CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,903 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 139 of 279
- CVE-2022-28825HIGHCVSS 7.8EG 7.82022-05-13
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requi…
- CVE-2022-28826HIGHCVSS 7.8EG 7.82022-05-13
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requi…
- CVE-2022-28827HIGHCVSS 7.8EG 7.82022-05-13
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requi…
- CVE-2022-28828HIGHCVSS 7.8EG 7.82022-05-13
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requi…
- CVE-2022-28829HIGHCVSS 7.8EG 7.82022-05-13
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requi…
- CVE-2022-28831HIGHCVSS 7.8EG 7.82023-09-11
Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires …
- CVE-2022-28833HIGHCVSS 7.8EG 7.82023-09-11
Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires …
- CVE-2022-28834HIGHCVSS 7.8EG 7.82023-09-11
Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires u…
- CVE-2022-28836HIGHCVSS 7.8EG 7.82023-09-11
Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires u…
- CVE-2022-28839HIGHCVSS 7.8EG 7.82022-06-15
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i…
- CVE-2022-28840HIGHCVSS 7.8EG 7.82022-06-15
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i…
- CVE-2022-28841HIGHCVSS 7.8EG 7.82022-06-15
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i…
- CVE-2022-28843HIGHCVSS 7.8EG 7.82022-06-15
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i…
- CVE-2022-28844HIGHCVSS 7.8EG 7.82022-06-15
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i…
- CVE-2022-28845HIGHCVSS 7.8EG 7.82022-06-15
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i…
- CVE-2022-28846HIGHCVSS 7.8EG 7.82022-06-15
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i…
- CVE-2022-28847HIGHCVSS 7.8EG 7.82022-06-15
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i…
- CVE-2022-28848HIGHCVSS 7.8EG 7.82022-06-15
Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i…
- CVE-2022-28852HIGHCVSS 7.8EG 7.82022-09-16
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requir…
- CVE-2022-28853HIGHCVSS 7.8EG 7.82022-09-16
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires …
- CVE-2022-28874MEDIUMCVSS 4.3EG 7.52022-05-23
Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanni…
- CVE-2022-28917HIGHCVSS 7.5EG 7.52022-05-18
Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow via the lanIp parameter in /goform/AdvSetLanIp.
- CVE-2022-2892HIGHCVSS 7.8EG 7.82022-08-31
Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file.
- CVE-2022-2896HIGHCVSS 7.8EG 7.82022-08-31
Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file.
- CVE-2022-28966MEDIUMCVSS 5.5EG 5.52022-04-16
Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in m3_code.c (called indirectly from Compile_BranchTable in m3_compile.c).
- CVE-2022-28969HIGHCVSS 7.5EG 7.52022-05-06
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS).
- CVE-2022-28970HIGHCVSS 7.5EG 7.52022-05-06
Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow via the mac parameter in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS).
- CVE-2022-28971HIGHCVSS 7.5EG 7.52022-05-06
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS).
- CVE-2022-28972HIGHCVSS 7.5EG 7.52022-05-06
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS).
- CVE-2022-28973HIGHCVSS 7.5EG 7.52022-05-06
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS).
- CVE-2022-28990HIGHCVSS 7.8EG 7.82022-05-20
WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm.
- CVE-2022-28998HIGHCVSS 8.1EG 8.12022-05-23
Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code.
- CVE-2022-29072HIGHCVSS 7.8EG 7.82022-04-15
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in…
- CVE-2022-29077CRITICALCVSS 9.8EG 9.82022-04-25
A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or compromise. This exposes all digital ass…
- CVE-2022-2915HIGHCVSS 8.8EG 8.82022-08-26
A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.…
- CVE-2022-29208HIGHCVSS 7.1EG 7.12022-05-20
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass negative values to cause a segmentation…
- CVE-2022-29210MEDIUMCVSS 5.5EG 5.52022-05-21
TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e…
- CVE-2022-29276HIGHCVSS 8.2EG 8.22022-11-15
SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: …
- CVE-2022-29277HIGHCVSS 8.8EG 8.82022-11-15
Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system …
- CVE-2022-29321CRITICALCVSS 9.8EG 9.82022-05-10
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan.
- CVE-2022-29322CRITICALCVSS 9.8EG 9.82022-05-10
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip.
- CVE-2022-29323CRITICALCVSS 9.8EG 9.82022-05-10
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment.
- CVE-2022-29324CRITICALCVSS 9.8EG 9.82022-05-10
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd.
- CVE-2022-29325CRITICALCVSS 9.8EG 9.82022-05-10
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter.
- CVE-2022-29326CRITICALCVSS 9.8EG 9.82022-05-10
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter.
- CVE-2022-29327CRITICALCVSS 9.8EG 9.82022-05-10
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel.
- CVE-2022-29328CRITICALCVSS 9.8EG 9.82022-05-10
D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade.
- CVE-2022-29329CRITICALCVSS 9.8EG 9.82022-05-10
D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings.
- CVE-2022-29377HIGHCVSS 7.5EG 7.52022-05-24
Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the parameter CONTENT_LENGTH.
- CVE-2022-29379CRITICALCVSS 9.8EG 9.82022-05-25
Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased developmen…
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →