Total
265 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25720 | 1 Qualcomm | 370 Apq8009, Apq8009 Firmware, Apq8009w and 367 more | 2022-10-21 | N/A | 9.8 CRITICAL |
| Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2022-30763 | 1 Janet-lang | 1 Janet | 2022-10-12 | 5.0 MEDIUM | 7.5 HIGH |
| Janet before 1.22.0 mishandles arrays. | |||||
| CVE-2022-25690 | 1 Qualcomm | 304 Apq8096au, Apq8096au Firmware, Aqt1000 and 301 more | 2022-09-19 | N/A | 7.5 HIGH |
| Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | |||||
| CVE-2022-22099 | 1 Qualcomm | 4 Sa8540p, Sa8540p Firmware, Sa9000p and 1 more | 2022-09-08 | N/A | 7.8 HIGH |
| Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto | |||||
| CVE-2020-28589 | 1 Tinyobjloader Project | 1 Tinyobjloader | 2022-08-31 | 6.8 MEDIUM | 8.8 HIGH |
| An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-21833 | 1 Accusoft | 1 Imagegear | 2022-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An improper array index validation vulnerability exists in the TIF IP_planar_raster_unpack functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-31135 | 1 Aceattorneyonline | 1 Akashi | 2022-07-14 | 7.8 HIGH | 7.5 HIGH |
| Akashi is an open source server implementation of the Attorney Online video game based on the Ace Attorney universe. Affected versions of Akashi are subject to a denial of service attack. An attacker can use a specially crafted evidence packet to make an illegal modification, causing a server crash. This can be used to mount a denial-of-service exploit. Users are advised to upgrade. There is no known workaround for this issue. | |||||
| CVE-2014-4616 | 4 Opensuse, Opensuse Project, Python and 1 more | 4 Opensuse, Opensuse, Python and 1 more | 2022-07-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function. | |||||
| CVE-2022-31603 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2022-07-13 | 4.4 MEDIUM | 6.7 MEDIUM |
| NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosure. | |||||
| CVE-2020-11041 | 2 Freerdp, Opensuse | 2 Freerdp, Leap | 2022-07-01 | 4.0 MEDIUM | 2.7 LOW |
| In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0. | |||||
| CVE-2021-35121 | 1 Qualcomm | 88 Apq8053, Apq8053 Firmware, Msm8953 and 85 more | 2022-06-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| An array index is improperly used to lock and unlock a mutex which can lead to a Use After Free condition In the Synx driver in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-35072 | 1 Qualcomm | 164 Apq8009, Apq8009 Firmware, Apq8009w and 161 more | 2022-06-22 | 7.2 HIGH | 7.8 HIGH |
| Possible buffer overflow due to improper validation of array index while processing external DIAG command in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-35126 | 1 Qualcomm | 52 Qam8295p, Qam8295p Firmware, Qca6391 and 49 more | 2022-06-22 | 7.2 HIGH | 7.8 HIGH |
| Memory corruption in DSP service due to improper validation of input parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2020-28852 | 1 Golang | 1 Text | 2022-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) | |||||
| CVE-2021-21949 | 1 Accusoft | 1 Imagegear | 2022-04-21 | 6.8 MEDIUM | 8.8 HIGH |
| An improper array index validation vulnerability exists in the JPEG-JFIF Scan header parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to an out-of-bounds write and potential code exectuion. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-1237 | 1 Radare | 1 Radare2 | 2022-04-14 | 6.8 MEDIUM | 7.8 HIGH |
| Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | |||||
| CVE-2021-3121 | 2 Golang, Hashicorp | 2 Protobuf, Consul | 2022-04-01 | 7.5 HIGH | 8.6 HIGH |
| An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue. | |||||
| CVE-2021-30325 | 1 Qualcomm | 318 Apq8096au, Apq8096au Firmware, Ar8031 and 315 more | 2022-02-18 | 4.6 MEDIUM | 6.7 MEDIUM |
| Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-38563 | 2 Foxit, Foxitsoftware | 2 Pdf Reader, Pdf Editor | 2022-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It mishandles situations in which an array size (derived from a /Size entry) is smaller than the maximum indirect object number, and thus there is an attempted incorrect array access (leading to a NULL pointer dereference, or out-of-bounds read or write). | |||||
| CVE-2021-35005 | 1 Teamviewer | 1 Teamviewer | 2022-01-31 | 2.1 LOW | 3.3 LOW |
| This vulnerability allows local attackers to disclose sensitive information on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-13818. | |||||