CWE-787— Out-of-bounds Write
13,457 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 33 of 270
- CVE-2019-10982HIGHCVSS 7.8EG 7.82019-07-24
Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code…
- CVE-2019-10987HIGHCVSS 8.8EG 8.82019-06-28
In WebAccess/SCADA Versions 8.3.5 and prior, multiple out-of-bounds write vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution.
- CVE-2019-10989CRITICALCVSS 9.8EG 9.82019-06-28
In WebAccess/SCADA Versions 8.3.5 and prior, multiple heap-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code exe…
- CVE-2019-10991CRITICALCVSS 9.8EG 9.82019-06-28
In WebAccess/SCADA, Versions 8.3.5 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code e…
- CVE-2019-10999HIGHCVSS 8.8EG 8.82019-05-06
The D-Link DCS series of Wi-Fi cameras contains a stack-based buffer overflow in alphapd, the camera's web server. The overflow allows a remotely authenticated attacker to execute arbitrary code by providing a long string in the WEPEncrypt…
- CVE-2019-11005CRITICALCVSS 9.8EG 9.82019-04-08
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified…
- CVE-2019-11008HIGHCVSS 8.8EG 8.82019-04-08
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified ot…
- CVE-2019-1103HIGHCVSS 7.5EG 7.52019-07-15
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, …
- CVE-2019-11037MEDIUMCVSS 4.9EG 9.82019-05-03
In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write t…
- CVE-2019-1104HIGHCVSS 7.5EG 7.52019-07-15
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.
- CVE-2019-11043HIGHCVSS 8.7EG 9.8⚠ KEV2019-10-28
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus op…
- CVE-2019-1106HIGHCVSS 7.5EG 7.52019-07-15
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, …
- CVE-2019-1107HIGHCVSS 7.5EG 7.52019-07-15
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, …
- CVE-2019-11112HIGHCVSS 7.8EG 7.82019-11-14
Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 26.20.100.6812 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2019-11124MEDIUMCVSS 6.7EG 6.72019-06-13
Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
- CVE-2019-11129MEDIUMCVSS 6.7EG 6.72019-06-13
Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
- CVE-2019-11151HIGHCVSS 7.8EG 7.82019-11-14
Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via local access.
- CVE-2019-11152HIGHCVSS 8.8EG 8.82019-11-14
Memory corruption issues in Intel(R) WIFI Drivers before version 21.40 may allow a privileged user to potentially enable escalation of privilege, denial of service, and information disclosure via adjacent access.
- CVE-2019-11153HIGHCVSS 7.8EG 7.82019-11-14
Memory corruption issues in Intel(R) PROSet/Wireless WiFi Software extension DLL before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and a denial of service via local a…
- CVE-2019-11171CRITICALCVSS 9.8EG 9.82019-11-14
Heap corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via network access.
- CVE-2019-11182HIGHCVSS 7.5EG 7.52019-11-14
Memory corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.
- CVE-2019-11221HIGHCVSS 7.8EG 7.82019-04-15
GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c.
- CVE-2019-11222HIGHCVSS 7.8EG 7.82019-04-15
gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file.
- CVE-2019-1131MEDIUMCVSS 4.2EG 4.22019-08-14
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrar…
- CVE-2019-1133HIGHCVSS 7.5EG 7.52019-08-14
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the con…
- CVE-2019-11356CRITICALCVSS 9.8EG 9.82019-06-03
The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.
- CVE-2019-11360MEDIUMCVSS 4.2EG 4.22019-07-12
A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xsh…
- CVE-2019-11365CRITICALCVSS 9.8EG 9.82019-04-20
An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based buffer overflow due to an insecurely implemented strncpy call. The vulnerability is triggered by sending an error packet…
- CVE-2019-11371CRITICALCVSS 9.8EG 9.82019-04-20
BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow via a long prefix that is mishandled in bns_fasta2bntseq and bns_dump at btnseq.c.
- CVE-2019-1138HIGHCVSS 7.5EG 7.52019-09-11
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1217, …
- CVE-2019-1139MEDIUMCVSS 4.2EG 4.22019-08-14
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrar…
- CVE-2019-11395CRITICALCVSS 9.8EG 9.82019-04-22
A buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long string, as demonstrated by SMTP RCPT TO, POP3 USER, POP3 LIST, POP3 TOP, or POP3 RETR.
- CVE-2019-1140HIGHCVSS 8.8EG 8.82019-08-14
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrar…
- CVE-2019-1141MEDIUMCVSS 4.2EG 4.22019-08-14
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrar…
- CVE-2019-11411CRITICALCVSS 9.8EG 9.82019-04-22
An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow.
- CVE-2019-11417CRITICALCVSS 9.8EG 9.82019-04-22
system.cgi on TRENDnet TV-IP110WN cameras has a buffer overflow caused by an inadequate source-length check before a strcpy operation in the respondAsp function. Attackers can exploit the vulnerability by using the languse parameter with a…
- CVE-2019-11474MEDIUMCVSS 6.5EG 6.52019-04-23
coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.
- CVE-2019-1149HIGHCVSS 8.8EG 8.82019-08-14
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker…
- CVE-2019-1150HIGHCVSS 8.8EG 8.82019-08-14
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker…
- CVE-2019-11500CRITICALCVSS 9.8EG 9.82019-08-29
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code …
- CVE-2019-11505HIGHCVSS 8.8EG 8.82019-04-24
In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other…
- CVE-2019-11506HIGHCVSS 8.8EG 8.82019-04-24
In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified o…
- CVE-2019-1151HIGHCVSS 8.8EG 8.82019-08-14
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker…
- CVE-2019-11516HIGHCVSS 8.1EG 8.12020-02-05
An issue was discovered in the Bluetooth component of the Cypress (formerly owned by Broadcom) Wireless IoT codebase. Extended Inquiry Responses (EIRs) are improperly handled, which causes a heap-based buffer overflow during device inquiry…
- CVE-2019-1152HIGHCVSS 8.8EG 8.82019-08-14
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker…
- CVE-2019-11542HIGHCVSS 7.2EG 7.22019-04-26
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.…
- CVE-2019-11560CRITICALCVSS 9.8EG 9.82019-05-07
A buffer overflow vulnerability in the streaming server provided by hisilicon in HI3516 models allows an unauthenticated attacker to remotely run arbitrary code by sending a special RTSP over HTTP packet. The vulnerability was found in man…
- CVE-2019-11639HIGHCVSS 8.8EG 8.82019-05-01
An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a.
- CVE-2019-11640HIGHCVSS 8.8EG 8.82019-05-01
An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a.
- CVE-2019-11682CRITICALCVSS 9.8EG 9.82019-05-02
A buffer overflow in the SMTP response service in MailCarrier 2.51 allows the attacker to execute arbitrary code remotely via a long HELP command, a related issue to CVE-2019-11395.
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →