VYPR

CWE-121

Stack-based Buffer Overflow

VariantDraftLikelihood: High

Description

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (790)

page 6 of 40
  • CVE-2024-34087CriAug 26, 2024
    risk 0.64cvss 9.8epss 0.01

    An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24.1 allows remote attackers with access to the Web Terminal to achieve remote code execution via an HTTP POST /TermInput request.

  • CVE-2024-26305CriMay 1, 2024
    risk 0.64cvss 9.8epss 0.15

    There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of…

  • CVE-2023-50434CriApr 29, 2024
    risk 0.64cvss 9.8epss 0.01

    emdns_resolve_raw in emdns.c in emdns through fbd1eef calls strlen with an input that may not be '\0' terminated, leading to a stack-based buffer over-read. This can be triggered by a remote adversary that can send DNS requests to the emdns server. The impact could vary…

  • CVE-2023-45924CriMar 27, 2024
    risk 0.64cvss 9.8epss 0.01

    libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.

  • CVE-2018-14818CriOct 8, 2018
    risk 0.64cvss 9.8epss 0.03

    WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior have a stack-based buffer overflow vulnerability which may allow remote code execution.

  • CVE-2018-14802CriOct 1, 2018
    risk 0.64cvss 9.8epss 0.04

    Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which may allow for arbitrary remote code execution.

  • CVE-2018-14823CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.04

    Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.

  • CVE-2018-10628CriJul 24, 2018
    risk 0.64cvss 9.8epss 0.05

    AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow…

  • CVE-2017-3223CriJul 24, 2018
    risk 0.64cvss 9.8epss 0.05

    Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia (/usr/bin/sonia) that provides the…

  • CVE-2018-10620CriJul 19, 2018
    risk 0.64cvss 9.8epss 0.04

    AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with…

  • CVE-2018-8847CriJul 13, 2018
    risk 0.64cvss 9.8epss 0.07

    Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution.

  • CVE-2018-10621CriJun 18, 2018
    risk 0.64cvss 9.8epss 0.04

    Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or…

  • CVE-2018-7499CriMay 15, 2018
    risk 0.64cvss 9.8epss 0.04

    In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities…

  • CVE-2018-8865CriMay 4, 2018
    risk 0.64cvss 9.8epss 0.06

    In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

  • CVE-2018-8840CriApr 18, 2018
    risk 0.64cvss 9.8epss 0.08

    A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.

  • CVE-2017-9638CriApr 17, 2018
    risk 0.64cvss 9.8epss 0.04

    Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.

  • CVE-2017-12194CriMar 14, 2018
    risk 0.64cvss 9.8epss 0.06

    A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions…

  • CVE-2018-5475CriFeb 19, 2018
    risk 0.64cvss 9.8epss 0.04

    A Stack-based Buffer Overflow issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified, which may allow remote code execution.

  • CVE-2018-5440CriFeb 15, 2018
    risk 0.64cvss 9.8epss 0.03

    A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted…

  • CVE-2018-5442CriFeb 5, 2018
    risk 0.64cvss 9.8epss 0.04

    A Stack-based Buffer Overflow issue was discovered in Fuji Electric V-Server VPR 4.0.1.0 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.