely. | |||
| CVE-2014-0764 | 0.00 | — | 0.03 | Apr 12, 2014 | By providing an overly long string to the NodeName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely. | |||
| CVE-2014-0774 | 0.00 | — | 0.00 | Feb 28, 2014 | Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed… | |||
| CVE-2014-0753 | 0.00 | — | 0.03 | Jan 21, 2014 | Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory. |
- CVE-2014-9190Jan 10, 2015risk 0.00cvss —epss 0.06
Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist.
- CVE-2014-5407Sep 15, 2014risk 0.00cvss —epss 0.00
Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service (application halt) via a malformed (1) setting file or (2) disturbance recording file.
- CVE-2014-0770Apr 12, 2014risk 0.00cvss —epss 0.03
By providing an overly long string to the UserName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely.
- CVE-2014-0768Apr 12, 2014risk 0.00cvss —epss 0.03
An attacker may pass an overly long value from the AccessCode2 argument to the control to overflow the static stack buffer. The attacker may then remotely execute arbitrary code.
- CVE-2014-0767Apr 12, 2014risk 0.00cvss —epss 0.03
An attacker may exploit this vulnerability by passing an overly long value from the AccessCode argument to the control. This will overflow the static stack buffer. The attacker may then execute code on the target device remotely.
- CVE-2014-0766Apr 12, 2014risk 0.00cvss —epss 0.03
An attacker can exploit this vulnerability by copying an overly long NodeName2 argument into a statically sized buffer on the stack to overflow the static stack buffer. An attacker may use this vulnerability to remotely execute arbitrary code.
- CVE-2014-0765Apr 12, 2014risk 0.00cvss —epss 0.03
To exploit this vulnerability, the attacker sends data from the GotoCmd argument to control. If the value of the argument is overly long, the static stack buffer can be overflowed. This will allow the attacker to execute arbitrary code remotely.
- CVE-2014-0764Apr 12, 2014risk 0.00cvss —epss 0.03
By providing an overly long string to the NodeName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely.
- CVE-2014-0774Feb 28, 2014risk 0.00cvss —epss 0.00
Stack-based buffer overflow in the C++ sample client in Schneider Electric OPC Factory Server (OFS) TLXCDSUOFS33 - 3.35, TLXCDSTOFS33 - 3.35, TLXCDLUOFS33 - 3.35, TLXCDLTOFS33 - 3.35, and TLXCDLFOFS33 - 3.35 allows local users to gain privileges via vectors involving a malformed…
- CVE-2014-0753Jan 21, 2014risk 0.00cvss —epss 0.03
Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory.