Total
315 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0721 | 1 Washington | 1 Pine | 2024-02-09 | 7.5 HIGH | N/A |
Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number. | |||||
CVE-2007-5756 | 1 Winpcap | 1 Winpcap | 2024-02-09 | 6.9 MEDIUM | N/A |
Multiple array index errors in the bpf_filter_init function in NPF.SYS in WinPcap before 4.0.2, when run in monitor mode (aka Table Management Extensions or TME), and as used in Wireshark and possibly other products, allow local users to gain privileges via crafted IOCTL requests. | |||||
CVE-2005-0369 | 1 Armagetronad | 2 Armagetron, Armagetron Advanced | 2024-02-09 | 5.0 MEDIUM | N/A |
Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier allows remote attackers to cause a denial of service (application crash) via a packet with a large (1) descriptor ID or (2) claim_id, which exceeds the boundaries of an array. | |||||
CVE-2022-27223 | 3 Debian, Linux, Netapp | 17 Debian Linux, Linux Kernel, Active Iq Unified Manager and 14 more | 2024-02-08 | 6.5 MEDIUM | 8.8 HIGH |
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. | |||||
CVE-2020-28627 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-01-25 | 6.8 MEDIUM | 8.8 HIGH |
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_volume() ch->shell_entry_objects(). | |||||
CVE-2020-28617 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-01-25 | 6.8 MEDIUM | 8.8 HIGH |
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_vertex() vh->sfaces_last(). | |||||
CVE-2020-28603 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-01-25 | 6.8 MEDIUM | 8.8 HIGH |
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_hedge() e->set_prev(). | |||||
CVE-2020-28635 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-01-25 | 6.8 MEDIUM | 8.8 HIGH |
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sedge() seh->facet(). | |||||
CVE-2021-38654 | 1 Microsoft | 2 365 Apps, Office | 2023-12-28 | 6.8 MEDIUM | 7.8 HIGH |
Microsoft Office Visio Remote Code Execution Vulnerability | |||||
CVE-2022-42011 | 2 Fedoraproject, Freedesktop | 2 Fedora, Dbus | 2023-12-27 | N/A | 6.5 MEDIUM |
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. | |||||
CVE-2021-33815 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-23 | 6.8 MEDIUM | 8.8 HIGH |
dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked. | |||||
CVE-2023-29458 | 1 Zabbix | 1 Zabbix | 2023-12-10 | N/A | 7.5 HIGH |
Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use. | |||||
CVE-2023-31194 | 1 Diagon Project | 1 Diagon | 2023-12-10 | N/A | 7.8 HIGH |
An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted markdown file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. | |||||
CVE-2023-28004 | 1 Schneider-electric | 2 Powerlogic Hdpm6000, Powerlogic Hdpm6000 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution. | |||||
CVE-2022-38072 | 2 Admesh Project, Slic3r | 2 Admesh, Libslic3r | 2023-12-10 | N/A | 8.8 HIGH |
An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2023-26066 | 1 Lexmark | 217 6500e, B2236, B2338 and 214 more | 2023-12-10 | N/A | 9.8 CRITICAL |
Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index. | |||||
CVE-2023-2008 | 1 Linux | 1 Linux Kernel | 2023-12-10 | N/A | 7.8 HIGH |
A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. | |||||
CVE-2023-20080 | 1 Cisco | 2 Ios, Ios Xe | 2023-12-10 | N/A | 7.5 HIGH |
A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly. | |||||
CVE-2023-2570 | 1 Schneider-electric | 1 Ecostruxure Foxboro Dcs Control Core Services | 2023-12-10 | N/A | 7.8 HIGH |
A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an unpredictable index to an IOCTL call in the Foxboro.sys driver. | |||||
CVE-2023-0950 | 2 Debian, Libreoffice | 2 Debian Linux, Libreoffice | 2023-12-10 | N/A | 7.8 HIGH |
Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1. |