Vulnerabilities (CVE)

Filtered by CWE-121
Total 2788 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-2488 1 Tenda 2 Ac18, Ac18 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIP leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256895. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-2487 1 Tenda 2 Ac18, Ac18 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName/mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256894 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-2486 1 Tenda 2 Ac18, Ac18 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was found in Tenda AC18 15.03.05.05. It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256893 was assigned to this vulnerability.
CVE-2024-2485 1 Tenda 2 Ac18, Ac18 Firmware 2026-06-17 9.0 HIGH 8.8 HIGH
A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-29756 1 Google 1 Android 2026-06-17 N/A 9.8 CRITICAL
In afe_callback of q6afe.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-29421 2026-06-17 N/A 6.2 MEDIUM
xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer Overflow via libs/dicom/basic.c which allows an attacker to execute arbitrary code.
CVE-2024-29164 1 Hdfgroup 1 Hdf5 2026-06-17 N/A 9.8 CRITICAL
HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
CVE-2024-29061 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2026-06-17 N/A 7.8 HIGH
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-29045 1 Microsoft 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 2026-06-17 N/A 7.5 HIGH
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29012 1 Sonicwall 22 Nsa 2700, Nsa 3700, Nsa 4700 and 19 more 2026-06-17 N/A 7.5 HIGH
Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function.
CVE-2024-28934 1 Microsoft 5 Odbc Driver For Sql Server, Sql Server 2019, Sql Server 2022 and 2 more 2026-06-17 N/A 8.8 HIGH
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28928 1 Microsoft 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more 2026-06-17 N/A 8.8 HIGH
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-28925 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2026-06-17 N/A 8.0 HIGH
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28924 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2026-06-17 N/A 6.7 MEDIUM
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28899 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2026-06-17 N/A 8.8 HIGH
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28898 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2026-06-17 N/A 6.3 MEDIUM
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-28877 1 Microdicom 1 Dicom Viewer 2026-06-17 N/A 8.8 HIGH
MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit this vulnerability.
CVE-2024-28582 1 Freeimage Project 1 Freeimage 2026-06-17 N/A 8.4 HIGH
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the rgbe_RGBEToFloat() function when reading images in HDR format.
CVE-2024-28581 1 Freeimage Project 1 Freeimage 2026-06-17 N/A 8.4 HIGH
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the _assignPixel<>() function when reading images in TARGA format.
CVE-2024-28580 1 Freeimage Project 1 Freeimage 2026-06-17 N/A 8.4 HIGH
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the ReadData() function when reading images in RAS format.