Total
528 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54644 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-20 | N/A | 6.6 MEDIUM |
|
Out-of-bounds array access issue due to insufficient data verification in the kernel ambient light module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2025-54650 | 1 Huawei | 1 Harmonyos | 2025-09-20 | N/A | 4.2 MEDIUM |
|
Improper array index verification vulnerability in the audio codec module.
Impact: Successful exploitation of this vulnerability may affect the audio decoding function.
|
|||||
| CVE-2023-31306 | 2025-09-08 | N/A | 3.3 LOW | ||
|
Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bounds read and loss of availability.
|
|||||
| CVE-2024-21970 | 2025-09-08 | N/A | 4.4 MEDIUM | ||
|
Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity.
|
|||||
| CVE-2025-21447 | 1 Qualcomm | 16 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 13 more | 2025-08-20 | N/A | 7.8 HIGH |
|
Memory corruption may occur while processing device IO control call for session control.
|
|||||
| CVE-2025-21423 | 1 Qualcomm | 90 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 87 more | 2025-08-19 | N/A | 7.8 HIGH |
|
Memory corruption occurs when handling client calls to EnableTestMode through an Escape call.
|
|||||
| CVE-2025-27067 | 1 Qualcomm | 16 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 13 more | 2025-08-18 | N/A | 7.8 HIGH |
|
Memory corruption while processing DDI call with invalid buffer.
|
|||||
| CVE-2025-27075 | 1 Qualcomm | 72 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 69 more | 2025-08-18 | N/A | 7.8 HIGH |
|
Memory corruption while processing IOCTL command with larger buffer in Bluetooth Host.
|
|||||
| CVE-2025-54645 | 1 Huawei | 1 Harmonyos | 2025-08-13 | N/A | 5.0 MEDIUM |
|
Out-of-bounds array access issue due to insufficient data verification in the location service module.
Impact: Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2025-54610 | 1 Huawei | 1 Harmonyos | 2025-08-12 | N/A | 5.4 MEDIUM |
|
Out-of-bounds access vulnerability in the audio codec module.
Impact: Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2024-53014 | 1 Qualcomm | 502 215, 215 Firmware, 315 5g Iot Modem and 499 more | 2025-08-11 | N/A | 7.8 HIGH |
|
Memory corruption may occur while validating ports and channels in Audio driver.
|
|||||
| CVE-2023-24850 | 1 Qualcomm | 412 Apq5053-aa, Apq5053-aa Firmware, Apq8017 and 409 more | 2025-08-11 | N/A | 7.8 HIGH |
|
Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.
|
|||||
| CVE-2024-53009 | 1 Qualcomm | 378 Aqt1000, Aqt1000 Firmware, Ar8035 and 375 more | 2025-08-11 | N/A | 5.3 MEDIUM |
|
Memory corruption while operating the mailbox in Automotive.
|
|||||
| CVE-2023-33053 | 1 Qualcomm | 234 Csr8811, Csr8811 Firmware, Immersive Home 214 Platform and 231 more | 2025-08-11 | N/A | 8.4 HIGH |
|
Memory corruption in Kernel while parsing metadata.
|
|||||
| CVE-2023-33111 | 1 Qualcomm | 172 Ar8035, Ar8035 Firmware, C-v2x 9150 and 169 more | 2025-08-11 | N/A | 5.5 MEDIUM |
|
Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibration command.
|
|||||
| CVE-2024-29231 | 1 Synology | 2 Diskstation Manager, Surveillance Station | 2025-08-04 | N/A | 5.4 MEDIUM |
|
Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.
|
|||||
| CVE-2025-23278 | 2025-08-04 | N/A | 7.1 HIGH | ||
|
NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted parameters. A successful exploit of this vulnerability might lead to data tampering or denial of service.
|
|||||
| CVE-2023-52728 | 1 Linuxfoundation | 1 Onos-lib-go | 2025-07-14 | N/A | 5.5 MEDIUM |
|
Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in putBitString.
|
|||||
| CVE-2025-5866 | 1 Rt-thread | 1 Rt-thread | 2025-07-11 | 7.4 HIGH | 8.0 HIGH |
|
A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index.
|
|||||
| CVE-2025-5868 | 1 Rt-thread | 1 Rt-thread | 2025-07-11 | 7.4 HIGH | 8.0 HIGH |
|
A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. This issue affects the function sys_thread_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index.
|
|||||
| CVE-2024-47249 | 1 Apache | 1 Nimble | 2025-07-08 | N/A | 5.0 MEDIUM |
|
Improper Validation of Array Index vulnerability in Apache NimBLE.
Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.
This issue requires broken or bogus Bluetooth controller and thus severity is considered low.
This issue affects Apache NimBLE: through 1.7.0.
Users are recommended to upgrade to version 1.8.0, which fixes the issue.
|
|||||
| CVE-2024-34050 | 1 Onosproject | 1 Traffic Steering Xapplication | 2025-06-27 | N/A | 7.5 HIGH |
|
Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64(b[2])<<16 | uint64(b[1])<<8 | uint64(b[0])" in reader.go.
|
|||||
| CVE-2025-1975 | 1 Ollama | 1 Ollama | 2025-06-24 | N/A | 7.5 HIGH |
|
A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash.
|
|||||
| CVE-2024-23084 | 1 Mikkotommila | 1 Apfloat | 2025-06-18 | N/A | 7.5 HIGH |
|
Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException via the component org.apfloat.internal.DoubleCRTMath::add(double[], double[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
|
|||||
| CVE-2025-3357 | 1 Ibm | 1 Tivoli Monitoring | 2025-06-09 | N/A | 9.8 CRITICAL |
|
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array.
|
|||||
| CVE-2022-42011 | 2 Fedoraproject, Freedesktop | 2 Fedora, Dbus | 2025-06-09 | N/A | 6.5 MEDIUM |
|
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.
|
|||||
| CVE-2025-48075 | 1 Gofiber | 1 Fiber | 2025-05-30 | N/A | 7.5 HIGH |
|
Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, `fiber.Ctx.BodyParser` can map flat data to nested slices using `key[idx]value` syntax, but when idx is negative, it causes a panic instead of returning an error stating it cannot process the data. Since this data is user-provided, this could lead to denial of service for anyone relying on this `fiber.Ctx.BodyParser` functionality. Version 2.52.7 fixes the issue.
|
|||||
| CVE-2024-34047 | 1 O-ran-sc | 1 Ric-plt-e2mgr | 2025-05-27 | N/A | 4.3 MEDIUM |
|
O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler.
|
|||||
| CVE-2024-34048 | 1 O-ran-sc | 1 Ric-plt-e2mgr | 2025-05-27 | N/A | 9.8 CRITICAL |
|
O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler.
|
|||||
| CVE-2021-39985 | 1 Huawei | 1 Harmonyos | 2025-05-22 | 5.0 MEDIUM | 7.5 HIGH |
|
The HwNearbyMain module has a Improper Validation of Array Index vulnerability.Successful exploitation of this vulnerability may cause a process to restart.
|
|||||
| CVE-2019-0906 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2025-05-20 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.
An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.
The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.
|
|||||
| CVE-2024-45574 | 1 Qualcomm | 8 Sdm429w, Sdm429w Firmware, Snapdragon 429 Mobile and 5 more | 2025-05-09 | N/A | 7.8 HIGH |
|
Memory corruption during array access in Camera kernel due to invalid index from invalid command data.
|
|||||
| CVE-2024-45576 | 1 Qualcomm | 38 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 35 more | 2025-05-09 | N/A | 7.8 HIGH |
|
Memory corruption while prociesing command buffer buffer in OPE module.
|
|||||
| CVE-2024-45578 | 1 Qualcomm | 28 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 25 more | 2025-05-09 | N/A | 7.8 HIGH |
|
Memory corruption while acquire and update IOCTLs during IFE output resource ID validation.
|
|||||
| CVE-2022-25720 | 1 Qualcomm | 370 Apq8009, Apq8009 Firmware, Apq8009w and 367 more | 2025-05-09 | N/A | 9.8 CRITICAL |
|
Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
|
|||||
| CVE-2020-25792 | 1 Sized-chunks Project | 1 Sized-chunks | 2025-05-05 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair().
|
|||||
| CVE-2023-2008 | 1 Linux | 1 Linux Kernel | 2025-05-05 | N/A | 7.8 HIGH |
|
A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.
|
|||||
| CVE-2024-36743 | 1 Oneflow | 1 Oneflow | 2025-05-02 | N/A | 7.5 HIGH |
|
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.dot.
|
|||||
| CVE-2024-36740 | 1 Oneflow | 1 Oneflow | 2025-05-01 | N/A | 7.5 HIGH |
|
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index as a negative number exceeds the range of size.
|
|||||
| CVE-2023-0950 | 2 Debian, Libreoffice | 2 Debian Linux, Libreoffice | 2025-04-23 | N/A | 7.8 HIGH |
|
Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code co ...
Show More |
|||||