Filtered by CWE-121
Total 2064 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-1360 1 Cisco 8 Rv110w, Rv110w Firmware, Rv130 and 5 more 2024-11-12 7.2 High
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.
CVE-2024-11056 1 Tenda 1 Ac10 Firmware 2024-11-12 8.8 High
A vulnerability, which was classified as critical, was found in Tenda AC10 16.03.10.13. Affected is the function FUN_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-47907 1 Ivanti 1 Connect Secure 2024-11-12 7.5 High
A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-43630 1 Microsoft 6 Windows 10 21h2, Windows 10 22h2, Windows 11 24h2 and 3 more 2024-11-12 7.8 High
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-39804 2024-11-12 6.2 Medium
In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.
CVE-2024-31496 1 Fortinet 2 Fortianalyzer, Fortimanager 2024-11-12 6.3 Medium
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests.
CVE-2024-47905 2024-11-12 4.9 Medium
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.
CVE-2024-11061 1 Tenda 1 Ac10 Firmware 2024-11-12 8.8 High
A vulnerability classified as critical was found in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function FUN_0044db3c of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-43549 1 Microsoft 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more 2024-11-12 8.8 High
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-47909 2024-11-12 4.9 Medium
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.
CVE-2024-1151 4 Debian, Fedoraproject, Linux and 1 more 5 Debian Linux, Fedora, Linux Kernel and 2 more 2024-11-12 5.5 Medium
A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.
CVE-2024-11047 1 D-link 1 Di-8003 Firmware 2024-11-12 8.8 High
A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been declared as critical. Affected by this vulnerability is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-11048 1 D-link 1 Di-8003 Firmware 2024-11-12 8.8 High
A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been rated as critical. Affected by this issue is the function dbsrv_asp of the file /dbsrv.asp. The manipulation of the argument str leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-39605 1 Deltaww 1 Diascreen 2024-11-12 7.8 High
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code.
CVE-2024-47131 1 Deltaww 1 Diascreen 2024-11-12 7.8 High
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code.
CVE-2024-39354 1 Deltaww 1 Diascreen 2024-11-12 7.8 High
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code.
CVE-2021-1348 1 Cisco 12 Rv016 Multi-wan Vpn Router, Rv016 Multi-wan Vpn Router Firmware, Rv042 Dual Wan Vpn Router and 9 more 2024-11-08 7.2 High
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
CVE-2021-1347 1 Cisco 12 Rv016 Multi-wan Vpn Router, Rv016 Multi-wan Vpn Router Firmware, Rv042 Dual Wan Vpn Router and 9 more 2024-11-08 7.2 High
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
CVE-2021-1346 1 Cisco 12 Rv016 Multi-wan Vpn Router, Rv016 Multi-wan Vpn Router Firmware, Rv042 Dual Wan Vpn Router and 9 more 2024-11-08 7.2 High
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.
CVE-2021-1345 1 Cisco 12 Rv016 Multi-wan Vpn Router, Rv016 Multi-wan Vpn Router Firmware, Rv042 Dual Wan Vpn Router and 9 more 2024-11-08 7.2 High
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device.