CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,902 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 129 of 279
- CVE-2022-20753MEDIUMCVSS 4.7EG 7.22022-05-04
A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient vali…
- CVE-2022-20769HIGHCVSS 7.4EG 6.52022-09-30
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerabi…
- CVE-2022-20792HIGHCVSS 7.8EG 7.82022-08-10
A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash Cla…
- CVE-2022-2081HIGHCVSS 7.5EG 7.52024-01-04
A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the…
- CVE-2022-20824HIGHCVSS 8.8EG 8.82022-08-25
A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) con…
- CVE-2022-20825CRITICALCVSS 9.8EG 9.82022-06-15
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpe…
- CVE-2022-20946HIGHCVSS 8.6EG 7.52022-11-15
A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an aff…
- CVE-2022-20968HIGHCVSS 8.1EG 8.82022-12-12
A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is …
- CVE-2022-21124HIGHCVSS 7.8EG 7.82022-03-10
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted …
- CVE-2022-21137HIGHCVSS 7.8EG 7.82022-01-14
Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code.
- CVE-2022-21172MEDIUMCVSS 6.7EG 6.72022-08-18
Out of bounds write for some Intel(R) PROSet/Wireless WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2022-21201HIGHCVSS 8.8EG 8.82022-08-05
A stack-based buffer overflow vulnerability exists in the confers ucloud_add_node_new functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can sen…
- CVE-2022-21217CRITICALCVSS 9.8EG 9.82022-01-28
An out-of-bounds write vulnerability exists in the device TestEmail functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to an out-of-bounds write. An attacker can send an HTTP request to trig…
- CVE-2022-2122HIGHCVSS 7.8EG 7.82022-07-19
DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc u…
- CVE-2022-21228HIGHCVSS 7.8EG 9.82022-04-12
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
- CVE-2022-2125HIGHCVSS 7.8EG 7.82022-06-19
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
- CVE-2022-2129HIGHCVSS 7.8EG 7.82022-06-19
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
- CVE-2022-21499MEDIUMCVSS 6.7EG 6.52022-06-09
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode wh…
- CVE-2022-21740HIGHCVSS 7.6EG 7.62022-02-03
Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.…
- CVE-2022-21744CRITICALCVSS 9.8EG 9.82022-07-06
In Modem 2G RR, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding GPRS Packet Neighbour Cell Data (PNCD) improper neighbouring cell size with no additional executi…
- CVE-2022-21750MEDIUMCVSS 6.7EG 6.72022-06-06
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP…
- CVE-2022-21751MEDIUMCVSS 6.7EG 6.72022-06-06
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP…
- CVE-2022-21752MEDIUMCVSS 6.7EG 6.72022-06-06
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP…
- CVE-2022-21753MEDIUMCVSS 6.7EG 6.72022-06-06
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP…
- CVE-2022-21754MEDIUMCVSS 6.7EG 6.72022-06-06
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP…
- CVE-2022-21759MEDIUMCVSS 6.7EG 6.72022-06-06
In power service, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: A…
- CVE-2022-21765MEDIUMCVSS 6.7EG 6.72022-07-06
In CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS066416…
- CVE-2022-21766MEDIUMCVSS 6.7EG 6.72022-07-06
In CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS066416…
- CVE-2022-21767HIGHCVSS 8.8EG 8.82022-07-06
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID…
- CVE-2022-21768HIGHCVSS 8.8EG 8.82022-07-06
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID…
- CVE-2022-21779MEDIUMCVSS 6.7EG 6.72022-07-06
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP…
- CVE-2022-21780MEDIUMCVSS 6.7EG 6.72022-07-06
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP…
- CVE-2022-21781MEDIUMCVSS 6.7EG 6.72022-07-06
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP…
- CVE-2022-21782MEDIUMCVSS 6.7EG 6.72022-07-06
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP…
- CVE-2022-21783MEDIUMCVSS 6.7EG 6.72022-07-06
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP…
- CVE-2022-21784MEDIUMCVSS 6.7EG 6.72022-07-06
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP…
- CVE-2022-21785MEDIUMCVSS 6.7EG 6.72022-07-06
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP…
- CVE-2022-21787MEDIUMCVSS 6.7EG 6.72022-07-06
In audio DSP, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0…
- CVE-2022-21792MEDIUMCVSS 6.7EG 6.72022-08-01
In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS…
- CVE-2022-21796HIGHCVSS 8.2EG 8.22022-01-28
A memory corruption vulnerability exists in the netserver parse_command_list functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to an out-of-bounds write. An attacker can send an HTTP request t…
- CVE-2022-21804HIGHCVSS 8.4EG 8.42023-05-10
Out-of-bounds write in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2022-21820MEDIUMCVSS 6.3EG 6.32022-03-24
NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impa…
- CVE-2022-21882HIGHCVSS 7.0EG 9.0⚠ KEV2022-01-11
Win32k Elevation of Privilege Vulnerability
- CVE-2022-21917HIGHCVSS 7.8EG 7.82022-01-11
HEVC Video Extensions Remote Code Execution Vulnerability
- CVE-2022-21926HIGHCVSS 7.8EG 7.82022-02-09
HEVC Video Extensions Remote Code Execution Vulnerability
- CVE-2022-21933MEDIUMCVSS 6.7EG 7.82022-01-21
ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the syste…
- CVE-2022-22006HIGHCVSS 7.8EG 7.82022-03-09
HEVC Video Extensions Remote Code Execution Vulnerability
- CVE-2022-22007HIGHCVSS 7.8EG 7.82022-03-09
HEVC Video Extensions Remote Code Execution Vulnerability
- CVE-2022-22026HIGHCVSS 8.8EG 8.82022-07-12
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
- CVE-2022-22049HIGHCVSS 7.8EG 7.82022-07-12
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →