CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,903 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 135 of 279
- CVE-2022-25996CRITICALCVSS 9.8EG 9.82022-08-05
A stack-based buffer overflow vulnerability exists in the confsrv addTimeGroup functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious pac…
- CVE-2022-26002HIGHCVSS 7.2EG 7.22022-05-12
A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malici…
- CVE-2022-26009CRITICALCVSS 9.8EG 9.82022-08-05
A stack-based buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker ca…
- CVE-2022-2601HIGHCVSS 8.6EG 8.62022-12-14
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buff…
- CVE-2022-26022HIGHCVSS 7.8EG 7.82022-04-01
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code.
- CVE-2022-26061HIGHCVSS 7.8EG 7.82022-08-22
A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
- CVE-2022-26092HIGHCVSS 7.4EG 7.82022-04-11
Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution.
- CVE-2022-26098HIGHCVSS 8.1EG 9.82022-04-11
Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.
- CVE-2022-26181HIGHCVSS 7.8EG 7.82022-02-28
Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-buffer-overflow in the function aligned_dealloc():src/lepton/bitops.cc:108.
- CVE-2022-2624HIGHCVSS 8.8EG 8.82022-08-12
Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file.
- CVE-2022-26278CRITICALCVSS 9.8EG 9.82022-03-28
Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.
- CVE-2022-26300HIGHCVSS 7.5EG 7.52022-03-17
EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the function txn_test_gen_plugin.
- CVE-2022-26302HIGHCVSS 7.8EG 7.82022-06-14
Heap-based buffer overflow exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specia…
- CVE-2022-26376CRITICALCVSS 9.8EG 9.82022-08-05
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can …
- CVE-2022-2639HIGHCVSS 7.8EG 7.82022-09-01
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZ…
- CVE-2022-26419HIGHCVSS 7.8EG 7.82022-04-01
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code.
- CVE-2022-26426MEDIUMCVSS 6.7EG 6.72022-08-01
In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS…
- CVE-2022-26427MEDIUMCVSS 6.7EG 6.72022-08-01
In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS…
- CVE-2022-26430MEDIUMCVSS 6.7EG 6.72022-08-01
In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032521; I…
- CVE-2022-26431MEDIUMCVSS 6.7EG 6.72022-08-01
In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS070…
- CVE-2022-26432MEDIUMCVSS 6.7EG 6.72022-08-01
In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS070…
- CVE-2022-26434MEDIUMCVSS 6.7EG 6.72022-08-01
In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS071…
- CVE-2022-26435MEDIUMCVSS 6.7EG 6.72022-08-01
In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138435; I…
- CVE-2022-26437CRITICALCVSS 9.8EG 9.82022-08-01
In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: …
- CVE-2022-26438MEDIUMCVSS 6.7EG 6.72022-08-01
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN2…
- CVE-2022-26439MEDIUMCVSS 6.7EG 6.72022-08-01
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN2…
- CVE-2022-26440MEDIUMCVSS 6.7EG 6.72022-08-01
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN2…
- CVE-2022-26441MEDIUMCVSS 6.7EG 6.72022-08-01
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN2…
- CVE-2022-26442MEDIUMCVSS 6.7EG 6.72022-08-01
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN2…
- CVE-2022-26443MEDIUMCVSS 6.7EG 6.72022-08-01
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN2…
- CVE-2022-26444MEDIUMCVSS 6.7EG 6.72022-08-01
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN2…
- CVE-2022-26445MEDIUMCVSS 6.7EG 6.72022-08-01
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN2…
- CVE-2022-26447CRITICALCVSS 9.8EG 9.82022-09-06
In BT firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS…
- CVE-2022-26448MEDIUMCVSS 6.7EG 6.72022-09-06
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0706…
- CVE-2022-26449MEDIUMCVSS 6.7EG 6.72022-09-06
In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0717…
- CVE-2022-26455MEDIUMCVSS 6.7EG 6.72022-09-06
In gz, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07177858…
- CVE-2022-26457MEDIUMCVSS 6.7EG 6.72022-09-06
In vow, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0713849…
- CVE-2022-26458MEDIUMCVSS 6.7EG 6.72022-09-06
In vow, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0703267…
- CVE-2022-26460MEDIUMCVSS 6.7EG 6.72022-09-06
In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0703…
- CVE-2022-26464MEDIUMCVSS 6.7EG 6.72022-09-06
In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0703…
- CVE-2022-26465MEDIUMCVSS 6.7EG 6.72022-09-06
In audio ipi, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: AL…
- CVE-2022-26467MEDIUMCVSS 6.7EG 6.72022-09-06
In rpmb, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS071…
- CVE-2022-26468MEDIUMCVSS 6.6EG 6.62022-09-06
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges nee…
- CVE-2022-26470MEDIUMCVSS 6.7EG 6.72022-09-06
In aie, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0711…
- CVE-2022-26475MEDIUMCVSS 6.7EG 6.72022-10-07
In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS073107…
- CVE-2022-26496CRITICALCVSS 9.8EG 9.82022-03-06
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of…
- CVE-2022-26507CRITICALCVSS 9.8EG 9.82022-04-14
A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-20…
- CVE-2022-26513HIGHCVSS 8.0EG 9.62022-11-11
Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
- CVE-2022-26592HIGHCVSS 8.8EG 8.82023-08-22
Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function.
- CVE-2022-26700HIGHCVSS 8.8EG 8.82022-09-23
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code …
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →