CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,902 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 123 of 279
- CVE-2021-46518HIGHCVSS 7.8EG 7.82022-01-27
Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_disown at src/mjs_core.c.
- CVE-2021-46519HIGHCVSS 7.8EG 7.82022-01-27
Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_array_length at src/mjs_array.c.
- CVE-2021-46520HIGHCVSS 7.8EG 7.82022-01-27
Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_jprintf at src/mjs_util.c.
- CVE-2021-46522HIGHCVSS 7.8EG 7.82022-01-27
Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0xaff53.
- CVE-2021-46523HIGHCVSS 7.8EG 7.82022-01-27
Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via to_json_or_debug at mjs/src/mjs_json.c.
- CVE-2021-46524HIGHCVSS 7.8EG 7.82022-01-27
Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via snquote at mjs/src/mjs_json.c.
- CVE-2021-46527HIGHCVSS 7.8EG 7.82022-01-27
Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_get_cstring at src/mjs_string.c.
- CVE-2021-46564HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46568HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46569HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46572HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46574HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46576HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46581HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46583HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46584HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46585HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46586HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46598HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46604HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46634HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46635HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46639HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46640HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a …
- CVE-2021-46644HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46645HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46646HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46647HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46652HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a …
- CVE-2021-46656HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a …
- CVE-2021-46699HIGHCVSS 7.8EG 7.82022-02-22
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains a stack based buffer overflow vulnerability while parsing specially crafted BDF files. This could allow an attacker to execute…
- CVE-2021-46759MEDIUMCVSS 6.1EG 6.12023-05-09
Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloade…
- CVE-2021-46763HIGHCVSS 7.5EG 7.52023-05-09
Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of integrity.
- CVE-2021-46764HIGHCVSS 7.5EG 7.52023-05-09
Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of service.
- CVE-2021-46772LOWCVSS 3.9EG 3.92024-08-13
Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in me…
- CVE-2021-46779HIGHCVSS 7.1EG 7.12023-01-11
Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability.
- CVE-2021-46790HIGHCVSS 7.8EG 9.82022-05-02
ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.
- CVE-2021-46791MEDIUMCVSS 5.5EG 5.52023-01-11
Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result i…
- CVE-2021-46814HIGHCVSS 7.5EG 7.52022-06-13
The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability.
- CVE-2021-46816HIGHCVSS 7.8EG 7.82022-06-13
Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploita…
- CVE-2021-46817HIGHCVSS 7.8EG 7.82022-06-13
Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploit…
- CVE-2021-46818HIGHCVSS 7.8EG 7.82022-06-13
Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploit…
- CVE-2021-46822MEDIUMCVSS 5.5EG 5.52022-06-18
The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overf…
- CVE-2021-46829HIGHCVSS 7.8EG 7.82022-07-24
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused f…
- CVE-2021-46879HIGHCVSS 7.8EG 7.82023-04-11
An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious file and tick the victim to open the …
- CVE-2021-46901HIGHCVSS 7.5EG 7.52023-12-31
examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lbr) 1.5.0 has a strcat stack-based buffer overflow via a request for a long URL over a 6LoWPAN network.
- CVE-2021-46931MEDIUMCVSS 5.5EG 5.52024-02-27
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Wrap the tx reporter dump callback to extract the sq Function mlx5e_tx_reporter_dump_sq() casts its void * argument to struct mlx5e_txqsq *, but in TX-timeout…
- CVE-2021-47132HIGHCVSS 7.1EG 7.12024-03-15
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix sk_forward_memory corruption on retransmission MPTCP sk_forward_memory handling is a bit special, as such field is protected by the msk socket spin_lock, inst…
- CVE-2021-47138HIGHCVSS 7.1EG 7.12024-03-25
In the Linux kernel, the following vulnerability has been resolved: cxgb4: avoid accessing registers when clearing filters Hardware register having the server TID base can contain invalid values when adapter is in bad state (for example,…
- CVE-2021-47148HIGHCVSS 7.8EG 7.82024-03-25
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix a buffer overflow in otx2_set_rxfh_context() This function is called from ethtool_set_rxfh() and "*rss_context" comes from the user. Add some bounds c…
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →