CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,899 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 99 of 278
- CVE-2021-23987HIGHCVSS 8.8EG 8.82021-03-31
Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been e…
- CVE-2021-23988HIGHCVSS 8.8EG 8.82021-03-31
Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulner…
- CVE-2021-24018MEDIUMCVSS 4.3EG 8.82021-08-04
A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image.
- CVE-2021-24026CRITICALCVSS 9.8EG 9.82021-04-06
A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior …
- CVE-2021-24036CRITICALCVSS 9.8EG 9.82021-07-23
Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22…
- CVE-2021-24041CRITICALCVSS 9.8EG 9.82021-12-07
A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image.
- CVE-2021-24042CRITICALCVSS 9.8EG 9.82022-01-04
The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp…
- CVE-2021-24081HIGHCVSS 7.8EG 7.82021-02-25
Microsoft Windows Codecs Library Remote Code Execution Vulnerability
- CVE-2021-24083HIGHCVSS 7.8EG 7.82021-02-25
Windows Address Book Remote Code Execution Vulnerability
- CVE-2021-24091HIGHCVSS 7.8EG 7.82021-02-25
Windows Camera Codec Pack Remote Code Execution Vulnerability
- CVE-2021-25139CRITICALCVSS 9.8EG 9.82021-02-09
A potential security vulnerability has been identified in the HPE Moonshot Provisioning Manager v1.20. The HPE Moonshot Provisioning Manager is an application that is installed in a VMWare or Microsoft Hyper-V environment that is used to s…
- CVE-2021-25174HIGHCVSS 7.8EG 7.82021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash,…
- CVE-2021-25178HIGHCVSS 7.8EG 7.82021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash…
- CVE-2021-25249HIGHCVSS 7.8EG 7.82021-02-04
An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affe…
- CVE-2021-25289CRITICALCVSS 9.8EG 9.82021-03-19
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an inco…
- CVE-2021-25290HIGHCVSS 7.5EG 7.52021-03-19
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
- CVE-2021-25346HIGHCVSS 7.1EG 7.12021-03-04
A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution.
- CVE-2021-25360CRITICALCVSS 9.0EG 9.82021-04-09
An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
- CVE-2021-25370MEDIUMCVSS 6.1EG 9.0⚠ KEV2021-03-26
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.
- CVE-2021-25372MEDIUMCVSS 6.1EG 9.0⚠ KEV2021-03-26
An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.
- CVE-2021-25384CRITICALCVSS 9.0EG 9.82021-06-11
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
- CVE-2021-25387CRITICALCVSS 9.0EG 10.02021-06-11
An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
- CVE-2021-25396MEDIUMCVSS 6.7EG 6.72021-06-11
An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution.
- CVE-2021-25407HIGHCVSS 7.8EG 7.82021-06-11
A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write.
- CVE-2021-25408HIGHCVSS 7.8EG 7.82021-06-11
A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution.
- CVE-2021-25461MEDIUMCVSS 4.0EG 7.82021-09-09
An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.
- CVE-2021-25469MEDIUMCVSS 6.0EG 6.02021-10-06
A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution.
- CVE-2021-25475LOWCVSS 3.9EG 3.92021-10-06
A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
- CVE-2021-25478HIGHCVSS 7.2EG 7.22021-10-06
A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
- CVE-2021-25479HIGHCVSS 7.2EG 7.22021-10-06
A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
- CVE-2021-25492HIGHCVSS 7.3EG 7.12021-10-06
Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read.
- CVE-2021-25495HIGHCVSS 7.3EG 7.82021-10-06
A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution.
- CVE-2021-25500HIGHCVSS 7.2EG 4.42021-11-05
A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise.
- CVE-2021-25518MEDIUMCVSS 6.4EG 6.72021-12-08
An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution.
- CVE-2021-25665HIGHCVSS 7.8EG 7.82021-09-14
A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < V2021.2.1). The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in an out of bounds write…
- CVE-2021-25667HIGHCVSS 8.8EG 8.82021-03-15
A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and …
- CVE-2021-25668CRITICALCVSS 9.8EG 9.82021-04-22
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P …
- CVE-2021-25669CRITICALCVSS 9.8EG 9.82021-04-22
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P …
- CVE-2021-25670HIGHCVSS 7.8EG 7.82021-04-22
A vulnerability has been identified in Tecnomatix RobotExpert (All versions < V16.1). Affected applications lack proper validation of user-supplied data when parsing CELL files. This could result in an out of bounds write past the end of a…
- CVE-2021-25678HIGHCVSS 7.8EG 7.82021-04-22
A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplie…
- CVE-2021-25689CRITICALCVSS 9.8EG 9.82021-02-11
An out of bounds write in Teradici PCoIP soft client versions prior to version 20.10.1 could allow an attacker to remotely execute code.
- CVE-2021-25832CRITICALCVSS 9.8EG 9.82021-03-01
A heap buffer overflow vulnerability inside of BMP image processing was found at [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacker is able to gain remote code executions on DocumentServer.
- CVE-2021-25900CRITICALCVSS 9.8EG 9.82021-01-26
An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many.
- CVE-2021-26096MEDIUMCVSS 6.4EG 6.42021-08-04
Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments.
- CVE-2021-26105MEDIUMCVSS 6.8EG 6.82025-03-24
A stack-based buffer overflow vulnerability (CWE-121) in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via speci…
- CVE-2021-26112HIGHCVSS 8.1EG 9.82022-04-06
Multiple stack-based buffer overflow vulnerabilities [CWE-121] both in network daemons and in the command line interpreter of FortiWAN before 4.5.9 may allow an unauthenticated attacker to potentially corrupt control data in memory and exe…
- CVE-2021-26195HIGHCVSS 8.8EG 8.82021-06-10
An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-overflow in lexer_parse_number in js-lexer.c file.
- CVE-2021-26220HIGHCVSS 8.1EG 8.12021-02-08
The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
- CVE-2021-26221HIGHCVSS 8.1EG 8.12021-02-08
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
- CVE-2021-26222HIGHCVSS 8.1EG 8.12021-02-08
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →