CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,901 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 114 of 279
- CVE-2021-3826MEDIUMCVSS 6.5EG 7.52022-09-01
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.
- CVE-2021-38278CRITICALCVSS 9.8EG 9.82022-03-23
Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter in the saveParentControlInfo function.
- CVE-2021-3835HIGHCVSS 8.2EG 8.22022-02-07
Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf
- CVE-2021-38389CRITICALCVSS 9.8EG 9.82021-10-18
Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.
- CVE-2021-3839HIGHCVSS 7.5EG 7.52022-08-23
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as…
- CVE-2021-38405HIGHCVSS 7.8EG 7.82023-11-21
The Datalogics APDFL library used in affected products is vulnerable to memory corruption condition while parsing specially crafted PDF files. An attacker could leverage this vulnerability to execute code in the context of the current pr…
- CVE-2021-38406HIGHCVSS 7.8EG 9.0⚠ KEV2021-09-17
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerab…
- CVE-2021-38419HIGHCVSS 7.8EG 7.82021-12-20
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution.
- CVE-2021-38426HIGHCVSS 7.8EG 7.82021-10-18
FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrar…
- CVE-2021-38427MEDIUMCVSS 6.6EG 7.82022-05-05
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to 6.1.0 are vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code.
- CVE-2021-38436HIGHCVSS 7.8EG 7.82021-10-18
FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a memory-corruption condition. An attacker could leverage this vulnerability to execute a…
- CVE-2021-38442HIGHCVSS 7.8EG 7.82021-10-18
FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a heap-corruption condition. An attacker could leverage this vulnerability to execute cod…
- CVE-2021-38473HIGHCVSS 8.0EG 8.82021-10-22
The affected product’s code base doesn’t properly control arguments for specific functions, which could lead to a stack overflow.
- CVE-2021-38479MEDIUMCVSS 6.5EG 6.52021-10-22
Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory regions. An attacker can manipulate API functions by writing arbitrary data into the resolved address of a raw pointer.
- CVE-2021-38493HIGHCVSS 8.8EG 8.82021-11-03
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbit…
- CVE-2021-38494HIGHCVSS 8.8EG 8.82021-11-03
Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulner…
- CVE-2021-38495HIGHCVSS 8.8EG 8.82021-11-03
Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Th…
- CVE-2021-38499HIGHCVSS 8.8EG 8.82021-11-03
Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulner…
- CVE-2021-38517MEDIUMCVSS 6.9EG 6.92021-08-11
Certain NETGEAR devices are affected by out-of-bounds reads and writes. This affects R6400 before 1.0.1.70, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, and XR300 before 1.0.3.50.
- CVE-2021-38522MEDIUMCVSS 6.8EG 6.82021-08-11
NETGEAR R6400 devices before 1.0.1.52 are affected by a stack-based buffer overflow by an authenticated user.
- CVE-2021-38523MEDIUMCVSS 6.9EG 6.92021-08-11
NETGEAR R6400 devices before 1.0.1.70 are affected by a stack-based buffer overflow by an authenticated user.
- CVE-2021-38524MEDIUMCVSS 4.5EG 4.52021-08-11
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1…
- CVE-2021-38525MEDIUMCVSS 6.8EG 6.82021-08-11
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000 befo…
- CVE-2021-38568CRITICALCVSS 9.8EG 9.82021-08-11
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows memory corruption during conversion of a PDF document to a different document format.
- CVE-2021-38578HIGHCVSS 7.4EG 9.82022-03-03
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
- CVE-2021-38592HIGHCVSS 7.5EG 7.52021-08-12
Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from EvaluateExpression and m3_LoadModule).
- CVE-2021-38593HIGHCVSS 7.5EG 7.52021-08-12
Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).
- CVE-2021-3861HIGHCVSS 8.2EG 8.22022-02-07
The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hv…
- CVE-2021-38614HIGHCVSS 7.5EG 7.52021-08-12
Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer overflow during parsing of a Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
- CVE-2021-38653HIGHCVSS 7.8EG 7.82021-09-15
Microsoft Office Visio Remote Code Execution Vulnerability
- CVE-2021-38682HIGHCVSS 8.1EG 8.12022-01-14
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in t…
- CVE-2021-38684HIGHCVSS 8.1EG 8.12021-11-13
A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Multimedia Console. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following v…
- CVE-2021-38689HIGHCVSS 8.1EG 8.12022-01-14
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in t…
- CVE-2021-38690HIGHCVSS 8.1EG 8.12022-01-14
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in t…
- CVE-2021-38691HIGHCVSS 8.1EG 8.12022-01-14
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in t…
- CVE-2021-38692HIGHCVSS 8.1EG 8.12022-01-14
A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in t…
- CVE-2021-3872HIGHCVSS 7.8EG 7.82021-10-19
vim is vulnerable to Heap-based Buffer Overflow
- CVE-2021-3875MEDIUMCVSS 5.5EG 5.52021-10-15
vim is vulnerable to Heap-based Buffer Overflow
- CVE-2021-38783HIGHCVSS 7.5EG 7.52022-01-18
There is a Out-of-Bound Write in the Allwinner R818 SoC Android Q SDK V1.0 camera driver "/dev/cedar_dev" through iotcl cmd IOCTL_SET_PROC_INFO and IOCTL_COPY_PROC_INFO, which could cause a system crash or EoP.
- CVE-2021-38959MEDIUMCVSS 5.5EG 5.52021-11-17
IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28.0 could allow a local user to cause a denial of service by writing arbitrary files to admin protected directories on the system. IBM X-Force ID: 212046.
- CVE-2021-3903HIGHCVSS 7.8EG 7.82021-10-27
vim is vulnerable to Heap-based Buffer Overflow
- CVE-2021-39048MEDIUMCVSS 5.5EG 5.52021-12-13
IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 214438.
- CVE-2021-39049HIGHCVSS 7.8EG 7.82021-12-13
IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214439.
- CVE-2021-39050HIGHCVSS 7.8EG 7.82021-12-13
IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 214440.
- CVE-2021-39218MEDIUMCVSS 6.3EG 6.32021-09-17
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when run…
- CVE-2021-39256HIGHCVSS 7.8EG 7.82021-09-07
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22.
- CVE-2021-39259HIGHCVSS 7.8EG 7.82021-09-07
A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G < 2021.8.22.
- CVE-2021-39260HIGHCVSS 7.8EG 7.82021-09-07
A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G < 2021.8.22.
- CVE-2021-39261HIGHCVSS 7.8EG 7.82021-09-07
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2021.8.22.
- CVE-2021-39262HIGHCVSS 7.8EG 7.82021-09-07
A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22.
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →