CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,886 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 87 of 278
- CVE-2020-8740MEDIUMCVSS 6.7EG 6.72020-11-12
Out of bounds write in Intel BIOS platform sample code for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2020-8752CRITICALCVSS 9.8EG 9.82020-11-12
Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.
- CVE-2020-8835HIGHCVSS 7.8EG 7.82020-04-02
In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory. The vulnerability also affects t…
- CVE-2020-8847HIGHCVSS 7.8EG 7.82020-02-14
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a…
- CVE-2020-8848HIGHCVSS 7.8EG 7.82020-02-14
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a…
- CVE-2020-8849HIGHCVSS 7.8EG 7.82020-02-14
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a…
- CVE-2020-8850HIGHCVSS 7.8EG 7.82020-02-14
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a…
- CVE-2020-8851HIGHCVSS 7.8EG 7.82020-02-14
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a…
- CVE-2020-8853HIGHCVSS 7.8EG 7.82020-02-14
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op…
- CVE-2020-8854HIGHCVSS 7.8EG 7.82020-02-14
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op…
- CVE-2020-8860HIGHCVSS 8.0EG 8.02020-02-22
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User interaction is required to exploit this…
- CVE-2020-8871MEDIUMCVSS 6.7EG 6.72020-03-23
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.0-47107 . An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to…
- CVE-2020-8875HIGHCVSS 8.8EG 8.82020-03-23
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit…
- CVE-2020-8878HIGHCVSS 8.8EG 8.82020-03-20
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op…
- CVE-2020-8899CRITICALCVSS 9.8EG 9.82020-05-06
There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a h…
- CVE-2020-8935MEDIUMCVSS 5.3EG 5.32020-12-15
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allow an attacker to make an Ecall_restore function call to reallocate untrusted code and overwrite sections of the Enclave memory address. We recommend updating you…
- CVE-2020-8937MEDIUMCVSS 5.3EG 5.32020-12-15
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to enc_untrusted_create_wait_queue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate wher…
- CVE-2020-8938MEDIUMCVSS 5.3EG 5.32020-12-15
An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinux_addr which allows an attacker to write memory values…
- CVE-2020-8944MEDIUMCVSS 5.3EG 5.32020-12-15
An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecall_restore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to …
- CVE-2020-8962CRITICALCVSS 9.8EG 9.82020-02-13
A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint.
- CVE-2020-8997HIGHCVSS 8.8EG 8.82020-02-16
Older generation Abbott FreeStyle Libre sensors allow remote attackers within close proximity to enable write access to memory via a specific NFC unlock command. NOTE: The vulnerability is not present in the FreeStyle Libre 14-day in the U…
- CVE-2020-9005HIGHCVSS 7.8EG 7.82020-02-17
meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attackers to achieve code execution or denial of service by creating a gaming server with a crafted map, and inviting a victim to this server. A GetValue call is mishandled.
- CVE-2020-9086MEDIUMCVSS 4.3EG 4.32024-12-27
There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service…
- CVE-2020-9091MEDIUMCVSS 5.5EG 5.52020-10-12
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This cou…
- CVE-2020-9101MEDIUMCVSS 6.5EG 6.52020-07-18
There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which m…
- CVE-2020-9107MEDIUMCVSS 5.5EG 5.52020-10-12
HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. D…
- CVE-2020-9108MEDIUMCVSS 5.5EG 5.52020-10-12
HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. D…
- CVE-2020-9117HIGHCVSS 7.8EG 7.82020-12-01
HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with…
- CVE-2020-9123HIGHCVSS 7.8EG 7.82020-10-12
HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versions earlier than 10.1.0.160(C01E160R2P8) have a buffer overflow vulnerability. An attacker induces users to install malicious applications and sends specially constructe…
- CVE-2020-9129MEDIUMCVSS 6.7EG 6.72020-11-13
HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) have a vulnerability of improper buffer operation. Due to improper restrictions, local attackers with high privileges can exploit the vulnerability to cause system heap overflow.
- CVE-2020-9138MEDIUMCVSS 5.3EG 5.32021-01-13
There is a heap-based buffer overflow vulnerability in some Huawei Smartphone, Successful exploit of this vulnerability can cause process exceptions during updating.
- CVE-2020-9140CRITICALCVSS 9.8EG 9.82021-01-13
There is a vulnerability with buffer access with incorrect length value in some Huawei Smartphone.Unauthorized users may trigger code execution when a buffer overflow occurs.
- CVE-2020-9142CRITICALCVSS 9.1EG 9.12021-01-13
There is a heap base buffer overflow vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability can cause heap overflow and memory overwriting when the system incorrectly processes the update file.
- CVE-2020-9144CRITICALCVSS 9.8EG 9.82021-01-13
There is a heap overflow vulnerability in some Huawei smartphone, attackers can exploit this vulnerability to cause heap overflows due to improper restriction of operations within the bounds of a memory buffer.
- CVE-2020-9145CRITICALCVSS 9.1EG 9.12021-01-13
There is an Out-of-bounds Write vulnerability in some Huawei smartphone. Successful exploitation of this vulnerability may cause out-of-bounds access to the physical memory.
- CVE-2020-9211MEDIUMCVSS 6.4EG 6.42024-12-27
There is an out-of-bound read and write vulnerability in Huawei smartphone. A module dose not verify the input sufficiently. Attackers can exploit this vulnerability by modifying some configuration to cause out-of-bound read and write, cau…
- CVE-2020-9253MEDIUMCVSS 6.3EG 6.32024-12-27
There is a stack overflow vulnerability in some Huawei smart phone. An attacker can craft specific packet to exploit this vulnerability. Due to insufficient verification, this could be exploited to tamper with the information to affect the…
- CVE-2020-9276HIGHCVSS 8.8EG 8.82020-04-20
An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The function do_cgi(), which processes cgi requests supplied to the device's web servers, is vulnerable to a remotely exploitable stack-based buffer overflow. Unauthenticated…
- CVE-2020-9308HIGHCVSS 8.8EG 8.82020-02-20
archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact.
- CVE-2020-9366CRITICALCVSS 9.8EG 9.82020-02-24
A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.
- CVE-2020-9391MEDIUMCVSS 5.5EG 5.52020-02-25
An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application exp…
- CVE-2020-9395HIGHCVSS 8.0EG 8.02020-07-06
An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, and RTL8710AF devices before 2.0.6. A stack-based buffer overflow exists in the client code that takes care of WPA2's 4-way-handshake via a malformed EAPOL-Key packet with…
- CVE-2020-9498MEDIUMCVSS 6.7EG 6.72020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memo…
- CVE-2020-9534HIGHCVSS 8.8EG 8.82020-03-02
fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup webpage parameter when f_radius_ip1 is malformed.
- CVE-2020-9535HIGHCVSS 8.8EG 8.82020-03-02
fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overflow via the formWlanSetup_Wizard webpage parameter when f_radius_ip1 is malformed.
- CVE-2020-9549HIGHCVSS 7.8EG 7.82020-03-02
In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-of-bounds write via a crafted PDF document.
- CVE-2020-9551HIGHCVSS 7.8EG 7.82020-03-25
Adobe Bridge versions 10.0 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
- CVE-2020-9552HIGHCVSS 7.8EG 7.82020-03-25
Adobe Bridge versions 10.0 have a heap-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
- CVE-2020-9554HIGHCVSS 7.8EG 7.82020-06-26
Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
- CVE-2020-9555HIGHCVSS 7.8EG 7.82020-06-26
Adobe Bridge versions 10.0.1 and earlier version have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution.
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →