CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,886 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 85 of 278
- CVE-2020-6512HIGHCVSS 8.8EG 8.82020-07-22
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6513HIGHCVSS 8.8EG 8.82020-07-22
Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2020-6515HIGHCVSS 8.8EG 8.82020-07-22
Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6517HIGHCVSS 8.8EG 8.82020-07-22
Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6518HIGHCVSS 8.8EG 8.82020-07-22
Use after free in developer tools in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had convinced the user to use developer tools to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6520HIGHCVSS 8.8EG 8.82020-07-22
Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6523HIGHCVSS 8.8EG 8.82020-07-22
Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6524HIGHCVSS 8.8EG 8.82020-07-22
Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6525HIGHCVSS 8.8EG 8.82020-07-22
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6530HIGHCVSS 8.8EG 8.82020-07-22
Out of bounds memory access in developer tools in Google Chrome prior to 84.0.4147.89 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.
- CVE-2020-6532HIGHCVSS 8.8EG 8.82020-09-21
Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6533HIGHCVSS 8.8EG 8.82020-07-22
Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6534HIGHCVSS 8.8EG 8.82020-07-22
Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6539HIGHCVSS 8.8EG 8.82020-09-21
Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6540HIGHCVSS 8.8EG 8.82020-09-21
Buffer overflow in Skia in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6541HIGHCVSS 8.8EG 8.82020-09-21
Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6542HIGHCVSS 8.8EG 8.82020-09-21
Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6543HIGHCVSS 8.8EG 8.82020-09-21
Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6544HIGHCVSS 8.8EG 8.82020-09-21
Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6545HIGHCVSS 8.8EG 8.82020-09-21
Use after free in audio in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6548HIGHCVSS 8.8EG 8.82020-09-21
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6549HIGHCVSS 8.8EG 8.82020-09-21
Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6550HIGHCVSS 8.8EG 8.82020-09-21
Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6551HIGHCVSS 8.8EG 8.82020-09-21
Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6552HIGHCVSS 8.8EG 8.82020-09-21
Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6553HIGHCVSS 8.8EG 8.82020-09-21
Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6556HIGHCVSS 8.8EG 8.82020-09-21
Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6559HIGHCVSS 8.8EG 8.82020-09-21
Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6569MEDIUMCVSS 6.3EG 6.32020-09-21
Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6576HIGHCVSS 8.8EG 8.82020-09-21
Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6582HIGHCVSS 7.5EG 7.52020-03-16
Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.
- CVE-2020-6796HIGHCVSS 8.8EG 8.82020-03-02
A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability af…
- CVE-2020-6800HIGHCVSS 8.8EG 8.82020-03-02
Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been e…
- CVE-2020-6801HIGHCVSS 8.8EG 8.82020-03-02
Mozilla developers reported memory safety bugs present in Firefox 72. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulner…
- CVE-2020-6814CRITICALCVSS 9.8EG 9.82020-03-25
Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary…
- CVE-2020-6815CRITICALCVSS 9.8EG 9.82020-03-25
Mozilla developers reported memory safety and script safety bugs present in Firefox 73. Some of these bugs showed evidence of memory corruption or escalation of privilege and we presume that with enough effort some of these could have been…
- CVE-2020-6819HIGHCVSS 8.1EG 9.0⚠ KEV2020-04-24
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.…
- CVE-2020-6822HIGHCVSS 8.8EG 8.82020-04-24
On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in <code>GMPDecodeData</code>. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnera…
- CVE-2020-6825CRITICALCVSS 9.8EG 9.82020-04-24
Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effor…
- CVE-2020-6826CRITICALCVSS 9.8EG 9.82020-04-24
Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis reported memory safety bugs present in Firefox 74. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been…
- CVE-2020-6831CRITICALCVSS 9.8EG 9.82020-05-26
A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 6…
- CVE-2020-6839CRITICALCVSS 9.8EG 9.82020-01-11
In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c.
- CVE-2020-6851HIGHCVSS 7.5EG 7.52020-01-13
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
- CVE-2020-6860HIGHCVSS 8.8EG 8.82020-01-13
libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute.
- CVE-2020-6970CRITICALCVSS 9.8EG 9.82020-02-19
A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script coul…
- CVE-2020-6989CRITICALCVSS 9.8EG 9.82020-03-24
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code.
- CVE-2020-6996CRITICALCVSS 9.8EG 9.82020-04-15
Triangle MicroWorks DNP3 Outstation LibrariesDNP3 Outstation .NET Protocol components and DNP3 Outstation ANSI C source code libraries are affected:3.16.00 through 3.25.01. A specially crafted message may cause a stack-based buffer overflo…
- CVE-2020-7002HIGHCVSS 7.8EG 7.82020-03-18
Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. Multiple stack-based buffer overflows can be exploited when a valid user opens a specially crafted, malicious input file.
- CVE-2020-7007CRITICALCVSS 9.8EG 9.82020-03-24
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service.
- CVE-2020-7039MEDIUMCVSS 5.6EG 5.62020-01-16
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potenti…
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →