CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,868 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 68 of 278
- CVE-2020-15306MEDIUMCVSS 5.5EG 5.52020-06-26
An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp.
- CVE-2020-15358MEDIUMCVSS 5.5EG 5.52020-06-27
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
- CVE-2020-15365MEDIUMCVSS 6.5EG 6.52020-06-28
LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.
- CVE-2020-15470MEDIUMCVSS 5.5EG 5.52020-07-01
ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c.
- CVE-2020-15474CRITICALCVSS 9.8EG 9.82020-07-01
In nDPI through 3.2, there is a stack overflow in extractRDNSequence in lib/protocols/tls.c.
- CVE-2020-1554HIGHCVSS 7.8EG 7.82020-08-17
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accou…
- CVE-2020-1555HIGHCVSS 8.8EG 8.82020-08-17
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code …
- CVE-2020-15588CRITICALCVSS 9.8EG 9.82020-07-29
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based …
- CVE-2020-15629HIGHCVSS 7.8EG 7.82020-08-20
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op…
- CVE-2020-15659HIGHCVSS 8.8EG 8.82020-08-10
Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been e…
- CVE-2020-15667HIGHCVSS 8.8EG 8.82020-10-01
When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla…
- CVE-2020-15674HIGHCVSS 8.8EG 8.82020-10-01
Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulner…
- CVE-2020-15683CRITICALCVSS 9.8EG 9.82020-10-22
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been e…
- CVE-2020-1569HIGHCVSS 7.8EG 7.82020-08-17
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current u…
- CVE-2020-1570HIGHCVSS 7.5EG 7.52020-08-17
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the con…
- CVE-2020-15744CRITICALCVSS 9.6EG 9.62021-08-30
Stack-based Buffer Overflow vulnerability in the ONVIF server component of Victure PC420 smart camera allows an attacker to execute remote code on the target device. This issue affects: Victure PC420 firmware version 1.2.2 and prior versio…
- CVE-2020-15795HIGHCVSS 8.1EG 8.12021-04-22
A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (A…
- CVE-2020-15800CRITICALCVSS 9.8EG 9.82021-01-12
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (inc…
- CVE-2020-15863MEDIUMCVSS 5.3EG 5.32020-07-28
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to c…
- CVE-2020-15866CRITICALCVSS 9.8EG 9.82020-07-21
mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function.
- CVE-2020-15888HIGHCVSS 8.8EG 8.82020-07-21
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.
- CVE-2020-15892CRITICALCVSS 9.8EG 9.82020-07-22
An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to the ssi binary. On the login page, the web inte…
- CVE-2020-15900CRITICALCVSS 9.8EG 9.82020-07-28
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too…
- CVE-2020-15904HIGHCVSS 7.8EG 7.82020-07-22
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file.
- CVE-2020-15960HIGHCVSS 8.8EG 8.82020-09-21
Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
- CVE-2020-15964HIGHCVSS 8.8EG 8.82020-09-21
Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-15969HIGHCVSS 8.8EG 8.82020-11-03
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-15972HIGHCVSS 8.8EG 8.82020-11-03
Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-15975HIGHCVSS 8.8EG 8.82020-11-03
Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-15976HIGHCVSS 8.8EG 8.82020-11-03
Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-15979HIGHCVSS 8.8EG 8.82020-11-03
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-15995HIGHCVSS 8.8EG 8.82020-11-03
Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-15999CRITICALCVSS 9.6EG 9.6⚠ KEV2020-11-03
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-16000HIGHCVSS 8.8EG 8.82020-11-03
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-16001HIGHCVSS 8.8EG 8.82020-11-03
Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-16002HIGHCVSS 8.8EG 8.82020-11-03
Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2020-16003HIGHCVSS 8.8EG 8.82020-11-03
Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-16004HIGHCVSS 8.8EG 8.82020-11-03
Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-16005HIGHCVSS 8.8EG 8.82020-11-03
Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-16006HIGHCVSS 8.8EG 8.82020-11-03
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-16008HIGHCVSS 8.8EG 8.82020-11-03
Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit stack corruption via a crafted WebRTC packet.
- CVE-2020-16009HIGHCVSS 8.8EG 9.0⚠ KEV2020-11-03
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-16010CRITICALCVSS 9.6EG 9.6⚠ KEV2020-11-03
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2020-16011CRITICALCVSS 9.6EG 9.62020-11-03
Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2020-16013HIGHCVSS 8.8EG 9.0⚠ KEV2021-01-08
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-16015HIGHCVSS 8.8EG 8.82021-01-08
Insufficient data validation in WASM in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-16023HIGHCVSS 8.8EG 8.82021-01-08
Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-16024CRITICALCVSS 9.6EG 9.62021-01-08
Heap buffer overflow in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2020-16025CRITICALCVSS 9.6EG 9.62021-01-08
Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
- CVE-2020-16026HIGHCVSS 8.8EG 8.82021-01-08
Use after free in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →