CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,903 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 141 of 279
- CVE-2022-30521CRITICALCVSS 9.8EG 9.82022-06-02
The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call s…
- CVE-2022-30524HIGHCVSS 7.8EG 7.82022-05-09
There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdfto…
- CVE-2022-30538HIGHCVSS 7.8EG 7.82022-06-16
Out-of-bounds write vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a…
- CVE-2022-30595CRITICALCVSS 9.8EG 9.82022-05-25
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.
- CVE-2022-30637HIGHCVSS 7.8EG 7.82023-09-07
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requ…
- CVE-2022-30638HIGHCVSS 7.8EG 7.82023-09-07
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requ…
- CVE-2022-30639HIGHCVSS 7.8EG 7.82023-09-07
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requ…
- CVE-2022-30640HIGHCVSS 7.8EG 7.82023-09-07
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requ…
- CVE-2022-30641HIGHCVSS 7.8EG 7.82023-09-07
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requ…
- CVE-2022-30642HIGHCVSS 7.8EG 7.82023-09-07
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requ…
- CVE-2022-30643HIGHCVSS 7.8EG 7.82023-09-07
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requ…
- CVE-2022-30645HIGHCVSS 7.8EG 7.82023-09-07
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requ…
- CVE-2022-30646HIGHCVSS 7.8EG 7.82023-09-07
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requ…
- CVE-2022-30649HIGHCVSS 7.8EG 7.82022-06-15
Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requ…
- CVE-2022-30650HIGHCVSS 7.8EG 7.82022-06-16
Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requi…
- CVE-2022-30652HIGHCVSS 7.8EG 7.82022-06-16
Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires us…
- CVE-2022-30653HIGHCVSS 7.8EG 7.82022-06-16
Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires us…
- CVE-2022-30654HIGHCVSS 7.8EG 7.82022-06-16
Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requi…
- CVE-2022-30656HIGHCVSS 7.8EG 7.82022-06-16
Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires us…
- CVE-2022-30658HIGHCVSS 7.8EG 7.82022-06-16
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue r…
- CVE-2022-30659HIGHCVSS 7.8EG 7.82022-06-16
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue require…
- CVE-2022-30660HIGHCVSS 7.8EG 7.82022-06-16
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue require…
- CVE-2022-30661HIGHCVSS 7.8EG 7.82022-06-16
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue r…
- CVE-2022-30662HIGHCVSS 7.8EG 7.82022-06-16
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue require…
- CVE-2022-30663HIGHCVSS 7.8EG 7.82022-06-16
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue require…
- CVE-2022-30664HIGHCVSS 7.8EG 7.82022-06-16
Adobe Animate version 22.0.5 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a…
- CVE-2022-30665HIGHCVSS 7.8EG 7.82022-06-16
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue require…
- CVE-2022-30771HIGHCVSS 8.2EG 8.22022-11-15
Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by…
- CVE-2022-30772HIGHCVSS 8.2EG 8.22022-11-15
Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipu…
- CVE-2022-30786HIGHCVSS 7.8EG 6.82022-05-26
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.
- CVE-2022-30788HIGHCVSS 7.8EG 6.82022-05-26
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.
- CVE-2022-30789HIGHCVSS 7.8EG 6.82022-05-26
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.
- CVE-2022-30790HIGHCVSS 7.8EG 7.82022-06-08
Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.
- CVE-2022-3087HIGHCVSS 7.8EG 7.82023-01-17
Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code.
- CVE-2022-30904HIGHCVSS 8.2EG 8.82023-02-01
In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU.
- CVE-2022-30909CRITICALCVSS 9.8EG 9.82022-06-08
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm.
- CVE-2022-30910CRITICALCVSS 9.8EG 9.82022-06-08
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the GO parameter at /goform/aspForm.
- CVE-2022-30912CRITICALCVSS 9.8EG 9.82022-06-08
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateWanParams parameter at /goform/aspForm.
- CVE-2022-30913CRITICALCVSS 9.8EG 9.82022-06-08
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the ipqos_set_bandwidth parameter at /goform/aspForm.
- CVE-2022-30914CRITICALCVSS 9.8EG 9.82022-06-08
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateMacClone parameter at /goform/aspForm.
- CVE-2022-30915CRITICALCVSS 9.8EG 9.82022-06-08
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateSnat parameter at /goform/aspForm.
- CVE-2022-30916CRITICALCVSS 9.8EG 9.82022-06-08
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnetDebug parameter at /goform/aspForm.
- CVE-2022-30917CRITICALCVSS 9.8EG 9.82022-06-08
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddWlanMacList parameter at /goform/aspForm.
- CVE-2022-30918CRITICALCVSS 9.8EG 9.82022-06-08
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnet parameter at /goform/aspForm.
- CVE-2022-30919CRITICALCVSS 9.8EG 9.82022-06-08
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID_5G parameter at /goform/aspForm.
- CVE-2022-3092HIGHCVSS 7.8EG 7.82022-12-08
GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code.
- CVE-2022-30920CRITICALCVSS 9.8EG 9.82022-06-08
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID parameter at /goform/aspForm.
- CVE-2022-30921CRITICALCVSS 9.8EG 9.82022-06-08
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetMobileAPInfoById parameter at /goform/aspForm.
- CVE-2022-30922CRITICALCVSS 9.8EG 9.82022-06-08
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditWlanMacList parameter at /goform/aspForm.
- CVE-2022-30923CRITICALCVSS 9.8EG 9.82022-06-08
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTimingtimeWifiAndLed parameter at /goform/aspForm.
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →