CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,902 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 132 of 279
- CVE-2022-24059HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or…
- CVE-2022-24063HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 13.2.0.21165. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag…
- CVE-2022-24064HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.8.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or…
- CVE-2022-24091HIGHCVSS 7.8EG 7.82022-03-18
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the curren…
- CVE-2022-24092HIGHCVSS 7.8EG 7.82022-03-18
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the curren…
- CVE-2022-24094HIGHCVSS 7.8EG 7.82022-03-11
Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this iss…
- CVE-2022-24095HIGHCVSS 7.8EG 7.82022-03-11
Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this iss…
- CVE-2022-24096HIGHCVSS 7.8EG 7.82022-03-11
Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by an Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this iss…
- CVE-2022-24097HIGHCVSS 7.8EG 7.82022-03-11
Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requ…
- CVE-2022-24105HIGHCVSS 7.8EG 7.82022-05-06
Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue require…
- CVE-2022-24126CRITICALCVSS 9.8EG 9.82022-03-20
A buffer overflow in the NRSessionSearchResult parser in Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allows remote attackers to execute arbitrary code via matchmaking servers, a different vulnerability than CVE-2021-34170.
- CVE-2022-24142HIGHCVSS 7.5EG 7.52022-02-04
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the firewallEn parameter.
- CVE-2022-24143HIGHCVSS 7.5EG 7.52022-02-04
Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter.
- CVE-2022-24145HIGHCVSS 7.5EG 7.52022-02-04
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formWifiBasicSet. This vulnerability allows attackers to cause a Denial of Service (DoS) via the security and security_5g parameters.
- CVE-2022-24146HIGHCVSS 7.5EG 7.52022-02-04
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetQosBand. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
- CVE-2022-24147HIGHCVSS 7.5EG 7.52022-02-04
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wanMTU, wanSpeed, cloneType, mac, and serviceName para…
- CVE-2022-24149HIGHCVSS 7.5EG 7.52022-02-04
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWirelessRepeat. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wpapsk_crypto parameter.
- CVE-2022-2415HIGHCVSS 8.8EG 8.82022-07-28
Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-24151HIGHCVSS 7.5EG 7.52022-02-04
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the shareSpeed parameter.
- CVE-2022-24152HIGHCVSS 7.5EG 7.52022-02-04
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetRouteStatic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
- CVE-2022-24153HIGHCVSS 7.5EG 7.52022-02-04
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formAddMacfilterRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter.
- CVE-2022-24154HIGHCVSS 7.5EG 7.52022-02-04
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetRebootTimer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the rebootTime parameter.
- CVE-2022-24155HIGHCVSS 7.5EG 7.52022-02-04
Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function setSchedWifi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the schedStartTime and schedEndTime parameters.
- CVE-2022-24156HIGHCVSS 7.5EG 7.52022-02-04
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
- CVE-2022-24157HIGHCVSS 7.5EG 7.52022-02-04
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetMacFilterCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceList parameter.
- CVE-2022-24158HIGHCVSS 7.5EG 7.52022-02-04
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
- CVE-2022-24159HIGHCVSS 7.5EG 7.52022-02-04
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetPPTPServer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the startIp and endIp parameters.
- CVE-2022-24160HIGHCVSS 7.5EG 7.52022-02-04
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetDeviceName. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter.
- CVE-2022-24161HIGHCVSS 7.5EG 7.52022-02-04
Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mac parameter.
- CVE-2022-24162HIGHCVSS 7.5EG 7.52022-02-04
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.
- CVE-2022-24163HIGHCVSS 7.5EG 7.52022-02-04
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter.
- CVE-2022-24164HIGHCVSS 7.5EG 7.52022-02-04
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsHijackRule parameter.
- CVE-2022-24166HIGHCVSS 7.5EG 7.52022-02-04
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the manualTime parameter.
- CVE-2022-24169HIGHCVSS 7.5EG 7.52022-02-04
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindAdd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRule parameter.
- CVE-2022-24172HIGHCVSS 7.5EG 7.52022-02-04
Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDhcpBindRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the addDhcpRules parameter.
- CVE-2022-24197MEDIUMCVSS 6.5EG 6.52022-02-01
iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
- CVE-2022-24290HIGHCVSS 7.5EG 7.52022-05-20
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions < V13.2.0.8), Teamcenter V13.3 (All versions …
- CVE-2022-24355HIGHCVSS 8.8EG 8.82022-02-18
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The …
- CVE-2022-24361HIGHCVSS 8.8EG 8.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-24369HIGHCVSS 8.8EG 8.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2022-24451HIGHCVSS 7.8EG 7.82022-03-09
VP9 Video Extensions Remote Code Execution Vulnerability
- CVE-2022-24453HIGHCVSS 7.8EG 7.82022-03-09
HEVC Video Extensions Remote Code Execution Vulnerability
- CVE-2022-24456HIGHCVSS 7.8EG 7.82022-03-09
HEVC Video Extensions Remote Code Execution Vulnerability
- CVE-2022-24457HIGHCVSS 7.8EG 7.82022-03-09
HEIF Image Extensions Remote Code Execution Vulnerability
- CVE-2022-24501HIGHCVSS 7.8EG 7.82022-03-09
VP9 Video Extensions Remote Code Execution Vulnerability
- CVE-2022-24521HIGHCVSS 7.8EG 9.0⚠ KEV2022-04-15
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- CVE-2022-24575HIGHCVSS 7.8EG 7.82022-03-14
GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box.
- CVE-2022-24578HIGHCVSS 7.8EG 7.82022-03-14
GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c.
- CVE-2022-24655HIGHCVSS 7.8EG 7.82022-03-18
A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication.
- CVE-2022-24661HIGHCVSS 7.8EG 7.82022-03-08
A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2022.1). The starview+.exe contains a memory corruption vulnerability while parsing specially crafted .SCE files. This could allow an attacker to execute co…
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →