CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,901 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 103 of 279
- CVE-2021-29579LOWCVSS 2.5EG 2.52021-05-14
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPoolGrad` is vulnerable to a heap buffer overflow. The implementation(https://github.com/tensorflow/tensorflow/blob/ab1e644b48c82cb…
- CVE-2021-29603LOWCVSS 2.5EG 2.52021-05-14
TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of `ArgMin`/`ArgMax`(https://github.com/tensorflow/tensorflow/blob/102b…
- CVE-2021-29609MEDIUMCVSS 5.3EG 5.32021-05-14
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined behavior (dereferencing null pointers) as well as write outside of bounds of hea…
- CVE-2021-29610LOWCVSS 3.6EG 3.62021-05-14
TensorFlow is an end-to-end open source platform for machine learning. The validation in `tf.raw_ops.QuantizeAndDequantizeV2` allows invalid values for `axis` argument:. The validation(https://github.com/tensorflow/tensorflow/blob/eccb7ec4…
- CVE-2021-29612LOWCVSS 3.6EG 3.62021-05-14
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in Eigen implementation of `tf.raw_ops.BandedTriangularSolve`. The implementation(https://github.com/tensorflow/tensorflo…
- CVE-2021-29614HIGHCVSS 7.1EG 7.12021-05-14
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.io.decode_raw` produces incorrect results and crashes the Python interpreter when combining `fixed_length` and wider datatypes. The implementa…
- CVE-2021-29630HIGHCVSS 8.1EG 8.12021-08-30
In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec daemon does not validate the size of a res…
- CVE-2021-29665HIGHCVSS 7.8EG 7.82021-06-01
IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with elevated privileges.
- CVE-2021-29672HIGHCVSS 7.8EG 7.82021-04-26
IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbit…
- CVE-2021-29930HIGHCVSS 7.5EG 7.52021-04-01
An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A drop of uninitialized memory can sometimes occur upon a panic in T::default().
- CVE-2021-29939HIGHCVSS 7.3EG 7.32021-04-01
An issue was discovered in the stackvector crate through 2021-02-19 for Rust. There is an out-of-bounds write in StackVec::extend if size_hint provides certain anomalous data.
- CVE-2021-29941HIGHCVSS 7.3EG 7.32021-04-01
An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index has an out-of-bounds write if an iterator returns a len() that is too small.
- CVE-2021-29942HIGHCVSS 7.3EG 7.32021-04-01
An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index can return uninitialized values if an iterator returns a len() that is too large.
- CVE-2021-29947HIGHCVSS 8.8EG 8.82021-06-24
Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbit…
- CVE-2021-29966HIGHCVSS 8.8EG 8.82021-06-24
Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulner…
- CVE-2021-29967HIGHCVSS 8.8EG 8.82021-06-24
Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbit…
- CVE-2021-29970HIGHCVSS 8.8EG 8.82021-08-05
A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox …
- CVE-2021-29976HIGHCVSS 8.8EG 8.82021-08-05
Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited t…
- CVE-2021-29977HIGHCVSS 8.8EG 8.82021-08-05
Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulner…
- CVE-2021-29984HIGHCVSS 8.8EG 8.82021-08-17
Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects …
- CVE-2021-29988HIGHCVSS 8.8EG 8.82021-08-17
Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Fir…
- CVE-2021-29989HIGHCVSS 8.8EG 8.82021-08-17
Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbit…
- CVE-2021-29990HIGHCVSS 8.8EG 8.82021-08-17
Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbit…
- CVE-2021-29998CRITICALCVSS 9.8EG 9.82021-04-13
An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.
- CVE-2021-29999CRITICALCVSS 9.8EG 9.82021-04-13
An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server.
- CVE-2021-30019MEDIUMCVSS 5.5EG 5.52021-04-19
In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller than ctx->hdr.hdr_size, resulting in size to be a negative number and a heap overflow in the memcpy.
- CVE-2021-30020MEDIUMCVSS 5.5EG 5.52021-04-19
In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps->num_tile_columns may be larger than sizeof(pps->column_width), which results in a heap overflow …
- CVE-2021-30072CRITICALCVSS 9.8EG 9.82021-04-02
An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Because strcat is misused, there is a stack-based buffer overflow that does not require authentication.
- CVE-2021-30186HIGHCVSS 7.5EG 7.52021-05-25
CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer Overflow.
- CVE-2021-30188CRITICALCVSS 9.8EG 9.82021-05-25
CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow.
- CVE-2021-30189CRITICALCVSS 9.8EG 9.82021-05-25
CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow.
- CVE-2021-30193CRITICALCVSS 9.8EG 9.82021-05-25
CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.
- CVE-2021-30256HIGHCVSS 8.4EG 8.42021-10-20
Possible stack overflow due to improper validation of camera name length before copying the name in VR Service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT
- CVE-2021-30257HIGHCVSS 8.4EG 8.42021-10-20
Possible out of bound read or write in VR service due to lack of validation of DSP selection values in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT
- CVE-2021-30258HIGHCVSS 8.4EG 8.42021-10-20
Possible buffer overflow due to improper size calculation of payload received in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
- CVE-2021-30265MEDIUMCVSS 6.7EG 6.72021-11-12
Possible memory corruption due to improper validation of memory address while processing user-space IOCTL for clearing Filter and Route statistics in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Sn…
- CVE-2021-30288HIGHCVSS 8.4EG 8.42021-10-20
Possible stack overflow due to improper length check of TLV while copying the TLV to a local stack variable in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer …
- CVE-2021-30291HIGHCVSS 8.4EG 8.42021-10-20
Possible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
- CVE-2021-30292HIGHCVSS 8.4EG 8.42021-10-20
Possible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
- CVE-2021-30322HIGHCVSS 7.8EG 7.82022-02-11
Possible out of bounds write due to improper validation of number of GPIOs configured in an internal parameters array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snap…
- CVE-2021-30333HIGHCVSS 7.8EG 7.82022-04-01
Improper validation of buffer size input to the EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice…
- CVE-2021-30341CRITICALCVSS 9.8EG 9.82022-06-14
Improper buffer size validation of DSM packet received can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industr…
- CVE-2021-30472HIGHCVSS 7.8EG 7.82021-05-26
A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.
- CVE-2021-30498HIGHCVSS 7.8EG 9.82021-05-26
A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences.
- CVE-2021-30499HIGHCVSS 7.8EG 9.82021-05-27
A flaw was found in libcaca. A buffer overflow of export.c in function export_troff might lead to memory corruption and other potential consequences.
- CVE-2021-30508HIGHCVSS 8.8EG 8.82021-06-04
Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to enable certain features in Chrome to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-30509HIGHCVSS 8.8EG 8.82021-06-04
Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page and a crafted Chrome extens…
- CVE-2021-30516HIGHCVSS 8.8EG 8.82021-06-04
Heap buffer overflow in History in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-30518HIGHCVSS 8.8EG 8.82021-06-04
Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-30521HIGHCVSS 8.8EG 8.82021-06-07
Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →