CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,902 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 133 of 279
- CVE-2022-24672HIGHCVSS 8.8EG 8.82023-03-28
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists wi…
- CVE-2022-24673CRITICALCVSS 9.8EG 9.82023-03-28
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the i…
- CVE-2022-24674HIGHCVSS 8.8EG 8.82023-03-28
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists wi…
- CVE-2022-24764HIGHCVSS 7.5EG 7.52022-03-22
PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_med…
- CVE-2022-24786CRITICALCVSS 9.8EG 9.82022-04-06
PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_r…
- CVE-2022-24893HIGHCVSS 7.5EG 7.52022-06-25
ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field …
- CVE-2022-24936HIGHCVSS 8.3EG 9.12022-11-02
Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade.
- CVE-2022-24938MEDIUMCVSS 6.5EG 7.52022-11-14
A malformed packet causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.
- CVE-2022-24939MEDIUMCVSS 5.7EG 6.52022-11-18
A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.
- CVE-2022-24942CRITICALCVSS 9.1EG 9.82022-11-15
Heap based buffer overflow in HTTP Server functionality in Micrium uC-HTTP 3.01.01 allows remote code execution via HTTP request.
- CVE-2022-24954CRITICALCVSS 9.8EG 9.82022-02-11
Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have a Stack-Based Buffer Overflow related to XFA, for the 'subform colSpan="-2"' and 'draw colSpan="1"' substrings.
- CVE-2022-24995CRITICALCVSS 9.8EG 9.82022-03-10
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.
- CVE-2022-25023HIGHCVSS 8.8EG 8.82022-02-28
Audio File commit 004065d was discovered to contain a heap-buffer overflow in the function fouBytesToInt():AudioFile.h.
- CVE-2022-25044HIGHCVSS 7.8EG 7.82022-03-05
Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString.
- CVE-2022-2505HIGHCVSS 8.8EG 8.82022-12-22
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to r…
- CVE-2022-25050MEDIUMCVSS 5.5EG 5.52022-03-02
rtl_433 21.12 was discovered to contain a stack overflow in the function somfy_iohc_decode(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
- CVE-2022-25072CRITICALCVSS 9.8EG 9.82022-02-24
TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.
- CVE-2022-25073CRITICALCVSS 9.8EG 9.82022-02-24
TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack overflow in the function dm_fillObjByStr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.
- CVE-2022-25074CRITICALCVSS 9.8EG 9.82022-02-24
TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a stack overflow in the function DM_ Fillobjbystr(). This vulnerability allows unauthenticated attackers to execute arbitrary code.
- CVE-2022-25106MEDIUMCVSS 5.5EG 5.52022-03-04
D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.
- CVE-2022-25170HIGHCVSS 7.8EG 7.82022-02-25
The affected product is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code
- CVE-2022-25234HIGHCVSS 7.8EG 7.82022-03-10
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted …
- CVE-2022-25292HIGHCVSS 8.8EG 8.82022-02-24
A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability…
- CVE-2022-25293HIGHCVSS 8.8EG 8.82022-02-24
A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability…
- CVE-2022-25308HIGHCVSS 7.8EG 7.82022-09-06
A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.
- CVE-2022-25309MEDIUMCVSS 5.5EG 5.52022-09-06
A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi …
- CVE-2022-25334HIGHCVSS 8.2EG 8.22023-10-19
The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A module with a sufficiently large signature…
- CVE-2022-25363MEDIUMCVSS 6.5EG 6.52022-02-24
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, an…
- CVE-2022-25414CRITICALCVSS 9.8EG 9.82022-02-24
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the parameter NPTR.
- CVE-2022-25417CRITICALCVSS 9.8EG 9.82022-02-24
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function saveparentcontrolinfo.
- CVE-2022-25418CRITICALCVSS 9.8EG 9.82022-02-24
Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow via the function openSchedWifi.
- CVE-2022-25427CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.
- CVE-2022-25428CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function.
- CVE-2022-25429CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function.
- CVE-2022-25431CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function.
- CVE-2022-25433CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the saveparentcontrolinfo function.
- CVE-2022-25434CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the SetFirewallCfg function.
- CVE-2022-25435CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function.
- CVE-2022-25437CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function.
- CVE-2022-25439CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.
- CVE-2022-25440CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.
- CVE-2022-25445CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.
- CVE-2022-25446CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedstarttime parameter in the openSchedWifi function.
- CVE-2022-25447CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.
- CVE-2022-25448CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the day parameter in the openSchedWifi function.
- CVE-2022-25449CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function.
- CVE-2022-25450CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function.
- CVE-2022-25451CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the setstaticroutecfg function.
- CVE-2022-25452CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in the saveParentControlInfo function.
- CVE-2022-25453CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the saveParentControlInfo function.
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →