CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,858 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 65 of 278
- CVE-2020-12011CRITICALCVSS 9.8EG 9.82020-07-16
A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, al…
- CVE-2020-12019CRITICALCVSS 9.8EG 9.82020-06-15
WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
- CVE-2020-12031HIGHCVSS 7.5EG 7.52020-07-20
In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a local, authenticated attacker may corrupt the associated memory space allowing for arbitrary code execution. Rockwell Aut…
- CVE-2020-12038MEDIUMCVSS 5.5EG 5.52020-05-19
Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and …
- CVE-2020-1213HIGHCVSS 7.5EG 7.52020-06-09
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1214, CVE-2020-1215, CVE-2020-1216, CVE-202…
- CVE-2020-12248HIGHCVSS 8.8EG 8.82020-09-04
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled.
- CVE-2020-12268CRITICALCVSS 9.8EG 9.82020-04-27
jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
- CVE-2020-12284CRITICALCVSS 9.8EG 9.82020-04-28
cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.
- CVE-2020-12289MEDIUMCVSS 5.5EG 5.52021-06-09
Out-of-bounds write in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2020-12358MEDIUMCVSS 4.4EG 4.42021-06-09
Out of bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.
- CVE-2020-12369HIGHCVSS 7.8EG 7.82021-02-17
Out of bound write in some Intel(R) Graphics Drivers before version 26.20.100.8336 may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2020-12375MEDIUMCVSS 6.7EG 6.72021-02-17
Heap overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2020-1238HIGHCVSS 8.8EG 8.82020-06-09
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1239.
- CVE-2020-12386MEDIUMCVSS 5.5EG 5.52021-02-17
Out-of-bounds write in some Intel(R) Graphics Drivers before version 15.36.39.5143 may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2020-1239HIGHCVSS 8.8EG 8.82020-06-09
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1238.
- CVE-2020-12395CRITICALCVSS 9.8EG 9.82020-05-26
Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been e…
- CVE-2020-12396CRITICALCVSS 9.8EG 9.82020-05-26
Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbit…
- CVE-2020-12410HIGHCVSS 8.8EG 8.82020-07-09
Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitr…
- CVE-2020-12411HIGHCVSS 8.8EG 8.82020-07-09
Mozilla developers reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulner…
- CVE-2020-12417HIGHCVSS 8.8EG 8.82020-07-09
Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulne…
- CVE-2020-12422HIGHCVSS 8.8EG 8.82020-07-09
In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects …
- CVE-2020-12426HIGHCVSS 8.8EG 8.82020-07-09
Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbit…
- CVE-2020-12460CRITICALCVSS 9.8EG 9.82020-07-27
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. T…
- CVE-2020-12497HIGHCVSS 7.8EG 7.82020-07-01
PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validati…
- CVE-2020-1260HIGHCVSS 7.5EG 7.52020-06-09
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1213, CVE-2020-1214, CVE-2020-1215, CVE-202…
- CVE-2020-12653HIGHCVSS 7.8EG 7.82020-05-05
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy an…
- CVE-2020-12654HIGHCVSS 7.1EG 7.12020-05-05
An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.
- CVE-2020-12659MEDIUMCVSS 6.7EG 6.72020-05-05
An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation.
- CVE-2020-12672HIGHCVSS 7.5EG 7.52020-05-06
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
- CVE-2020-12746CRITICALCVSS 9.8EG 9.82020-05-11
An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) (Exynos chipsets) software. Attackers can bypass the Secure Bootloader protection mechanism via a heap-based buffer overflow to execute arbitrary code. The …
- CVE-2020-12747CRITICALCVSS 9.8EG 9.82020-05-11
An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos980 9630 and Exynos990 9830 chipsets) software. The Bootloader has a heap-based buffer overflow because of the mishandling of specific commands. The Samsung IDs are SVE-…
- CVE-2020-12751HIGHCVSS 7.8EG 7.82020-05-11
An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during deco…
- CVE-2020-12753CRITICALCVSS 9.8EG 9.82020-05-11
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving raw_resources. The LG ID is LVE-SM…
- CVE-2020-12762HIGHCVSS 7.8EG 7.82020-05-09
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
- CVE-2020-12763CRITICALCVSS 9.8EG 9.82020-05-13
TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable to an unauthenticated stack-based buffer overflow in handling RTSP packets. This may result in remote code execution or denial of service. The issue is in the binary rtsp…
- CVE-2020-1281HIGHCVSS 8.8EG 8.82020-06-09
A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'.
- CVE-2020-12819MEDIUMCVSS 5.4EG 5.42024-12-19
A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VP…
- CVE-2020-12820MEDIUMCVSS 5.4EG 5.42024-12-19
Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentia…
- CVE-2020-12830CRITICALCVSS 9.8EG 9.82020-10-27
Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114.
- CVE-2020-12861HIGHCVSS 8.8EG 8.82020-06-24
A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080.
- CVE-2020-12865HIGHCVSS 8.0EG 8.02020-06-24
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084.
- CVE-2020-12893HIGHCVSS 7.8EG 7.82021-11-15
Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service.
- CVE-2020-12894HIGHCVSS 7.1EG 7.12021-11-15
Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service.
- CVE-2020-12895HIGHCVSS 7.8EG 7.82021-11-15
Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation of privilege, information disclosure or denial of service.
- CVE-2020-12898HIGHCVSS 7.8EG 7.82021-11-15
Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.
- CVE-2020-12903HIGHCVSS 7.8EG 7.82021-11-15
Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service.
- CVE-2020-12980HIGHCVSS 7.8EG 7.82021-06-11
An out of bounds write and read vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.
- CVE-2020-12981HIGHCVSS 7.8EG 7.82021-06-11
An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges o…
- CVE-2020-12983HIGHCVSS 7.8EG 7.82021-06-11
An out of bounds write vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privileges or denial of service.
- CVE-2020-13109CRITICALCVSS 9.8EG 9.82020-05-16
Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem because 0x800b3e94 (aka the IF subcommand to top-level command 7) has a stack-based …
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →