CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,901 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 113 of 279
- CVE-2021-37129HIGHCVSS 7.5EG 7.52021-10-27
There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a den…
- CVE-2021-3713HIGHCVSS 7.4EG 7.42021-08-25
An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead to out-of-bounds access to the UASDevi…
- CVE-2021-37164CRITICALCVSS 9.8EG 9.82021-08-02
A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. In the tcpTxThread function, the received data is copied to a stack bu…
- CVE-2021-37199HIGHCVSS 7.5EG 7.52021-10-12
A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions < V4.95). Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to ca…
- CVE-2021-3721MEDIUMCVSS 5.5EG 5.52022-04-22
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error.
- CVE-2021-37220MEDIUMCVSS 5.5EG 5.52021-07-21
MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.
- CVE-2021-37231MEDIUMCVSS 5.5EG 5.52021-08-04
A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499f through APar_readX() in src/util.cpp while parsing a crafted mp4 file because of the missing boundary check.
- CVE-2021-37232CRITICALCVSS 9.8EG 9.82021-08-04
A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through APar_read64() in src/util.cpp due to the lack of buffer size of uint32_buffer while reading more bytes in APar_read64.
- CVE-2021-37354CRITICALCVSS 9.8EG 9.82022-02-15
Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_3226AC via the TIMEZONE variable. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data.
- CVE-2021-37404CRITICALCVSS 9.8EG 9.82022-06-13
There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.…
- CVE-2021-37501HIGHCVSS 7.5EG 7.52023-02-03
Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.
- CVE-2021-3751CRITICALCVSS 9.8EG 9.82021-09-15
libmobi is vulnerable to Out-of-bounds Write
- CVE-2021-37519MEDIUMCVSS 5.5EG 5.52023-02-03
Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file.
- CVE-2021-37530MEDIUMCVSS 5.5EG 5.52022-01-12
A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.
- CVE-2021-3756CRITICALCVSS 9.8EG 9.82021-10-29
libmysofa is vulnerable to Heap-based Buffer Overflow
- CVE-2021-37560HIGHCVSS 8.2EG 8.22021-12-26
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; A…
- CVE-2021-37561HIGHCVSS 8.2EG 8.22021-12-26
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; A…
- CVE-2021-37563HIGHCVSS 8.2EG 8.22021-12-26
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; A…
- CVE-2021-37566HIGHCVSS 8.2EG 8.22021-12-26
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7610, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0…
- CVE-2021-37568HIGHCVSS 8.2EG 8.22021-12-26
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bound…
- CVE-2021-37569HIGHCVSS 8.2EG 8.22021-12-26
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bound…
- CVE-2021-37571HIGHCVSS 8.2EG 8.82021-12-26
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bound…
- CVE-2021-37576HIGHCVSS 7.8EG 7.82021-07-26
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.
- CVE-2021-37583HIGHCVSS 8.2EG 8.22021-12-26
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bound…
- CVE-2021-37584HIGHCVSS 8.2EG 8.22021-12-26
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; A…
- CVE-2021-37592CRITICALCVSS 9.8EG 9.82021-11-19
Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments.
- CVE-2021-3761HIGHCVSS 7.5EG 7.52021-09-09
Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network (for example AS 1…
- CVE-2021-37650HIGHCVSS 7.8EG 7.82021-08-12
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can trigger heap buffer overflow and segmentat…
- CVE-2021-37651HIGHCVSS 7.1EG 7.12021-08-12
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.FractionalAvgPoolGrad` can be tricked into accessing data outside of bounds of heap allocated buffers. The [impl…
- CVE-2021-3770HIGHCVSS 7.8EG 7.82021-09-06
vim is vulnerable to Heap-based Buffer Overflow
- CVE-2021-37748HIGHCVSS 8.8EG 8.82021-10-28
Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing th…
- CVE-2021-3778HIGHCVSS 7.8EG 7.82021-09-15
vim is vulnerable to Heap-based Buffer Overflow
- CVE-2021-37789HIGHCVSS 8.1EG 8.12022-11-02
stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service.
- CVE-2021-37978HIGHCVSS 8.8EG 8.82021-11-02
Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-37979HIGHCVSS 8.8EG 8.82021-11-02
heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who convinced a user to browse to a malicious website to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-37981CRITICALCVSS 9.6EG 9.62021-11-02
Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2021-37984HIGHCVSS 8.8EG 8.82021-11-02
Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-37986HIGHCVSS 8.8EG 8.82021-11-02
Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to engage with Dev Tools to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-38003HIGHCVSS 8.8EG 9.0⚠ KEV2021-11-23
Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-38013CRITICALCVSS 9.6EG 9.62021-12-23
Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2021-38014HIGHCVSS 8.8EG 8.82021-12-23
Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2021-38096HIGHCVSS 7.8EG 7.82021-10-01
Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the…
- CVE-2021-38097HIGHCVSS 7.8EG 7.82021-10-01
Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.…
- CVE-2021-38098HIGHCVSS 7.8EG 7.82021-10-01
Corel PDF Fusion 2.6.2.0 is affected by a Heap Corruption vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Expl…
- CVE-2021-38099HIGHCVSS 7.8EG 7.82021-10-01
CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in t…
- CVE-2021-38100HIGHCVSS 7.8EG 7.82021-10-01
Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of …
- CVE-2021-38101HIGHCVSS 7.8EG 7.82021-10-01
CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in t…
- CVE-2021-38103HIGHCVSS 7.8EG 7.82021-10-01
IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the con…
- CVE-2021-38110HIGHCVSS 7.8EG 7.82021-10-01
Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerability when parsing a crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in …
- CVE-2021-38166HIGHCVSS 7.8EG 7.82021-08-07
In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →