Total
513 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32673 | 2024-11-21 | 5.5 Medium | ||
| Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly runtime engine allows a segmentation fault issue. This issue affects Walrus: before 72c7230f32a0b791355bbdfc78669701024b0956. | ||||
| CVE-2024-21522 | 2024-11-21 | 7.5 High | ||
| All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash. | ||||
| CVE-2024-21493 | 2024-11-21 | 5.3 Medium | ||
| All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead to a panic (index out of range). Panics during the parsing of a configuration file may introduce ambiguity and vulnerabilities, hindering the correct interpretation and configuration of the web server. | ||||
| CVE-2024-0901 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 High |
| Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length. | ||||
| CVE-2023-51455 | 2024-11-21 | 6.8 Medium | ||
| A Improper Validation of Array Index issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to corrupt a controlled memory location due to a missing input validation in the on_receive_session_packet_ack function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, potentially leading to a memory information leak or to an arbitrary code execution. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620. | ||||
| CVE-2023-38409 | 2 Linux, Redhat | 8 Linux Kernel, Enterprise Linux, Rhel Aus and 5 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info). | ||||
| CVE-2023-36308 | 1 Disintegration | 1 Imaging | 2024-11-21 | 5.5 Medium |
| disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence | ||||
| CVE-2023-36307 | 1 Simonwaldherr | 1 Zplgfa | 2024-11-21 | 5.5 Medium |
| ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer index out of range during a ConvertToGraphicField call) via an image of zero width. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence | ||||
| CVE-2023-31194 | 1 Diagon Project | 1 Diagon | 2024-11-21 | 5.3 Medium |
| An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted markdown file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. | ||||
| CVE-2023-2570 | 1 Schneider-electric | 1 Ecostruxure Foxboro Dcs Control Core Services | 2024-11-21 | 7 High |
| A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an unpredictable index to an IOCTL call in the Foxboro.sys driver. | ||||
| CVE-2023-29458 | 1 Zabbix | 1 Zabbix | 2024-11-21 | 5.9 Medium |
| Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use. | ||||
| CVE-2023-28573 | 1 Qualcomm | 398 315 5g Iot, 315 5g Iot Firmware, Aqt1000 and 395 more | 2024-11-21 | 7.8 High |
| Memory corruption in WLAN HAL while parsing WMI command parameters. | ||||
| CVE-2023-28558 | 1 Qualcomm | 399 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 396 more | 2024-11-21 | 7.8 High |
| Memory corruption in WLAN handler while processing PhyID in Tx status handler. | ||||
| CVE-2023-28557 | 1 Qualcomm | 556 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 553 more | 2024-11-21 | 7.8 High |
| Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload. | ||||
| CVE-2023-28004 | 1 Schneider-electric | 2 Powerlogic Hdpm6000, Powerlogic Hdpm6000 Firmware | 2024-11-21 | 9.8 Critical |
| A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution. | ||||
| CVE-2023-21650 | 1 Qualcomm | 102 Aqt1000, Aqt1000 Firmware, Csrb31024 and 99 more | 2024-11-21 | 6.7 Medium |
| Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length. | ||||
| CVE-2023-21636 | 1 Qualcomm | 102 Aqt1000, Aqt1000 Firmware, Qca6390 and 99 more | 2024-11-21 | 6.7 Medium |
| Memory Corruption due to improper validation of array index in Linux while updating adn record. | ||||
| CVE-2023-20080 | 1 Cisco | 2 Ios, Ios Xe | 2024-11-21 | 8.6 High |
| A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly. | ||||
| CVE-2022-40539 | 1 Qualcomm | 50 Qam8295p, Qam8295p Firmware, Qca6574au and 47 more | 2024-11-21 | 8.4 High |
| Memory corruption in Automotive Android OS due to improper validation of array index. | ||||
| CVE-2022-40537 | 1 Qualcomm | 324 Apq8009, Apq8009 Firmware, Apq8009w and 321 more | 2024-11-21 | 7.3 High |
| Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response. | ||||