CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,902 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 134 of 279
- CVE-2022-25454CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the loginpwd parameter in the SetFirewallCfg function.
- CVE-2022-25455CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.
- CVE-2022-25456CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g parameter in the WifiBasicSet function.
- CVE-2022-25457CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.
- CVE-2022-25458CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the cmdinput parameter in the exeCommand function.
- CVE-2022-25459CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the S1 parameter in the SetSysTimeCfg function.
- CVE-2022-25460CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the endip parameter in the SetPptpServerCfg function.
- CVE-2022-25461CRITICALCVSS 9.8EG 9.82022-03-18
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the startip parameter in the SetPptpServerCfg function.
- CVE-2022-25465HIGHCVSS 7.8EG 7.82022-03-05
Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling.
- CVE-2022-25480HIGHCVSS 7.8EG 7.82024-07-02
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows writing to kernel memory beyond the SystemBuffer of …
- CVE-2022-25514HIGHCVSS 7.5EG 7.52022-03-17
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted…
- CVE-2022-25515MEDIUMCVSS 6.5EG 7.52022-03-17
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted …
- CVE-2022-25516MEDIUMCVSS 6.5EG 7.52022-03-17
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with …
- CVE-2022-25546HIGHCVSS 7.5EG 7.52022-03-10
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsUser parameter.
- CVE-2022-25547HIGHCVSS 7.5EG 7.52022-03-10
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.
- CVE-2022-25548HIGHCVSS 7.5EG 7.52022-03-10
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the serverName parameter.
- CVE-2022-25549HIGHCVSS 7.5EG 7.52022-03-10
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsEn parameter.
- CVE-2022-25550HIGHCVSS 7.5EG 7.52022-03-10
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceName parameter.
- CVE-2022-25551HIGHCVSS 7.5EG 7.52022-03-10
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsDomain parameter.
- CVE-2022-25552HIGHCVSS 7.5EG 7.52022-03-10
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter.
- CVE-2022-25553HIGHCVSS 7.5EG 7.52022-03-10
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsPwd parameter.
- CVE-2022-25554HIGHCVSS 7.5EG 7.52022-03-10
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceId parameter.
- CVE-2022-25555HIGHCVSS 7.5EG 7.52022-03-10
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ntpServer parameter.
- CVE-2022-25556HIGHCVSS 7.5EG 7.52022-03-10
Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42E328. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
- CVE-2022-25557HIGHCVSS 7.5EG 7.52022-03-10
Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the urls parameter.
- CVE-2022-25558HIGHCVSS 7.5EG 7.52022-03-10
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetProvince. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ProvinceCode parameter.
- CVE-2022-25560HIGHCVSS 7.5EG 7.52022-03-10
Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_4327CC. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
- CVE-2022-25561HIGHCVSS 7.5EG 7.52022-03-10
Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42DE00. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
- CVE-2022-25566HIGHCVSS 7.5EG 7.52022-03-10
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.
- CVE-2022-25596HIGHCVSS 8.8EG 8.82022-04-07
ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arb…
- CVE-2022-25654MEDIUMCVSS 6.7EG 6.72022-09-16
Memory corruption in kernel due to improper input validation while processing ION commands in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
- CVE-2022-2566CRITICALCVSS 9.0EG 7.82022-09-23
A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead…
- CVE-2022-25678CRITICALCVSS 9.8EG 9.82023-04-13
Memory correction in modem due to buffer overwrite during coap connection
- CVE-2022-25697HIGHCVSS 8.4EG 7.82022-12-13
Memory corruption in i2c buses due to improper input validation while reading address configuration from i2c driver in Snapdragon Mobile, Snapdragon Wearables
- CVE-2022-25698HIGHCVSS 8.4EG 7.82022-12-13
Memory corruption in SPI buses due to improper input validation while reading address configuration from spi buses in Snapdragon Mobile, Snapdragon Wearables
- CVE-2022-25729CRITICALCVSS 9.8EG 9.82023-02-12
Memory corruption in modem due to improper length check while copying into memory
- CVE-2022-25740CRITICALCVSS 9.8EG 9.82023-04-13
Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the iface
- CVE-2022-25753HIGHCVSS 8.8EG 8.82022-04-12
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCAL…
- CVE-2022-25785MEDIUMCVSS 6.6EG 7.22022-05-04
Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution. This issue affects: Secomea SiteManager all versions prior to 9.7.
- CVE-2022-25788HIGHCVSS 7.8EG 7.82022-04-19
A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code.
- CVE-2022-25790HIGHCVSS 7.8EG 7.82022-04-11
A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code exe…
- CVE-2022-25791HIGHCVSS 7.8EG 7.82022-04-11
A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files.
- CVE-2022-25792HIGHCVSS 7.8EG 7.82022-04-11
A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability can be exploited to execute a…
- CVE-2022-25797HIGHCVSS 7.8EG 7.82022-04-13
A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while parsing PDF files. The vulnerability exists because the application fails to handle a crafte…
- CVE-2022-2587CRITICALCVSS 9.8EG 9.82022-08-12
Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata.
- CVE-2022-25903HIGHCVSS 7.5EG 7.52022-08-24
The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the…
- CVE-2022-25949HIGHCVSS 7.8EG 7.82022-03-17
The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow.
- CVE-2022-25959HIGHCVSS 7.8EG 7.82022-04-01
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code.
- CVE-2022-25972HIGHCVSS 7.8EG 7.82022-08-22
An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
- CVE-2022-2598MEDIUMCVSS 6.5EG 5.52022-08-01
Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →