CWE-787
Out-of-bounds Write
BaseDraftLikelihood: High
Description
The product writes data past the end, or before the beginning, of the intended buffer.
Hierarchy (View 1000)
CVEs mapped to this weakness (1,368)
page 6 of 69| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-25254 | Cri | 0.64 | 9.8 | 0.00 | Apr 4, 2026 | NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH pointers and redirect execution to injected shellcode. | |
| CVE-2018-25223 | Cri | 0.64 | 9.8 | 0.00 | Mar 28, 2026 | Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Attackers can craft payloads with ROP chains to achieve code execution in the application context, with failed attempts potentially causing denial of service. | |
| CVE-2018-25221 | Cri | 0.64 | 9.8 | 0.00 | Mar 28, 2026 | EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets to achieve code execution in the application context. | |
| CVE-2018-25220 | Cri | 0.64 | 9.8 | 0.00 | Mar 28, 2026 | Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malicious payload with 1200 bytes of padding followed by a return-oriented programming chain to overwrite the instruction pointer and execute shell commands with application privileges. | |
| CVE-2017-20229 | Cri | 0.64 | 9.8 | 0.00 | Mar 28, 2026 | MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious input that overflows the stack buffer and execute a return-oriented programming chain to spawn a shell with application privileges. | |
| CVE-2017-20227 | Cri | 0.64 | 9.8 | 0.00 | Mar 28, 2026 | JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and execute a return-oriented programming chain that spawns a shell. | |
| CVE-2017-20225 | Cri | 0.64 | 9.8 | 0.00 | Mar 28, 2026 | TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can trigger the overflow through command-line arguments passed to the application, leveraging ROP gadgets to bypass protections and execute shellcode in the application context. | |
| CVE-2016-20049 | Cri | 0.64 | 9.8 | 0.00 | Mar 28, 2026 | JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 8150 bytes to overflow the stack, overwrite return addresses, and execute shellcode in the application context. | |
| CVE-2026-3548 | Cri | 0.64 | 9.8 | 0.00 | Mar 19, 2026 | Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs, either of these out of bound writes could be triggered. Note this only affects builds that specifically enable CRL support, and the user would need to load a CRL from an untrusted source. | |
| CVE-2026-4181 | Cri | 0.64 | 9.8 | 0.00 | Mar 16, 2026 | A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument key1/key2/key3/key4/pskValue results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer. | |
| CVE-2026-1668 | Cri | 0.64 | 9.8 | 0.00 | Mar 13, 2026 | The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.<br>An unauthenticated attacker with network access to the affected interface may cause memory corruption, service instability, or information disclosure. Successful exploitation may allow remote code execution or denial-of-service. | |
| CVE-2026-2807 | Cri | 0.64 | 9.8 | 0.00 | Feb 24, 2026 | Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | |
| CVE-2026-2793 | Cri | 0.64 | 9.8 | 0.00 | Feb 24, 2026 | Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |
| CVE-2026-2792 | Cri | 0.64 | 9.8 | 0.00 | Feb 24, 2026 | Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |
| CVE-2026-23112 | Cri | 0.64 | 9.8 | 0.00 | Feb 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec nvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU length or offset exceeds sg_cnt and then use bogus sg->length/offset values, leading to _copy_to_iter() GPF/KASAN. Guard sg_idx, remaining entries, and sg->length/offset before building the bvec. | |
| CVE-2020-36964 | Cri | 0.64 | 9.8 | 0.00 | Jan 28, 2026 | YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing space. Attackers can exploit the service by connecting and sending a malformed command that triggers a buffer overflow and service crash. | |
| CVE-2021-47781 | Cri | 0.64 | 9.8 | 0.00 | Jan 15, 2026 | Cmder Console Emulator 1.3.18 contains a buffer overflow vulnerability that allows attackers to trigger a denial of service condition through a maliciously crafted .cmd file. Attackers can create a specially constructed .cmd file with repeated characters to overwhelm the console emulator's buffer and crash the application. | |
| CVE-2021-47774 | Cri | 0.64 | 9.8 | 0.00 | Jan 15, 2026 | Kingdia CD Extractor 3.0.2 contains a buffer overflow vulnerability in the registration name field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload exceeding 256 bytes to overwrite Structured Exception Handler and gain remote code execution through a bind shell. | |
| CVE-2018-25154 | Cri | 0.64 | 9.8 | 0.00 | Dec 24, 2025 | GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system. | |
| CVE-2025-65084 | Cri | 0.64 | 9.8 | 0.00 | Nov 25, 2025 | An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code. |