Vulnerabilities (CVE)

Filtered by CWE-121
Total 2805 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-5931 1 Zephyrproject 1 Zephyr 2026-06-17 N/A 6.3 MEDIUM
BT: Unchecked user input in bap_broadcast_assistant
CVE-2024-5602 2026-06-17 N/A 7.8 HIGH
A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file. The NI I/O Trace tool is installed as part of the NI System Configuration utilities included with many NI software products.  Refer to the NI Security Advisory for identifying the version of NI IO Trace.exe installed. The NI I/O Trace tool was also previously released as NI Spy.
CVE-2024-5507 1 Luxion 3 Keyshot, Keyshot Network Rendering, Keyshot Viewer 2026-06-17 N/A 7.8 HIGH
Luxion KeyShot Viewer KSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22266.
CVE-2024-5305 1 Tungstenautomation 1 Power Pdf 2026-06-17 N/A 7.8 HIGH
Kofax Power PDF PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22921.
CVE-2024-5293 1 Dlink 2 Dir-2640, Dir-2640 Firmware 2026-06-17 N/A 8.8 HIGH
D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within prog.cgi, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21853.
CVE-2024-5242 1 Tp-link 2 Omada Er605, Omada Er605 Firmware 2026-06-17 N/A 7.5 HIGH
TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service. The specific flaw exists within the handling of DDNS error codes. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22522.
CVE-2024-58299 2026-06-17 N/A 9.8 CRITICAL
PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the 'pwd' command that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted payload during the FTP login process to overwrite memory and potentially gain system access.
CVE-2024-58117 1 Huawei 1 Harmonyos 2026-06-17 N/A 4.0 MEDIUM
Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitation of this vulnerability may affect the file preview function.
CVE-2024-58116 1 Huawei 1 Harmonyos 2026-06-17 N/A 4.0 MEDIUM
Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58115 1 Huawei 1 Harmonyos 2026-06-17 N/A 4.0 MEDIUM
Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-57440 1 Dlink 2 Dsl-3788, Dsl-3788 Firmware 2026-06-17 N/A 7.5 HIGH
D-Link DSL-3788 revA1 1.01R1B036_EU_EN is vulnerable to Buffer Overflow via the COMM_MAKECustomMsg function of the webproc cgi
CVE-2024-56468 1 Ibm 1 Infosphere Data Replication 2026-06-17 N/A 7.5 HIGH
IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 could allow a remote user to cause a denial of service by sending an invalid HTTP request to the log reading service.
CVE-2024-56139 2026-06-17 N/A N/A
pdftools is a high level tools to convert PDF files to ePUB formats. In versions up to and including 0.5.0 maliciously crafted epub files can cause a stack overflow leading to a crash. This issue has not yet been addressed and users are advised to avoid untrusted input to their systems.
CVE-2024-55577 2026-06-17 N/A 7.0 HIGH
Stack-based buffer overflow vulnerability exists in Linux Ratfor 1.06 and earlier. When the software processes a file which is specially crafted by an attacker, arbitrary code may be executed. As a result, the attacker may obtain or alter information of the user environment or cause the user environment to become unusable.
CVE-2024-54809 1 Netgear 2 Wnr854t, Wnr854t Firmware 2026-06-17 N/A 9.8 CRITICAL
Netgear Inc WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the parse_st_header function due to use of a request header parameter in a strncpy where size is determined based on the input specified. By sending a specially crafted packet, an attacker can take control of the program counter and hijack control flow of the program to execute arbitrary system commands.
CVE-2024-54808 1 Netgear 2 Wnr854t, Wnr854t Firmware 2026-06-17 N/A 9.8 CRITICAL
Netgear WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the SetDefaultConnectionService function due to an unconstrained use of sscanf. The vulnerability allows for control of the program counter and can be utilized to achieve arbitrary code execution.
CVE-2024-53959 2 Adobe, Microsoft 2 Framemaker, Windows 2026-06-17 N/A 7.8 HIGH
Adobe Framemaker versions 2020.7, 2022.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-53849 2026-06-17 N/A N/A
editorconfig-core-c is theEditorConfig core library written in C (for use by plugins supporting EditorConfig parsing). In affected versions several overflows may occur in switch case '[' when the input pattern contains many escaped characters. The added backslashes leave too little space in the output pattern when processing nested brackets such that the remaining input length exceeds the output capacity. This issue has been addressed in release version 0.12.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-53703 1 Sonicwall 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more 2026-06-17 N/A 8.1 HIGH
A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution.
CVE-2024-53695 1 Qnap 1 Hybrid Backup Sync 2026-06-17 N/A 9.1 CRITICAL
A buffer overflow vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to modify memory or crash processes. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.4.952 and later