CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,901 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 109 of 279
- CVE-2021-34123CRITICALCVSS 9.8EG 9.82023-07-18
An issue was discovered on atasm, version 1.09. A stack-buffer-overflow vulnerability in function aprintf() in asm.c allows attackers to execute arbitrary code on the system via a crafted file.
- CVE-2021-34193HIGHCVSS 7.5EG 7.52023-08-22
Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs.
- CVE-2021-34201HIGHCVSS 7.1EG 7.12021-06-16
D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causin…
- CVE-2021-34202HIGHCVSS 7.8EG 7.82021-06-16
There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine …
- CVE-2021-34291HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files.…
- CVE-2021-34293HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files.…
- CVE-2021-34295HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files.…
- CVE-2021-34297HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files.…
- CVE-2021-34300HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF file…
- CVE-2021-34305HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files.…
- CVE-2021-34306HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files.…
- CVE-2021-34309HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF file…
- CVE-2021-34310HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF file…
- CVE-2021-34311HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Mono_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing J2K files…
- CVE-2021-34312HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF file…
- CVE-2021-34313HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF file…
- CVE-2021-34314HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files.…
- CVE-2021-34316HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The DL180CoolType.dll library in affected applications lacks proper validation of user-supplied data when parsing PDF fil…
- CVE-2021-34317HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing PCX files.…
- CVE-2021-34318HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing PCT files.…
- CVE-2021-34319HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing SGI files.…
- CVE-2021-34323HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This …
- CVE-2021-34326HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper val…
- CVE-2021-34327HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper val…
- CVE-2021-34328HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper val…
- CVE-2021-34329HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Solid Edge SE2021 (All Versions < SE2021MP5), Teamcenter Visualization (All versions < V13.2). The plmxmlAdapterSE70.dll library in affected applications lacks proper val…
- CVE-2021-34331HIGHCVSS 7.8EG 7.82021-07-13
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data when parsing JT files. This …
- CVE-2021-34338MEDIUMCVSS 6.5EG 6.52022-03-10
Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.
- CVE-2021-34339MEDIUMCVSS 6.5EG 6.52022-03-10
Ming 0.4.8 has an out-of-bounds buffer access issue in the function getString() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.
- CVE-2021-3434MEDIUMCVSS 4.9EG 4.92022-06-28
Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm
- CVE-2021-34340MEDIUMCVSS 6.5EG 6.52022-03-10
Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.
- CVE-2021-34343MEDIUMCVSS 6.0EG 6.02021-09-10
A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the f…
- CVE-2021-34344CRITICALCVSS 9.8EG 9.82021-09-10
A stack buffer overflow vulnerability has been reported to affect QNAP device running QUSBCam2. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions…
- CVE-2021-34345CRITICALCVSS 9.8EG 9.82021-09-10
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the follo…
- CVE-2021-34346CRITICALCVSS 9.8EG 9.82021-09-10
A stack buffer overflow vulnerability has been reported to affect QNAP device running NVR Storage Expansion. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the follo…
- CVE-2021-34373HIGHCVSS 7.9EG 7.92021-06-30
Trusty trusted Linux kernel (TLK) contains a vulnerability in the NVIDIA TLK kernel where a lack of heap hardening could cause heap overflows, which might lead to information disclosure and denial of service.
- CVE-2021-34375HIGHCVSS 7.7EG 7.72021-06-30
Trusty contains a vulnerability in all trusted applications (TAs) where the stack cookie was not randomized, which might result in stack-based buffer overflow, leading to denial of service, escalation of privileges, and information disclos…
- CVE-2021-34379HIGHCVSS 7.7EG 6.72021-06-30
Trusty contains a vulnerability in the HDCP service TA where bounds checking in command 10 is missing. The length of an I/O buffer parameter is not checked, which might lead to memory corruption.
- CVE-2021-34380HIGHCVSS 7.0EG 7.02021-06-30
Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and information disclosure during secure boot.
- CVE-2021-34383MEDIUMCVSS 6.4EG 6.42021-06-30
Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow might lead to denial of service or escalation of privileges.
- CVE-2021-34384MEDIUMCVSS 6.3EG 6.32021-06-30
Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow could cause memory corruption, which might lead to denial of service or code execution.
- CVE-2021-34388MEDIUMCVSS 6.3EG 6.32021-06-21
Bootloader contains a vulnerability in NVIDIA TegraBoot where a potential heap overflow might allow an attacker to control all the RAM after the heap block, leading to denial of service or code execution.
- CVE-2021-34397LOWCVSS 1.9EG 1.92021-06-22
Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service.
- CVE-2021-34402MEDIUMCVSS 6.7EG 6.72022-01-18
NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, where a user with high privileges might be able to read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial o…
- CVE-2021-34448MEDIUMCVSS 6.8EG 9.0⚠ KEV2021-07-16
Scripting Engine Memory Corruption Vulnerability
- CVE-2021-34480MEDIUMCVSS 6.8EG 6.82021-08-12
Scripting Engine Memory Corruption Vulnerability
- CVE-2021-34569CRITICALCVSS 9.8EG 9.82022-11-09
In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory.
- CVE-2021-34583HIGHCVSS 7.5EG 7.52021-10-26
Crafted web server requests may cause a heap-based buffer overflow and could therefore trigger a denial-of- service condition due to a crash in the CODESYS V2 web server prior to V1.1.9.22.
- CVE-2021-34587MEDIUMCVSS 5.3EG 5.32022-04-27
In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable.
- CVE-2021-3470MEDIUMCVSS 5.3EG 5.32021-03-31
A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this…
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →