CWE-122— Heap-based Buffer Overflow
2,151 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-122page 6 of 44
- CVE-2021-25479HIGHCVSS 7.2EG 7.22021-10-06
A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
- CVE-2021-25495HIGHCVSS 7.3EG 7.82021-10-06
A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution.
- CVE-2021-25668CRITICALCVSS 9.8EG 9.82021-04-22
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P …
- CVE-2021-26330MEDIUMCVSS 5.5EG 5.52021-11-16
AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources.
- CVE-2021-26603HIGHCVSS 8.6EG 8.62021-09-09
A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check.
- CVE-2021-26691CRITICALCVSS 9.8EG 9.82021-06-10
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
- CVE-2021-27253HIGHCVSS 8.8EG 8.82021-04-14
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism c…
- CVE-2021-28211MEDIUMCVSS 6.7EG 6.72021-06-11
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
- CVE-2021-28558HIGHCVSS 8.8EG 8.82021-09-02
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Heap-based buffer overflow vulnerability in the PDFLibTool component. An unauthenticated att…
- CVE-2021-28560HIGHCVSS 8.8EG 8.82021-09-02
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vul…
- CVE-2021-28603HIGHCVSS 7.8EG 7.82021-08-24
Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code executi…
- CVE-2021-28604HIGHCVSS 7.8EG 7.82021-08-24
Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code executi…
- CVE-2021-28608HIGHCVSS 7.8EG 7.82021-08-24
Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code executi…
- CVE-2021-28610HIGHCVSS 7.8EG 7.82021-08-24
Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code executi…
- CVE-2021-28620HIGHCVSS 7.8EG 7.82021-08-24
Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exp…
- CVE-2021-28624HIGHCVSS 7.8EG 7.82021-08-20
Adobe Bridge version 11.0.2 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exp…
- CVE-2021-28629HIGHCVSS 7.8EG 7.82021-08-24
Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exp…
- CVE-2021-28638HIGHCVSS 7.8EG 7.82021-08-20
Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Heap-based Buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerabilit…
- CVE-2021-29097HIGHCVSS 7.8EG 7.82021-03-25
Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary co…
- CVE-2021-29457HIGHCVSS 7.8EG 7.82021-04-19
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is…
- CVE-2021-29464LOWCVSS 3.3EG 3.32021-04-30
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A heap buffer overflow was found in Exiv2 versions v0.27.3 and earlier. The heap overflow is triggered when Exiv2 is…
- CVE-2021-31424HIGHCVSS 8.8EG 8.82021-04-29
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to e…
- CVE-2021-31428HIGHCVSS 8.2EG 8.22021-04-29
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to …
- CVE-2021-31429HIGHCVSS 8.2EG 8.22021-04-29
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to …
- CVE-2021-31436HIGHCVSS 7.8EG 7.82021-04-29
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op…
- CVE-2021-31439HIGHCVSS 8.8EG 8.82021-05-21
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the proc…
- CVE-2021-31454HIGHCVSS 7.8EG 7.82021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
- CVE-2021-31478HIGHCVSS 7.8EG 7.82021-06-15
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page …
- CVE-2021-31483HIGHCVSS 7.8EG 7.82021-06-15
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page …
- CVE-2021-31485HIGHCVSS 7.8EG 7.82021-06-15
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page …
- CVE-2021-31954HIGHCVSS 7.8EG 7.82021-06-08
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- CVE-2021-31986MEDIUMCVSS 6.8EG 6.82021-10-05
User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage.
- CVE-2021-32626HIGHCVSS 7.5EG 7.52021-10-04
Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This…
- CVE-2021-32959HIGHCVSS 8.1EG 8.12021-09-23
Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06
- CVE-2021-33000HIGHCVSS 7.8EG 7.82021-06-24
Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
- CVE-2021-33007HIGHCVSS 7.8EG 7.82021-08-30
A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code.
- CVE-2021-33023CRITICALCVSS 9.8EG 9.82021-10-18
Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.
- CVE-2021-33485CRITICALCVSS 9.8EG 9.82021-08-03
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
- CVE-2021-34312HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF file…
- CVE-2021-34313HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF file…
- CVE-2021-34317HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing PCX files.…
- CVE-2021-34326HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper val…
- CVE-2021-34327HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper val…
- CVE-2021-34328HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper val…
- CVE-2021-34329HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper val…
- CVE-2021-34583HIGHCVSS 7.5EG 7.52021-10-26
Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
- CVE-2021-34770CRITICALCVSS 10.0EG 9.82021-09-23
A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute …
- CVE-2021-34871HIGHCVSS 7.8EG 7.82022-01-13
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a …
- CVE-2021-34893HIGHCVSS 7.8EG 7.82022-01-13
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a …
- CVE-2021-34896HIGHCVSS 7.8EG 7.82022-01-13
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a …
Map vulnerabilities like CWE-122 to your infrastructure
EchelonGraph correlates every CVE — across CWE-122 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →