CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,882 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 71 of 278
- CVE-2020-19185MEDIUMCVSS 6.5EG 6.52023-08-22
Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
- CVE-2020-19186MEDIUMCVSS 6.5EG 6.52023-08-22
Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
- CVE-2020-19187MEDIUMCVSS 6.5EG 6.52023-08-22
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
- CVE-2020-19188MEDIUMCVSS 6.5EG 6.52023-08-22
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
- CVE-2020-19189MEDIUMCVSS 6.5EG 6.52023-08-22
Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
- CVE-2020-19190MEDIUMCVSS 6.5EG 6.52023-08-22
Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
- CVE-2020-1921HIGHCVSS 7.5EG 7.52021-03-10
In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1…
- CVE-2020-19318HIGHCVSS 8.8EG 8.82023-09-11
Buffer Overflow vulnerability in D-Link DIR-605L, hardware version AX, firmware version 1.17beta and below, allows authorized attackers execute arbitrary code via sending crafted data to the webserver service program.
- CVE-2020-19323HIGHCVSS 7.5EG 7.52023-09-11
An issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 2.06beta devices. There is a heap buffer overflow allowing remote attackers to restart router via the M-search request ST parameter. No authentication required
- CVE-2020-19463MEDIUMCVSS 5.5EG 5.52021-07-21
An issue has been found in function vfprintf in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow.
- CVE-2020-19464MEDIUMCVSS 5.5EG 5.52021-07-21
An issue has been found in function XRef::fetch in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow .
- CVE-2020-19469MEDIUMCVSS 5.5EG 5.52021-07-21
An issue has been found in function DCTStream::reset in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid write of size 8 .
- CVE-2020-19475MEDIUMCVSS 5.5EG 5.52021-07-21
An issue has been found in function CCITTFaxStream::lookChar in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid write of size 2 .
- CVE-2020-19491HIGHCVSS 7.8EG 7.82021-07-21
There is an invalid memory access bug in cgif.c that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
- CVE-2020-19513HIGHCVSS 7.8EG 7.82021-02-19
Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler.
- CVE-2020-19609MEDIUMCVSS 5.5EG 5.52021-07-21
Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.
- CVE-2020-19667HIGHCVSS 7.8EG 7.82020-11-20
Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.
- CVE-2020-19693CRITICALCVSS 9.8EG 9.82023-04-04
An issue found in Espruino Espruino 6ea4c0a allows an attacker to execute arbitrrary code via oldFunc parameter of the jswrap_object.c:jswrap_function_replacewith endpoint.
- CVE-2020-19721MEDIUMCVSS 6.5EG 6.52021-07-13
A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bounds write while running mp42aac, leading to system crashes and a denial of service (DOS).
- CVE-2020-19891HIGHCVSS 7.2EG 7.22020-08-24
DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for security. A remote authenticated admin use…
- CVE-2020-1990HIGHCVSS 7.2EG 7.22020-04-08
A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root privileges. This issue affects Palo Alt…
- CVE-2020-2001HIGHCVSS 8.1EG 8.12020-05-13
An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on th…
- CVE-2020-2006HIGHCVSS 7.2EG 7.22020-05-13
A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; …
- CVE-2020-20215MEDIUMCVSS 6.5EG 6.52021-07-07
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
- CVE-2020-20218MEDIUMCVSS 6.5EG 6.52021-05-03
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.
- CVE-2020-20219MEDIUMCVSS 6.5EG 6.52021-07-21
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2020-20227MEDIUMCVSS 6.5EG 6.52021-05-18
Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
- CVE-2020-20231MEDIUMCVSS 6.5EG 6.52021-07-14
Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2020-20236MEDIUMCVSS 6.5EG 6.52021-05-18
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
- CVE-2020-20237MEDIUMCVSS 6.5EG 6.52021-05-18
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
- CVE-2020-20245MEDIUMCVSS 6.5EG 6.52021-05-18
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
- CVE-2020-20246MEDIUMCVSS 6.5EG 6.52021-05-18
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
- CVE-2020-20247MEDIUMCVSS 6.5EG 6.52021-05-03
Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable.
- CVE-2020-20249MEDIUMCVSS 6.5EG 6.52021-07-19
Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service.
- CVE-2020-20250MEDIUMCVSS 6.5EG 6.52021-07-13
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is differen…
- CVE-2020-20252MEDIUMCVSS 6.5EG 6.52021-07-13
Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2020-20254MEDIUMCVSS 6.5EG 6.52021-05-18
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2020-20265MEDIUMCVSS 6.5EG 6.52021-05-11
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet.
- CVE-2020-20266MEDIUMCVSS 6.5EG 6.52021-05-19
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
- CVE-2020-20267MEDIUMCVSS 6.5EG 6.52021-05-11
Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
- CVE-2020-2027HIGHCVSS 7.2EG 7.22020-06-10
A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges. This issue affects: All ver…
- CVE-2020-20276CRITICALCVSS 9.8EG 9.82020-12-18
An unauthenticated stack-based buffer overflow vulnerability in common.c's handle_PORT in uftpd FTP server versions 2.10 and earlier can be abused to cause a crash and could potentially lead to remote code execution.
- CVE-2020-20486HIGHCVSS 7.5EG 7.52021-08-31
IEC104 v1.0 contains a stack-buffer overflow in the parameter Iec10x_Sta_Addr.
- CVE-2020-20490HIGHCVSS 7.5EG 7.52021-08-31
A heap buffer-overflow in the client_example1.c component of libiec_iccp_mod v1.5 leads to a denial of service (DOS).
- CVE-2020-20662MEDIUMCVSS 6.5EG 6.52021-09-30
libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component mms_client_example1.c.
- CVE-2020-20663MEDIUMCVSS 6.5EG 6.52021-09-30
libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component mms_client_connection.c.
- CVE-2020-20740HIGHCVSS 7.8EG 7.82020-11-20
PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version().
- CVE-2020-20746HIGHCVSS 7.2EG 7.22021-09-30
A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /goform/SetStaticRouteCfg.
- CVE-2020-21047MEDIUMCVSS 5.5EG 5.52023-08-22
The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachabl…
- CVE-2020-21050MEDIUMCVSS 6.5EG 6.52021-09-14
Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c.
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →