Vulnerabilities (CVE)

Filtered by CWE-121
Total 2789 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-37050 1 Qnap 2 Qts, Quts Hero 2026-06-17 N/A 6.5 MEDIUM
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later
CVE-2024-37049 1 Qnap 2 Qts, Quts Hero 2026-06-17 N/A 6.5 MEDIUM
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later
CVE-2024-37047 1 Qnap 2 Qts, Quts Hero 2026-06-17 N/A 6.5 MEDIUM
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later
CVE-2024-37044 1 Qnap 2 Qts, Quts Hero 2026-06-17 N/A 7.2 HIGH
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later
CVE-2024-37029 1 Fujielectric 1 Tellus Lite V-simulator 2026-06-17 N/A 7.8 HIGH
Fuji Electric Tellus Lite V-Simulator is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code.
CVE-2024-37008 1 Autodesk 1 Revit 2026-06-17 N/A 7.8 HIGH
A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVE-2024-37003 1 Autodesk 9 Advance Steel, Autocad, Autocad Architecture and 6 more 2026-06-17 N/A 7.8 HIGH
A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVE-2024-36729 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2026-06-17 N/A 6.3 MEDIUM
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wizard_ipv6 with a sufficiently long reboot_type key.
CVE-2024-36728 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2026-06-17 N/A 8.1 HIGH
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action vlan_setting with a sufficiently long dns1 or dns 2 key.
CVE-2024-36600 1 Gnu 1 Libcdio 2026-06-17 N/A 8.4 HIGH
Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in 2.3.0) allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.
CVE-2024-36493 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2026-06-17 N/A 9.1 CRITICAL
A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2024-36468 1 Zabbix 1 Zabbix 2026-06-17 N/A 3.0 LOW
The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. This issue occurs when copying data from session->securityEngineID to local_record.engineid without proper bounds checking.
CVE-2024-36435 2026-06-17 N/A 9.8 CRITICAL
An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code execution on a BMC.
CVE-2024-36258 1 Wavlink 2 Wl-wn533a8, Wl-wn533a8 Firmware 2026-06-17 N/A 10.0 CRITICAL
A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2024-35580 1 Tenda 2 Ax1806, Ax1806 Firmware 2026-06-17 N/A 9.8 CRITICAL
Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv.
CVE-2024-35579 1 Tenda 2 Ax1806, Ax1806 Firmware 2026-06-17 N/A 7.7 HIGH
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv.
CVE-2024-35578 1 Tenda 2 Ax1806, Ax1806 Firmware 2026-06-17 N/A 8.0 HIGH
Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv.
CVE-2024-35576 1 Tenda 2 Ax1806, Ax1806 Firmware 2026-06-17 N/A 5.2 MEDIUM
Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv.
CVE-2024-35403 1 Totolink 2 Cp900l, Cp900l Firmware 2026-06-17 N/A 2.7 LOW
TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setIpPortFilterRules
CVE-2024-35388 1 Totolink 2 Nr1800x, Nr1800x Firmware 2026-06-17 N/A 8.8 HIGH
TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password parameter in the function urldecode