CWE-788
DiscouragedAccess of Memory Location After End of Buffer
Abstraction: Base · Status: Incomplete
The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.
283 vulnerabilities reference this CWE, most recent first.
GHSA-RW7M-53X4-4GV3
Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-17 00:00Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a WAF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-40763"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-16T15:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a WAF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
"id": "GHSA-rw7m-53x4-4gv3",
"modified": "2022-03-17T00:00:34Z",
"published": "2022-03-17T00:00:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40763"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/character_animator/apsb21-95.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RXXG-MR54-7X32
Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-17 00:00Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-42729"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-16T15:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
"id": "GHSA-rxxg-mr54-7x32",
"modified": "2022-03-17T00:00:28Z",
"published": "2022-03-17T00:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42729"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V5RX-7RR8-5MQ3
Vulnerability from github – Published: 2023-05-10 15:30 – Updated: 2024-04-04 04:00Access of memory location after end of buffer in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2023-22297"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-10T14:15:26Z",
"severity": "HIGH"
},
"details": "Access of memory location after end of buffer in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.",
"id": "GHSA-v5rx-7rr8-5mq3",
"modified": "2024-04-04T04:00:21Z",
"published": "2023-05-10T15:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22297"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V8MP-CQH8-4P3R
Vulnerability from github – Published: 2022-05-24 19:21 – Updated: 2022-05-24 19:21Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-40775"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-22T16:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.",
"id": "GHSA-v8mp-cqh8-4p3r",
"modified": "2022-05-24T19:21:11Z",
"published": "2022-05-24T19:21:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40775"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/prelude/apsb21-96.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V962-XCRM-XRGP
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-10-08 00:00Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-21093"
],
"database_specific": {
"cwe_ids": [
"CWE-787",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-15T14:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-v962-xcrm-xrgp",
"modified": "2022-10-08T00:00:32Z",
"published": "2022-05-24T17:47:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21093"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-23.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-414"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VJHX-RH6C-WF22
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2026-06-02 21:30A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the client side when sending data from the server, which could result in a Denial-of-Service condition.
{
"affected": [],
"aliases": [
"CVE-2021-25661"
],
"database_specific": {
"cwe_ids": [
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-12T14:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\\\" \u0026 15\\\" (incl. SIPLUS variants) (All versions \u003c V16 Update 4), SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions \u003c V16 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V16 Update 4), SIMATIC WinCC Runtime Advanced (All versions \u003c V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the client side when sending data from the server, which could result in a Denial-of-Service condition.",
"id": "GHSA-vjhx-rh6c-wf22",
"modified": "2026-06-02T21:30:31Z",
"published": "2022-05-24T19:02:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25661"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VVVW-VW2W-V699
Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-10-24 19:00Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-36049"
],
"database_specific": {
"cwe_ids": [
"CWE-787",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-01T15:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
"id": "GHSA-vvvw-vw2w-v699",
"modified": "2022-10-24T19:00:23Z",
"published": "2022-05-24T19:12:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36049"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-69.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VX2H-XX2H-2744
Vulnerability from github – Published: 2024-06-26 03:31 – Updated: 2024-06-26 03:31Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a buffer overflow vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code on the vulnerable application's underlying operating system with privileges of the vulnerable application.
{
"affected": [],
"aliases": [
"CVE-2024-29176"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-787",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-26T03:15:10Z",
"severity": "HIGH"
},
"details": "Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a buffer overflow vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code on the vulnerable application\u0027s underlying operating system with privileges of the vulnerable application.",
"id": "GHSA-vx2h-xx2h-2744",
"modified": "2024-06-26T03:31:50Z",
"published": "2024-06-26T03:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29176"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000226148/dsa-2024-219-dell-technologies-powerprotect-dd-security-update-for-multiple-security-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W3J8-C7P6-2C9W
Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-17 00:00Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-40777"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-16T15:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
"id": "GHSA-w3j8-c7p6-2c9w",
"modified": "2022-03-17T00:00:31Z",
"published": "2022-03-17T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40777"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/media-encoder/apsb21-99.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W75G-XQ4M-M4W4
Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-17 00:00Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-40735"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-16T15:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
"id": "GHSA-w75g-xq4m-m4w4",
"modified": "2022-03-17T00:00:34Z",
"published": "2022-03-17T00:00:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40735"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/audition/apsb21-92.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.