CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-787

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2023-23609 787 2023-01-26 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to and including 4.8 are vulnerable to an out-of-bounds write that can occur in the BLE-L2CAP module. The Bluetooth Low Energy - Logical Link Control and Adaptation Layer Protocol (BLE-L2CAP) module handles fragmentation of packets up the configured MTU size. When fragments are reassembled, they are stored in a packet buffer of a configurable size, but there is no check to verify that the packet buffer is large enough to hold the reassembled packet. In Contiki-NG's default configuration, it is possible that an out-of-bounds write of up to 1152 bytes occurs. The vulnerability has been patched in the "develop" branch of Contiki-NG, and will be included in release 4.9. The problem can be fixed by applying the patch in Contiki-NG pull request #2254 prior to the release of version 4.9.
2 CVE-2023-23456 787 DoS Overflow 2023-01-12 2023-01-23
0.0
None ??? ??? ??? ??? ??? ???
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.
3 CVE-2023-22415 787 DoS 2023-01-13 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all MX Series and SRX Series platform, when H.323 ALG is enabled and specific H.323 packets are received simultaneously, a flow processing daemon (flowd) crash will occur. Continued receipt of these specific packets will cause a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series All versions prior to 19.4R3-S10; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2.
4 CVE-2023-22411 787 DoS 2023-01-13 2023-01-24
0.0
None ??? ??? ??? ??? ??? ???
An Out-of-Bounds Write vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On SRX Series devices using Unified Policies with IPv6, when a specific IPv6 packet goes through a dynamic-application filter which will generate an ICMP deny message, the flowd core is observed and the PFE is restarted. This issue affects: Juniper Networks Junos OS on SRX Series: 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2.
5 CVE-2023-22404 787 DoS 2023-01-13 2023-01-24
0.0
None ??? ??? ??? ??? ??? ???
An Out-of-bounds Write vulnerability in the Internet Key Exchange Protocol daemon (iked) of Juniper Networks Junos OS on SRX series and MX with SPC3 allows an authenticated, network-based attacker to cause a Denial of Service (DoS). iked will crash and restart, and the tunnel will not come up when a peer sends a specifically formatted payload during the negotiation. This will impact other IKE negotiations happening at the same time. Continued receipt of this specifically formatted payload will lead to continuous crashing of iked and thereby the inability for any IKE negotiations to take place. Note that this payload is only processed after the authentication has successfully completed. So the issue can only be exploited by an attacker who can successfully authenticate. This issue affects Juniper Networks Junos OS on SRX Series, and MX Series with SPC3: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2.
6 CVE-2023-21609 787 Exec Code 2023-01-18 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7 CVE-2023-21606 787 Exec Code 2023-01-18 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
8 CVE-2023-21597 787 Exec Code 2023-01-13 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
9 CVE-2023-21595 787 Exec Code 2023-01-13 2023-01-23
0.0
None ??? ??? ??? ??? ??? ???
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
10 CVE-2023-21590 787 Exec Code 2023-01-13 2023-01-23
0.0
None ??? ??? ??? ??? ??? ???
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
11 CVE-2023-21589 787 Exec Code 2023-01-13 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
12 CVE-2023-0138 787 Overflow 2023-01-10 2023-01-13
0.0
None ??? ??? ??? ??? ??? ???
Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
13 CVE-2023-0137 787 Overflow 2023-01-10 2023-01-13
0.0
None ??? ??? ??? ??? ??? ???
Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
14 CVE-2023-0129 787 Overflow 2023-01-10 2023-01-13
0.0
None ??? ??? ??? ??? ??? ???
Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)
15 CVE-2023-0054 787 2023-01-04 2023-01-11
0.0
None ??? ??? ??? ??? ??? ???
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
16 CVE-2022-47942 787 Overflow 2022-12-23 2023-01-23
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command.
17 CVE-2022-47908 787 Exec Code Overflow +Info 2023-01-03 2023-01-10
0.0
None ??? ??? ??? ??? ??? ???
Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file.
18 CVE-2022-47661 787 Overflow 2023-01-05 2023-01-11
0.0
None ??? ??? ??? ??? ??? ???
GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media_tools/av_parsers.c:4988 in gf_media_nalu_add_emulation_bytes
19 CVE-2022-47659 787 Overflow 2023-01-05 2023-01-11
0.0
None ??? ??? ??? ??? ??? ???
GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow in gf_bs_read_data
20 CVE-2022-47655 787 Overflow 2023-01-05 2023-01-26
0.0
None ??? ??? ??? ??? ??? ???
Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short>
21 CVE-2022-47521 787 Overflow 2022-12-18 2023-01-13
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames.
22 CVE-2022-47519 787 2022-12-18 2023-01-13
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames.
23 CVE-2022-47518 787 Overflow 2022-12-18 2023-01-13
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames.
24 CVE-2022-47517 787 DoS 2022-12-18 2022-12-22
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.19. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that causes a url_canonize2 heap-based buffer over-read because of an off-by-one error.
25 CVE-2022-47317 787 Exec Code +Info 2023-01-03 2023-01-10
0.0
None ??? ??? ??? ??? ??? ???
Out-of-bounds write vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file.
26 CVE-2022-47128 787 Overflow 2022-12-30 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey2 parameter at /goform/WifiBasicSet.
27 CVE-2022-47127 787 Overflow 2022-12-30 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlPwd parameter at /goform/WifiBasicSet.
28 CVE-2022-47126 787 Overflow 2022-12-30 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlEn parameter at /goform/WifiBasicSet.
29 CVE-2022-47125 787 Overflow 2022-12-30 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlEn_5g parameter at /goform/WifiBasicSet.
30 CVE-2022-47124 787 Overflow 2022-12-30 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet.
31 CVE-2022-47123 787 Overflow 2022-12-30 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey3 parameter at /goform/WifiBasicSet.
32 CVE-2022-47122 787 Overflow 2022-12-30 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wrlPwd_5g parameter at /goform/WifiBasicSet.
33 CVE-2022-47121 787 Overflow 2022-12-30 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet.
34 CVE-2022-47120 787 Overflow 2022-12-30 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.
35 CVE-2022-47119 787 Overflow 2022-12-30 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the ssid parameter at /goform/WifiBasicSet.
36 CVE-2022-47118 787 Overflow 2022-12-30 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepkey1 parameter at /goform/WifiBasicSet.
37 CVE-2022-47117 787 Overflow 2022-12-30 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the security parameter at /goform/WifiBasicSet.
38 CVE-2022-47116 787 Overflow 2022-12-30 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the SYSPS parameter at /goform/SysToolChangePwd.
39 CVE-2022-47115 787 Overflow 2022-12-30 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet.
40 CVE-2022-46885 787 Mem. Corr. 2022-12-22 2023-01-04
0.0
None ??? ??? ??? ??? ??? ???
Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106.
41 CVE-2022-46700 787 Exec Code Mem. Corr. 2022-12-15 2023-01-09
0.0
None ??? ??? ??? ??? ??? ???
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
42 CVE-2022-46699 787 Exec Code Mem. Corr. 2022-12-15 2023-01-09
0.0
None ??? ??? ??? ??? ??? ???
A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
43 CVE-2022-46697 787 Exec Code 2022-12-15 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges.
44 CVE-2022-46696 787 Exec Code Mem. Corr. 2022-12-15 2023-01-09
0.0
None ??? ??? ??? ??? ??? ???
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
45 CVE-2022-46694 787 Exec Code 2022-12-15 2023-01-09
0.0
None ??? ??? ??? ??? ??? ???
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2, tvOS 16.2, watchOS 9.2. Parsing a maliciously crafted video file may lead to kernel code execution.
46 CVE-2022-46693 787 Exec Code 2022-12-15 2023-01-09
0.0
None ??? ??? ??? ??? ??? ???
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing a maliciously crafted file may lead to arbitrary code execution.
47 CVE-2022-46691 787 Exec Code 2022-12-15 2023-01-09
0.0
None ??? ??? ??? ??? ??? ???
A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
48 CVE-2022-46690 787 Exec Code 2022-12-15 2023-01-09
0.0
None ??? ??? ??? ??? ??? ???
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
49 CVE-2022-46601 787 Overflow 2022-12-30 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the setbg_num parameter in the icp_setbg_img (sub_41DD68) function.
50 CVE-2022-46600 787 Overflow 2022-12-30 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_24g function.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.