CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-787

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-44143 787 Exec Code Overflow 2021-11-22 2021-11-27
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
2 CVE-2021-43975 787 2021-11-17 2021-11-27
4.6
None Local Low Not required Partial Partial Partial
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.
3 CVE-2021-43519 787 DoS Overflow 2021-11-09 2021-11-12
4.3
None Remote Medium Not required None None Partial
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
4 CVE-2021-43390 787 Exec Code 2021-11-14 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
5 CVE-2021-43336 787 Exec Code 2021-11-14 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
An Out-of-Bounds Write vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
6 CVE-2021-43280 787 Exec Code Overflow 2021-11-14 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
7 CVE-2021-43279 787 Exec Code 2021-11-14 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds write vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
8 CVE-2021-43174 787 2021-11-09 2021-11-17
5.0
None Remote Low Not required None None Partial
NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of white space in the encoded data. The gzip scheme compresses such white space extremely well, leading to very small compressed files that become huge when being decompressed for further processing, big enough that Routinator runs out of memory when parsing input data waiting for the next XML element.
9 CVE-2021-42739 787 Overflow 2021-10-20 2021-11-18
4.6
None Local Low Not required Partial Partial Partial
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
10 CVE-2021-42707 787 Exec Code 2021-11-22 2021-11-23
6.8
None Remote Medium Not required Partial Partial Partial
PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.
11 CVE-2021-42697 787 DoS 2021-11-02 2021-11-04
5.0
None Remote Low Not required None None Partial
Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments.
12 CVE-2021-42524 787 Exec Code 2021-11-18 2021-11-19
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file.
13 CVE-2021-42327 787 Overflow 2021-10-21 2021-11-18
4.6
None Local Low Not required Partial Partial Partial
dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer.
14 CVE-2021-42279 787 Mem. Corr. 2021-11-10 2021-11-12
5.1
None Remote High Not required Partial Partial Partial
Chakra Scripting Engine Memory Corruption Vulnerability
15 CVE-2021-42272 787 Exec Code 2021-11-18 2021-11-19
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF file.
16 CVE-2021-42271 787 Exec Code 2021-11-18 2021-11-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file.
17 CVE-2021-42270 787 Exec Code 2021-11-18 2021-11-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file.
18 CVE-2021-42076 787 2021-11-08 2021-11-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in Barrier before 2.3.4. An attacker can cause memory exhaustion in the barriers component (aka the server-side implementation of Barrier) and barrierc by sending long TCP messages.
19 CVE-2021-42012 787 Exec Code Overflow 2021-10-21 2021-10-27
4.6
None Local Low Not required Partial Partial Partial
A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
20 CVE-2021-42008 787 2021-10-05 2021-11-26
6.9
None Local Medium Not required Complete Complete Complete
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.
21 CVE-2021-41459 787 DoS Overflow 2021-10-01 2021-10-07
5.0
None Remote Low Not required None None Partial
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability.
22 CVE-2021-41457 787 DoS Overflow 2021-10-01 2021-10-07
5.0
None Remote Low Not required None None Partial
There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability.
23 CVE-2021-41456 787 DoS Overflow 2021-10-01 2021-10-07
5.0
None Remote Low Not required None None Partial
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability.
24 CVE-2021-41221 787 Overflow 2021-11-05 2021-11-10
4.6
None Local Low Not required Partial Partial Partial
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the `Cudnn*` operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the `input`, `input_h` and `input_c` parameters are not validated, but code assumes they have certain values. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
25 CVE-2021-41216 787 Overflow 2021-11-05 2021-11-09
4.6
None Local Low Not required Partial Partial Partial
TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Transpose` is vulnerable to a heap buffer overflow. This occurs whenever `perm` contains negative elements. The shape inference function does not validate that the indices in `perm` are all valid. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
26 CVE-2021-41160 787 2021-10-21 2021-11-26
6.8
None Remote Medium Not required Partial Partial Partial
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.
27 CVE-2021-41159 787 2021-10-21 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.
28 CVE-2021-41036 787 2021-11-03 2021-11-04
7.5
None Remote Low Not required Partial Partial Partial
In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check rem_len size in readpacket.
29 CVE-2021-40731 787 Exec Code 2021-10-15 2021-10-21
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by an out-of-bounds write vulnerability when parsing a crafted JPEG2000 file, which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
30 CVE-2021-40391 787 Exec Code 2021-11-19 2021-11-24
7.5
None Remote Low Not required Partial Partial Partial
An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
31 CVE-2021-40156 787 Exec Code 2021-09-15 2021-09-28
6.8
None Remote Medium Not required Partial Partial Partial
A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.
32 CVE-2021-39846 787 Overflow Mem. Corr. 2021-09-29 2021-10-06
5.8
None Remote Medium Not required None Partial Partial
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader.
33 CVE-2021-39845 787 Overflow Mem. Corr. 2021-09-29 2021-10-06
5.8
None Remote Medium Not required None Partial Partial
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader.
34 CVE-2021-39843 787 Exec Code 2021-09-29 2021-10-06
6.8
None Remote Medium Not required Partial Partial Partial
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
35 CVE-2021-39831 787 Exec Code 2021-09-29 2021-10-08
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.
36 CVE-2021-39829 787 Exec Code 2021-09-29 2021-10-08
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file.
37 CVE-2021-39825 787 Exec Code 2021-09-27 2021-10-04
6.8
None Remote Medium Not required Partial Partial Partial
Photoshop Elements versions 2021 build 19.0 (20210304.m.156367) (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious TTF file.
38 CVE-2021-39595 787 Exec Code Overflow 2021-09-20 2021-09-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function rfx_alloc() located in mem.c. It allows an attacker to cause code Execution.
39 CVE-2021-39582 787 Exec Code Overflow 2021-09-20 2021-09-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function swf_GetPlaceObject() located in swfobject.c. It allows an attacker to cause code Execution.
40 CVE-2021-39579 787 Exec Code Overflow 2021-09-20 2021-09-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function string_hash() located in q.c. It allows an attacker to cause code Execution.
41 CVE-2021-39577 787 Exec Code Overflow 2021-09-20 2021-09-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function main() located in swfdump.c. It allows an attacker to cause code Execution.
42 CVE-2021-39574 787 Exec Code Overflow 2021-09-20 2021-09-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function pool_read() located in pool.c. It allows an attacker to cause code Execution.
43 CVE-2021-39569 787 Exec Code Overflow 2021-09-20 2021-09-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function OpAdvance() located in swfaction.c. It allows an attacker to cause code Execution.
44 CVE-2021-39564 787 Exec Code Overflow 2021-09-20 2021-09-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function swf_DumpActions() located in swfaction.c. It allows an attacker to cause code Execution.
45 CVE-2021-39561 787 Exec Code Overflow 2021-09-20 2021-09-23
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function Gfx::opSetFillColorN() located in Gfx.cc. It allows an attacker to cause code Execution.
46 CVE-2021-39558 787 Exec Code Overflow 2021-09-20 2021-09-23
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function VectorGraphicOutputDev::drawGeneralImage() located in VectorGraphicOutputDev.cc. It allows an attacker to cause code Execution.
47 CVE-2021-39552 787 Overflow 2021-09-20 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in sela through 20200412. file::WavFile::readFromFile() in wav_file.c has a heap-based buffer overflow.
48 CVE-2021-39551 787 Overflow 2021-09-20 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in sela through 20200412. file::SelaFile::readFromFile() in sela_file.c has a heap-based buffer overflow.
49 CVE-2021-39550 787 Overflow 2021-09-20 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in sela through 20200412. file::SelaFile::readFromFile() in sela_file.cpp has a heap-based buffer overflow.
50 CVE-2021-39546 787 Overflow 2021-09-20 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in sela through 20200412. rice::RiceDecoder::process() in rice_decoder.cpp has a heap-based buffer overflow.
Total number of vulnerabilities : 4284   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.