CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,901 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 107 of 279
- CVE-2021-32281HIGHCVSS 7.8EG 7.82021-09-20
An issue was discovered in gravity through 0.8.1. A heap-buffer-overflow exists in the function gnode_function_add_upvalue located in gravity_ast.c. It allows an attacker to cause code Execution.
- CVE-2021-32282MEDIUMCVSS 5.5EG 5.52021-09-20
An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function ircode_add_check() located in gravity_ircode.c. It allows an attacker to cause Denial of Service.
- CVE-2021-32286HIGHCVSS 7.8EG 7.82021-09-20
An issue was discovered in hcxtools through 6.1.6. A global-buffer-overflow exists in the function pcapngoptionwalk located in hcxpcapngtool.c. It allows an attacker to cause code Execution.
- CVE-2021-32287HIGHCVSS 7.8EG 7.82021-09-20
An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function HevcDecoderConfigurationRecord::getPicWidth() located in hevcdecoderconfigrecord.cpp. It allows an attacker to cause code Execution.
- CVE-2021-32288HIGHCVSS 7.8EG 7.82021-09-20
An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function HevcDecoderConfigurationRecord::getPicHeight() located in hevcdecoderconfigrecord.cpp. It allows an attacker to cause code Execution.
- CVE-2021-32292CRITICALCVSS 9.8EG 9.82023-08-22
An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.
- CVE-2021-32294HIGHCVSS 8.8EG 8.82021-09-20
An issue was discovered in libgig through 20200507. A heap-buffer-overflow exists in the function RIFF::List::GetSubList located in RIFF.cpp. It allows an attacker to cause code Execution.
- CVE-2021-32297HIGHCVSS 8.8EG 8.82021-09-20
An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow exists in the function main located in pe_reader.c. It allows an attacker to cause code Execution.
- CVE-2021-32298HIGHCVSS 8.8EG 8.82021-09-20
An issue was discovered in libiff through 20190123. A global-buffer-overflow exists in the function IFF_errorId located in error.c. It allows an attacker to cause code Execution.
- CVE-2021-32299HIGHCVSS 7.8EG 7.82021-09-20
An issue was discovered in pbrt through 20200627. A stack-buffer-overflow exists in the function pbrt::ParamSet::ParamSet() located in paramset.h. It allows an attacker to cause code Execution.
- CVE-2021-32419MEDIUMCVSS 5.3EG 5.32023-02-17
An issue in Schism Tracker v20200412 fixed in v.20200412 allows attacker to obtain sensitive information via the fmt_mtm_load_song function in fmt/mtm.c.
- CVE-2021-32420HIGHCVSS 7.5EG 7.52023-08-22
dpic 2021.01.01 has a Heap-based Buffer Overflow in thestorestring function in dpic.y.
- CVE-2021-32435MEDIUMCVSS 5.5EG 5.52022-03-10
Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.
- CVE-2021-32457HIGHCVSS 7.8EG 7.82021-05-26
Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl to escalate privileges on affected devices. …
- CVE-2021-32458HIGHCVSS 7.8EG 7.82021-05-27
Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl which could lead to code execution on affect…
- CVE-2021-3246HIGHCVSS 8.8EG 8.82021-07-20
A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.
- CVE-2021-32484HIGHCVSS 7.5EG 7.52021-09-09
In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY005…
- CVE-2021-32485HIGHCVSS 7.5EG 7.52021-09-09
In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY005…
- CVE-2021-32486HIGHCVSS 7.5EG 7.52021-09-09
In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY005…
- CVE-2021-32487HIGHCVSS 7.5EG 7.52021-09-09
In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY005…
- CVE-2021-32490HIGHCVSS 7.8EG 7.82021-06-24
A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences.
- CVE-2021-32493HIGHCVSS 7.8EG 7.82021-06-24
A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences.
- CVE-2021-32626HIGHCVSS 7.5EG 7.52021-10-04
Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This…
- CVE-2021-32936HIGHCVSS 7.8EG 7.82021-06-17
An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an a…
- CVE-2021-32939HIGHCVSS 7.8EG 7.82021-08-11
FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to an out-of-bounds write while processing project files, allowing an attacker to craft a project file that may permit arbitrary code execution.
- CVE-2021-32941CRITICALCVSS 9.4EG 9.82022-05-23
Annke N48PBB (Network Video Recorder) products of version 3.4.106 build 200422 and prior are vulnerable to a stack-based buffer overflow, which allows an unauthorized remote attacker to execute arbitrary code with the same privileges as th…
- CVE-2021-32943CRITICALCVSS 9.8EG 9.82021-08-10
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1).
- CVE-2021-32947HIGHCVSS 7.8EG 7.82021-08-11
FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
- CVE-2021-32948HIGHCVSS 7.8EG 7.82021-06-17
An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allo…
- CVE-2021-32952HIGHCVSS 7.8EG 7.82021-06-17
An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocate…
- CVE-2021-32969HIGHCVSS 7.8EG 7.82022-05-24
Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code.
- CVE-2021-32976CRITICALCVSS 9.8EG 9.82022-04-01
Five buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to initiate a denial-of-service attack and execute arbitrary code.
- CVE-2021-32988CRITICALCVSS 9.8EG 9.82021-06-29
FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.
- CVE-2021-32995HIGHCVSS 7.8EG 7.82021-08-25
Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute code in the context of th…
- CVE-2021-32998HIGHCVSS 7.4EG 7.42022-01-10
The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. INIT START/restore from backup required.
- CVE-2021-33000HIGHCVSS 7.8EG 7.82021-06-24
Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow an attacker to perform arbitrary code execution. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
- CVE-2021-33002HIGHCVSS 7.8EG 7.82021-06-24
Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an attacker to execute arbitrary code. User interaction is require on the WebAccess HMI Designer (versions 2.1.9.95 and prior).
- CVE-2021-33004HIGHCVSS 7.8EG 7.82021-06-24
The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (v…
- CVE-2021-33019HIGHCVSS 7.8EG 7.82021-08-30
A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code.
- CVE-2021-33023CRITICALCVSS 9.8EG 9.82021-10-18
Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.
- CVE-2021-33060HIGHCVSS 7.8EG 7.82022-08-18
Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2021-33086MEDIUMCVSS 5.5EG 5.52021-11-17
Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2021-33124MEDIUMCVSS 6.7EG 6.72022-05-12
Out-of-bounds write in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.
- CVE-2021-33137HIGHCVSS 7.8EG 7.82022-02-09
Out-of-bounds write in the Intel(R) Kernelflinger project may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2021-33186HIGHCVSS 7.5EG 7.52021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
- CVE-2021-33200HIGHCVSS 7.8EG 7.82021-05-27
kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local pri…
- CVE-2021-33217HIGHCVSS 8.8EG 8.82021-07-07
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesyste…
- CVE-2021-33265CRITICALCVSS 9.8EG 9.82021-12-01
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80046eb4 in /formSetPortTr. This vulnerability is triggered via a crafted POST…
- CVE-2021-33266CRITICALCVSS 9.8EG 9.82021-12-01
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualApp. This vulnerability is triggered via a crafted POS…
- CVE-2021-33267CRITICALCVSS 9.8EG 9.82021-12-01
D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80034d60 in /formStaticDHCP. This vulnerability is triggered via a crafted POS…
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →