CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,886 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 76 of 278
- CVE-2020-26571MEDIUMCVSS 5.5EG 5.52020-10-06
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.
- CVE-2020-26572MEDIUMCVSS 5.5EG 5.52020-10-06
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
- CVE-2020-26664HIGHCVSS 7.8EG 7.82021-01-08
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
- CVE-2020-26762CRITICALCVSS 9.8EG 9.82020-12-01
A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3.06) and IC-3140W (v3.07), which allows an unauthenticated, unauthorized attacker to perform remote-code-execution due to a crafted GET-Request. The overflow occurs in bi…
- CVE-2020-26797HIGHCVSS 7.5EG 7.52021-03-18
Mediainfo before version 20.08 has a heap buffer overflow vulnerability via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping.
- CVE-2020-26800MEDIUMCVSS 5.5EG 5.52021-01-11
A stack overflow vulnerability in Aleth Ethereum C++ client version <= 1.8.0 using a specially crafted a config.json file may result in a denial of service.
- CVE-2020-26817HIGHCVSS 7.8EG 7.82020-11-10
SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applic…
- CVE-2020-26913MEDIUMCVSS 6.8EG 6.82020-10-09
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.60, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RBK20 before 2.3.0.28, RBR20 before 2.…
- CVE-2020-26952HIGHCVSS 8.8EG 8.82020-12-09
Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox < 83.
- CVE-2020-26968HIGHCVSS 8.8EG 8.82020-12-09
Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitr…
- CVE-2020-26969HIGHCVSS 8.8EG 8.82020-12-09
Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulner…
- CVE-2020-26970HIGHCVSS 8.8EG 8.82020-12-09
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may …
- CVE-2020-26971HIGHCVSS 8.8EG 8.82021-01-07
Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
- CVE-2020-26974HIGHCVSS 8.8EG 8.82021-01-07
When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerabi…
- CVE-2020-26982HIGHCVSS 8.8EG 8.82021-01-12
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CG4 and CGM files. This could result …
- CVE-2020-26983HIGHCVSS 8.8EG 8.82021-01-12
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing PDF files. This could result in an ou…
- CVE-2020-26984HIGHCVSS 8.8EG 8.82021-01-12
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could result in an …
- CVE-2020-26985HIGHCVSS 8.8EG 8.82021-01-12
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of RGB and SGI files. This could resu…
- CVE-2020-26986HIGHCVSS 8.8EG 8.82021-01-12
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could lead to a hea…
- CVE-2020-26987HIGHCVSS 8.8EG 8.82021-01-12
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a he…
- CVE-2020-26988HIGHCVSS 8.8EG 8.82021-01-12
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in an…
- CVE-2020-26989HIGHCVSS 7.8EG 7.82021-01-12
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). Affected application…
- CVE-2020-26992HIGHCVSS 7.8EG 7.82021-01-12
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack…
- CVE-2020-26993HIGHCVSS 7.8EG 7.82021-01-12
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack…
- CVE-2020-26994HIGHCVSS 8.8EG 8.82021-01-12
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PCX files. This could result in a …
- CVE-2020-26995HIGHCVSS 8.8EG 8.82021-01-12
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of SGI and RGB files. This could resu…
- CVE-2020-27000HIGHCVSS 7.8EG 7.82021-02-09
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing BMP files. This can result in a m…
- CVE-2020-27001HIGHCVSS 7.8EG 7.82021-02-09
A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result i…
- CVE-2020-27005HIGHCVSS 7.8EG 7.82021-02-09
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could result i…
- CVE-2020-27006HIGHCVSS 7.8EG 7.82021-02-09
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing of PCT files. This could result i…
- CVE-2020-27009HIGHCVSS 8.1EG 8.12021-04-22
A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (A…
- CVE-2020-2701HIGHCVSS 7.5EG 7.52020-01-15
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high priv…
- CVE-2020-27036MEDIUMCVSS 6.7EG 6.72020-12-15
In phNxpNciHal_send_ext_cmd of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User inte…
- CVE-2020-27044HIGHCVSS 7.8EG 7.82020-12-15
In restartWrite of Parcel.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.…
- CVE-2020-27045HIGHCVSS 7.8EG 7.82020-12-15
In CE_SendRawFrame of ce_main.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploi…
- CVE-2020-27048HIGHCVSS 7.8EG 7.82020-12-15
In RW_SendRawFrame of rw_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploi…
- CVE-2020-27049HIGHCVSS 7.8EG 7.82020-12-15
In rw_t3t_send_raw_frame of rw_t3t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for e…
- CVE-2020-27050HIGHCVSS 7.8EG 7.82020-12-15
In rw_i93_send_cmd_write_multi_blocks of rw_i93.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…
- CVE-2020-27051HIGHCVSS 7.8EG 7.82020-12-15
In NFA_RwI93WriteMultipleBlocks of nfa_rw_api.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is need…
- CVE-2020-27196HIGHCVSS 7.5EG 7.52020-11-06
An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not exp…
- CVE-2020-27221CRITICALCVSS 9.8EG 9.82021-01-21
In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding.
- CVE-2020-27247HIGHCVSS 7.8EG 7.82021-02-04
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflo…
- CVE-2020-27248HIGHCVSS 7.8EG 7.82021-02-04
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflo…
- CVE-2020-27249HIGHCVSS 7.8EG 7.82021-02-04
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflo…
- CVE-2020-27250HIGHCVSS 7.8EG 7.82021-02-10
In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller t…
- CVE-2020-27261HIGHCVSS 8.8EG 8.82021-02-09
The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
- CVE-2020-27263CRITICALCVSS 9.1EG 9.12021-01-14
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 an…
- CVE-2020-27265CRITICALCVSS 9.8EG 9.82021-01-14
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 an…
- CVE-2020-27267CRITICALCVSS 9.1EG 9.12021-01-14
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and…
- CVE-2020-27275HIGHCVSS 7.8EG 7.82021-01-11
Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →