CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,902 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 130 of 279
- CVE-2022-22063HIGHCVSS 8.4EG 7.82022-12-15
Memory corruption in Core due to improper configuration in boot remapper.
- CVE-2022-22070HIGHCVSS 7.8EG 7.82022-09-02
Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapd…
- CVE-2022-22080HIGHCVSS 8.4EG 7.82022-09-02
Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice…
- CVE-2022-22084HIGHCVSS 8.4EG 7.82022-06-14
Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &…
- CVE-2022-22085HIGHCVSS 8.4EG 7.82022-06-14
Memory corruption in video due to buffer overflow while reading the dts file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, …
- CVE-2022-22088CRITICALCVSS 9.8EG 8.82023-01-09
Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote
- CVE-2022-22096CRITICALCVSS 9.8EG 9.82022-09-02
Memory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in Snapdragon Connectivity, Snapdragon Mobile
- CVE-2022-2210HIGHCVSS 7.8EG 9.82022-06-27
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
- CVE-2022-22100HIGHCVSS 8.4EG 7.82022-09-02
Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto
- CVE-2022-22150HIGHCVSS 8.8EG 8.82022-02-04
A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an inval…
- CVE-2022-22274CRITICALCVSS 9.8EG 9.82022-03-25
A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall.
- CVE-2022-22312MEDIUMCVSS 6.5EG 6.52022-04-27
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker …
- CVE-2022-22323MEDIUMCVSS 6.5EG 6.52022-04-27
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker …
- CVE-2022-22584HIGHCVSS 7.8EG 7.82022-03-18
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. Processing a maliciously crafted file may lead to arbitrary code execution.
- CVE-2022-22586CRITICALCVSS 9.8EG 9.82022-03-18
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.
- CVE-2022-22587CRITICALCVSS 9.8EG 9.8⚠ KEV2022-03-18
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel p…
- CVE-2022-22591HIGHCVSS 7.8EG 7.82022-03-18
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.
- CVE-2022-22596HIGHCVSS 7.8EG 7.82022-03-18
A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.
- CVE-2022-22597HIGHCVSS 7.8EG 7.82022-03-18
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code executi…
- CVE-2022-22610HIGHCVSS 8.8EG 8.82022-09-23
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code …
- CVE-2022-22612HIGHCVSS 7.8EG 7.82022-03-18
A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may le…
- CVE-2022-22613HIGHCVSS 7.8EG 7.82022-03-18
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application…
- CVE-2022-22627HIGHCVSS 7.1EG 7.12022-03-18
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexp…
- CVE-2022-22629HIGHCVSS 8.8EG 8.82022-09-23
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web …
- CVE-2022-22631HIGHCVSS 7.8EG 7.82022-03-18
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.
- CVE-2022-22633HIGHCVSS 7.8EG 7.82022-03-18
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpect…
- CVE-2022-22635CRITICALCVSS 9.8EG 9.82022-03-18
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to gain elevated privileges.
- CVE-2022-22636HIGHCVSS 7.8EG 7.82022-03-18
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.
- CVE-2022-22640HIGHCVSS 7.8EG 7.82022-03-18
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges.
- CVE-2022-22651HIGHCVSS 7.5EG 7.52022-03-18
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
- CVE-2022-22666HIGHCVSS 7.8EG 7.82022-03-18
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption.
- CVE-2022-22672HIGHCVSS 7.8EG 7.82022-05-26
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious application may be able to ex…
- CVE-2022-22675HIGHCVSS 7.8EG 9.0⚠ KEV2022-05-26
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbit…
- CVE-2022-22707MEDIUMCVSS 5.9EG 5.92022-01-06
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default …
- CVE-2022-22709HIGHCVSS 7.8EG 7.82022-02-09
VP9 Video Extensions Remote Code Execution Vulnerability
- CVE-2022-22738HIGHCVSS 8.8EG 8.82022-12-22
Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 9…
- CVE-2022-2274CRITICALCVSS 9.8EG 9.82022-07-01
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory c…
- CVE-2022-22751HIGHCVSS 8.8EG 8.82022-12-22
Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs sho…
- CVE-2022-22752HIGHCVSS 8.8EG 8.82022-12-22
Mozilla developers Christian Holler and Jason Kratzer reported memory safety bugs present in Firefox 95. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited…
- CVE-2022-22764HIGHCVSS 8.8EG 8.82022-12-22
Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of thes…
- CVE-2022-2288HIGHCVSS 7.8EG 7.82022-07-03
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.
- CVE-2022-22888HIGHCVSS 7.8EG 7.82022-01-20
Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_op_object_find_own in /ecma/operations/ecma-objects.c.
- CVE-2022-22893HIGHCVSS 7.8EG 7.82022-01-21
Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_loop.lto_priv.304 in /jerry-core/vm/vm.c.
- CVE-2022-22894HIGHCVSS 7.8EG 7.82022-01-21
Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_lcache_lookup in /jerry-core/ecma/base/ecma-lcache.c.
- CVE-2022-22895HIGHCVSS 7.8EG 7.82022-01-21
Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ecma_utf8_string_to_number_by_radix in /jerry-core/ecma/base/ecma-helpers-conversion.c.
- CVE-2022-22899MEDIUMCVSS 5.5EG 5.52022-02-17
Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a Denial of Service (DoS) via a crafted packet through the SSH service.
- CVE-2022-2294HIGHCVSS 8.8EG 9.0⚠ KEV2022-07-28
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-22989CRITICALCVSS 9.8EG 9.82022-01-13
My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow …
- CVE-2022-23006LOWCVSS 1.8EG 6.72022-09-27
A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerabi…
- CVE-2022-2304HIGHCVSS 7.8EG 7.82022-07-05
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →