CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,886 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 75 of 278
- CVE-2020-2501CRITICALCVSS 9.8EG 9.82021-02-17
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability …
- CVE-2020-25014CRITICALCVSS 9.8EG 9.82020-11-27
A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet.
- CVE-2020-25021CRITICALCVSS 9.8EG 9.82020-09-04
An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCipherState.encryptWithAd() allows out-of-bounds access.
- CVE-2020-25022CRITICALCVSS 9.8EG 9.82020-09-04
An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallbackCipherState.encryptWithAd() allows out-of-bounds access.
- CVE-2020-25023CRITICALCVSS 9.8EG 9.82020-09-04
An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrCipherState.encryptWithAd() allows out-of-bounds access.
- CVE-2020-25052CRITICALCVSS 9.8EG 9.82020-08-31
An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. H-Arx allows attackers to execute arbitrary code or cause a denial of service (memory corruption) because indexes are mishandled. The Samsung ID…
- CVE-2020-25066CRITICALCVSS 10.0EG 10.02020-12-22
A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitrary code.
- CVE-2020-25085MEDIUMCVSS 5.0EG 5.02020-09-25
QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.
- CVE-2020-25108CRITICALCVSS 9.8EG 9.82020-12-11
An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The DNS response data length is not checked (it can be set to an arbitrary value from a packet). This may lead to successful Denial-of-Service, and possibly Remot…
- CVE-2020-25111CRITICALCVSS 9.8EG 9.82020-12-11
An issue was discovered in the IPv6 stack in Contiki through 3.0. There is an insufficient check for the IPv6 header length. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet.
- CVE-2020-25112CRITICALCVSS 9.8EG 9.82020-12-11
An issue was discovered in the IPv6 stack in Contiki through 3.0. There are inconsistent checks for IPv6 header extension lengths. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet.
- CVE-2020-25159CRITICALCVSS 9.8EG 9.82020-11-24
499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.
- CVE-2020-25171HIGHCVSS 7.8EG 7.82021-02-19
The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.
- CVE-2020-25177HIGHCVSS 8.8EG 8.82020-12-01
WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been identified that may allow arbitrary code execution.
- CVE-2020-25187HIGHCVSS 8.8EG 9.82020-12-14
Medtronic MyCareLink Smart 25000 is vulnerable when an authenticated attacker runs a debug command, which can be sent to the patient reader and cause a heap overflow event within the MCL Smart Patient Reader software stack. The heap ov…
- CVE-2020-25199HIGHCVSS 7.8EG 7.82020-12-09
A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a specially crafted project file could allow an attacker to exploit and execute code u…
- CVE-2020-25212HIGHCVSS 7.0EG 7.02020-09-09
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c…
- CVE-2020-25219HIGHCVSS 7.5EG 7.52020-09-09
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.
- CVE-2020-25226CRITICALCVSS 9.8EG 9.82021-01-12
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server of the affected de…
- CVE-2020-25278CRITICALCVSS 9.8EG 9.82020-09-11
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during deco…
- CVE-2020-25285MEDIUMCVSS 6.4EG 6.42020-09-13
A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-1774…
- CVE-2020-25291HIGHCVSS 7.8EG 7.82020-09-13
GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/painting/qbrush.cpp in Qt 4.x.
- CVE-2020-25412CRITICALCVSS 9.8EG 9.82020-09-16
com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.
- CVE-2020-25462CRITICALCVSS 9.8EG 9.82020-12-04
Heap buffer overflow in the fxCheckArrowFunction function at moddable/xs/sources/xsSyntaxical.c:3562 in Moddable SDK before OS200903.
- CVE-2020-25464HIGHCVSS 7.5EG 7.52020-12-04
Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK before before 20200903. The top stack frame is only partially initialized because the stack overflowed while creating the frame. This leads to a crash in the code sendin…
- CVE-2020-25489CRITICALCVSS 9.8EG 9.82020-09-17
A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption.
- CVE-2020-25600MEDIUMCVSS 5.5EG 5.52020-09-23
An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domai…
- CVE-2020-25647HIGHCVSS 7.6EG 7.62021-03-03
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trig…
- CVE-2020-25664MEDIUMCVSS 6.1EG 6.12020-12-08
In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the c…
- CVE-2020-25682HIGHCVSS 8.1EG 8.12021-01-20
A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies…
- CVE-2020-25693HIGHCVSS 8.1EG 8.12020-12-03
A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availabi…
- CVE-2020-25713MEDIUMCVSS 6.5EG 6.52021-05-13
A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.
- CVE-2020-25782CRITICALCVSS 9.8EG 9.82021-01-28
An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientManage::ServerIP_Proto_Set during…
- CVE-2020-25783CRITICALCVSS 9.8EG 9.82021-01-28
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated heap-based buffer overflow in the function CNetClientTalk::OprMsg during incoming messa…
- CVE-2020-25784CRITICALCVSS 9.8EG 9.82021-01-28
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CNetClientGuard::SubOprMsg during incoming …
- CVE-2020-25785CRITICALCVSS 9.8EG 9.82021-01-28
An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.10.73 through v4.15.77. There is an unauthenticated stack-based buffer overflow in the function CFtpProtocol::FtpLogin during the update pr…
- CVE-2020-25843HIGHCVSS 8.1EG 8.12020-12-31
NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege.
- CVE-2020-25844HIGHCVSS 8.1EG 8.12020-12-31
The digest generation function of NHIServiSignAdapter has not been verified for parameter’s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without privilege.
- CVE-2020-25854HIGHCVSS 8.1EG 8.12021-02-03
The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_ven…
- CVE-2020-25855HIGHCVSS 8.1EG 8.12021-02-03
The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which ca…
- CVE-2020-25856HIGHCVSS 8.1EG 8.12021-02-03
The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow…
- CVE-2020-25857HIGHCVSS 7.5EG 7.52021-02-03
The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer ove…
- CVE-2020-25928CRITICALCVSS 9.8EG 9.82021-08-18
The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: DNS response processing functions: dns_upcall(), getoffset(), dnc_set_answer(). The at…
- CVE-2020-26208MEDIUMCVSS 5.3EG 5.32022-02-02
JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. C…
- CVE-2020-26312HIGHCVSS 8.1EG 8.12024-05-14
Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to…
- CVE-2020-26519MEDIUMCVSS 5.5EG 5.52020-10-02
Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.
- CVE-2020-26535CRITICALCVSS 9.8EG 9.82020-10-02
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read acce…
- CVE-2020-26537CRITICALCVSS 9.8EG 9.82020-10-02
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write.
- CVE-2020-26561HIGHCVSS 8.8EG 8.82020-10-23
Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability onl…
- CVE-2020-26570MEDIUMCVSS 5.5EG 5.52020-10-06
The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →