Vulnerabilities (CVE)

Filtered by CWE-121
Total 1461 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-23388 2025-04-11 N/A 8.2 HIGH
A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.
CVE-2025-30298 2 Adobe, Microsoft 2 Framemaker, Windows 2025-04-11 N/A 7.8 HIGH
Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-34095 1 Openprinting 1 Cpdb-libs 2025-04-10 N/A 9.8 CRITICAL
cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends (CPDB) project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of `scanf(3)`. cpdb-libs uses the `fscanf()` and `scanf()` functions to parse command lines and configuration files, dropping the read string components into fixed-length buffers, but does not limit the length of the strings to be read by `fscanf()` and `scanf()` causing buffer overflows when a string is longer than 1023 characters. A patch for this issue is available at commit f181bd1f14757c2ae0f17cc76dc20421a40f30b7. As all buffers have a length of 1024 characters, the patch limits the maximum string length to be read to 1023 by replacing all occurrences of `%s` with `%1023s` in all calls of the `fscanf()` and `scanf()` functions.
CVE-2025-1163 1 Code-projects 1 Vehicle Parking Management System 2025-04-10 4.3 MEDIUM 5.3 MEDIUM
A vulnerability classified as critical was found in code-projects Vehicle Parking Management System 1.0. This vulnerability affects the function login of the component Authentication. The manipulation of the argument username leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVE-2024-28877 1 Microdicom 1 Dicom Viewer 2025-04-10 N/A 8.8 HIGH
MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit this vulnerability.
CVE-2025-25634 1 Tenda 2 Ac15, Ac15 Firmware 2025-04-10 N/A 6.5 MEDIUM
A vulnerability has been found in Tenda AC15 15.03.05.19 in the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow.
CVE-2024-41586 1 Draytek 2 Vigor3910, Vigor3910 Firmware 2025-04-10 N/A 8.0 HIGH
A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component.
CVE-2024-33835 1 Tenda 2 Ac18, Ac18 Firmware 2025-04-10 N/A 9.8 CRITICAL
Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the remoteIp parameter from formSetSafeWanWebMan function.
CVE-2025-25679 1 Tenda 2 I12, I12 Firmware 2025-04-10 N/A 8.0 HIGH
Tenda i12 V1.0.0.10(3805) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function.
CVE-2025-1851 1 Tenda 2 Ac7, Ac7 Firmware 2025-04-10 9.0 HIGH 8.8 HIGH
A vulnerability, which was classified as critical, was found in Tenda AC7 up to 15.03.06.44. This affects the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-26688 2025-04-09 N/A 7.8 HIGH
Stack-based buffer overflow in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.
CVE-2025-27481 2025-04-09 N/A 8.8 HIGH
Stack-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
CVE-2025-29988 2025-04-09 N/A 6.9 MEDIUM
Dell Client Platform BIOS contains a Stack-based Buffer Overflow Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.
CVE-2024-44859 1 Tenda 2 Fh1201, Fh1201 Firmware 2025-04-09 N/A 8.0 HIGH
Tenda FH1201 v1.2.0.14 has a stack buffer overflow vulnerability in `formWrlExtraGet`.
CVE-2025-3161 1 Tenda 2 Ac10, Ac10 Firmware 2025-04-09 9.0 HIGH 8.8 HIGH
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function ShutdownSetAdd of the file /goform/ShutdownSetAdd. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-20998 2 Netapp, Oracle 5 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 2 more 2025-04-09 N/A 4.9 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2024-21054 2 Netapp, Oracle 5 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 2 more 2025-04-09 N/A 4.9 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2024-21053 2 Netapp, Oracle 4 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 1 more 2025-04-09 N/A 4.9 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2022-40517 1 Qualcomm 362 Aqt1000, Aqt1000 Firmware, Ar8031 and 359 more 2025-04-09 N/A 8.4 HIGH
Memory corruption in core due to stack-based buffer overflow
CVE-2022-40516 1 Qualcomm 368 Aqt1000, Aqt1000 Firmware, Ar8031 and 365 more 2025-04-09 N/A 8.4 HIGH
Memory corruption in Core due to stack-based buffer overflow.