CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,903 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 142 of 279
- CVE-2022-30924CRITICALCVSS 9.8EG 9.82022-06-08
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/aspForm.
- CVE-2022-30925CRITICALCVSS 9.8EG 9.82022-06-08
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddMacList parameter at /goform/aspForm.
- CVE-2022-30926CRITICALCVSS 9.8EG 9.82022-06-08
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditMacList parameter at /goform/aspForm.
- CVE-2022-30937HIGHCVSS 7.5EG 7.52022-06-14
A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus…
- CVE-2022-30938HIGHCVSS 7.5EG 7.52022-07-12
A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.40), EN100 Ethernet module Modbus…
- CVE-2022-31003CRITICALCVSS 9.1EG 9.12022-05-31
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An…
- CVE-2022-31031CRITICALCVSS 9.8EG 9.82022-06-09
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vuln…
- CVE-2022-31054HIGHCVSS 7.5EG 7.52022-06-13
Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` reads all the data into memory. As such,…
- CVE-2022-31144HIGHCVSS 7.0EG 7.02022-07-19
Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7…
- CVE-2022-31226HIGHCVSS 7.1EG 7.82022-09-12
Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by sending excess data to a function in order to gain arbitrary code execution on the…
- CVE-2022-31363HIGHCVSS 8.2EG 8.82023-02-01
Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is pb_transport_handle_frag_.…
- CVE-2022-31364HIGHCVSS 8.2EG 8.82023-02-01
Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_s…
- CVE-2022-3159HIGHCVSS 7.8EG 7.82023-01-13
The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.
- CVE-2022-3160HIGHCVSS 7.8EG 7.82023-01-13
The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.
- CVE-2022-31601MEDIUMCVSS 6.7EG 6.72022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and informa…
- CVE-2022-31602MEDIUMCVSS 6.4EG 6.42022-07-04
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data …
- CVE-2022-31606HIGHCVSS 7.8EG 7.82022-11-19
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an ou…
- CVE-2022-3161HIGHCVSS 7.8EG 7.82023-01-13
The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.
- CVE-2022-31610HIGHCVSS 7.8EG 7.82022-11-19
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escal…
- CVE-2022-31627HIGHCVSS 7.7EG 9.82022-07-28
In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corrupt…
- CVE-2022-31696HIGHCVSS 8.8EG 8.82022-12-13
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.
- CVE-2022-31699LOWCVSS 3.3EG 3.32022-12-13
VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.
- CVE-2022-31705HIGHCVSS 8.2EG 8.22022-12-14
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as t…
- CVE-2022-31737CRITICALCVSS 9.8EG 9.82022-12-22
A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
- CVE-2022-31747CRITICALCVSS 9.8EG 9.82022-12-22
Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with…
- CVE-2022-31782HIGHCVSS 7.8EG 7.82022-06-02
ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.
- CVE-2022-31783MEDIUMCVSS 5.5EG 5.52022-06-02
Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace.
- CVE-2022-31810HIGHCVSS 7.5EG 7.52023-07-11
A vulnerability has been identified in SiPass integrated (All versions < V2.90.3.8). Affected server applications improperly check the size of data packets received for the configuration client login, causing a stack-based buffer overflow.…
- CVE-2022-31901MEDIUMCVSS 6.5EG 6.52023-01-19
Buffer overflow in function Notepad_plus::addHotSpot in Notepad++ v8.4.3 and earlier allows attackers to crash the application via two crafted files.
- CVE-2022-31902MEDIUMCVSS 5.5EG 5.52023-02-01
Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add().
- CVE-2022-31937CRITICALCVSS 9.8EG 9.82022-09-22
Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strcpy in uhttpd.
- CVE-2022-3195HIGHCVSS 8.8EG 8.82022-09-26
Out of bounds write in Storage in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-3200HIGHCVSS 8.8EG 8.82022-09-26
Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2022-32030HIGHCVSS 7.5EG 7.52022-07-01
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand.
- CVE-2022-32031HIGHCVSS 7.5EG 7.52022-07-01
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic.
- CVE-2022-32032CRITICALCVSS 9.8EG 9.82022-07-01
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule.
- CVE-2022-32033HIGHCVSS 7.5EG 7.52022-07-01
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer.
- CVE-2022-32034HIGHCVSS 7.5EG 7.52022-07-01
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist.
- CVE-2022-32035HIGHCVSS 7.5EG 7.52022-07-01
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng.
- CVE-2022-32036HIGHCVSS 7.5EG 7.52022-07-01
Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb.
- CVE-2022-32037HIGHCVSS 7.5EG 7.52022-07-01
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg.
- CVE-2022-32039HIGHCVSS 7.5EG 7.52022-07-01
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient.
- CVE-2022-32040HIGHCVSS 7.5EG 7.52022-07-01
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm.
- CVE-2022-32041HIGHCVSS 7.5EG 7.52022-07-01
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData.
- CVE-2022-32043HIGHCVSS 7.5EG 7.52022-07-01
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo.
- CVE-2022-32044HIGHCVSS 7.5EG 7.52022-07-01
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80.
- CVE-2022-32045HIGHCVSS 7.5EG 7.52022-07-01
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00413be4.
- CVE-2022-32046HIGHCVSS 7.5EG 7.52022-07-01
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c.
- CVE-2022-32047HIGHCVSS 7.5EG 7.52022-07-01
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4.
- CVE-2022-32048HIGHCVSS 7.5EG 7.52022-07-01
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88.
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →