Total
528 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-47548 | 1 Linux | 1 Linux Kernel | 2025-04-01 | N/A | 9.8 CRITICAL |
|
In the Linux kernel, the following vulnerability has been resolved:
ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()
The if statement:
if (port >= DSAF_GE_NUM)
return;
limits the value of port less than DSAF_GE_NUM (i.e., 8).
However, if the value of port is 6 or 7, an array overflow could occur:
port_rst_off = dsaf_dev->mac_cb[port]->port_rst_off;
because the length of dsaf_dev->mac_cb is DSAF_MAX_PORT_NUM (i.e., 6).
To fix th ...
Show More |
|||||
| CVE-2021-47547 | 1 Linux | 1 Linux Kernel | 2025-04-01 | N/A | 4.4 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound
In line 5001, if all id in the array 'lp->phy[8]' is not 0, when the
'for' end, the 'k' is 8.
At this time, the array 'lp->phy[8]' may be out of bound.
|
|||||
| CVE-2024-38542 | 1 Linux | 1 Linux Kernel | 2025-04-01 | N/A | 7.1 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mana_ib: boundary check before installing cq callbacks
Add a boundary check inside mana_ib_install_cq_cb to prevent index overflow.
|
|||||
| CVE-2024-41564 | 1 Emilyploszaj | 1 Emi | 2025-03-26 | N/A | 4.3 MEDIUM |
|
EMI v.1.1.10 and before, fixed in v.1.1.11, contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index and decrement stack count in EMI mod for Minecraft, which allows in-game item duplication.
|
|||||
| CVE-2022-47348 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.
|
|||||
| CVE-2022-47345 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.
|
|||||
| CVE-2022-47344 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.
|
|||||
| CVE-2022-47343 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.
|
|||||
| CVE-2022-47342 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
|
In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.
|
|||||
| CVE-2022-47347 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-25 | N/A | 5.5 MEDIUM |
|
In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.
|
|||||
| CVE-2022-47346 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-25 | N/A | 5.5 MEDIUM |
|
In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.
|
|||||
| CVE-2024-38623 | 1 Linux | 1 Linux Kernel | 2025-03-24 | N/A | 9.8 CRITICAL |
|
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Use variable length array instead of fixed size
Should fix smatch warning:
ntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256)
|
|||||
| CVE-2024-41565 | 1 Mezz | 1 Justenoughitems | 2025-03-19 | N/A | 4.3 MEDIUM |
|
JustEnoughItems (JEI) 19.5.0.33 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index in JEI for Minecraft, which allows in-game item duplication.
|
|||||
| CVE-2024-42698 | 1 Shedaniel | 1 Roughlyenoughitems | 2025-03-18 | N/A | 4.3 MEDIUM |
|
Roughly Enough Items (REI) v.16.0.729 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index and decrement stack count in the Roughly Enough Items (REI) mod for Minecraft, which allows in-game item duplication.
|
|||||
| CVE-2025-30077 | 2025-03-17 | N/A | 6.2 MEDIUM | ||
|
Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits.
|
|||||
| CVE-2023-52601 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-03-14 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix array-index-out-of-bounds in dbAdjTree
Currently there is a bound check missing in the dbAdjTree while
accessing the dmt_stree. To add the required check added the bool is_ctl
which is required to determine the size as suggest in the following
commit.
https://lore.kernel.org/linux-kernel-mentees/[email protected]/
|
|||||
| CVE-2023-20633 | 2 Google, Mediatek | 25 Android, Mt6580, Mt6735 and 22 more | 2025-03-06 | N/A | 6.7 MEDIUM |
|
In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628508; Issue ID: ALPS07628508.
|
|||||
| CVE-2024-49836 | 1 Qualcomm | 58 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 55 more | 2025-03-06 | N/A | 7.8 HIGH |
|
Memory corruption may occur during the synchronization of the camera`s frame processing pipeline.
|
|||||
| CVE-2023-52799 | 1 Linux | 1 Linux Kernel | 2025-03-06 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
jfs: fix array-index-out-of-bounds in dbFindLeaf
Currently while searching for dmtree_t for sufficient free blocks there
is an array out of bounds while getting element in tp->dm_stree. To add
the required check for out of bound we first need to determine the type
of dmtree. Thus added an extra parameter to dbFindLeaf so that the type
of tree can be determined and the required check can be applied.
|
|||||
| CVE-2023-52807 | 1 Linux | 1 Linux Kernel | 2025-03-06 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: fix out-of-bounds access may occur when coalesce info is read via debugfs
The hns3 driver define an array of string to show the coalesce
info, but if the kernel adds a new mode or a new state,
out-of-bounds access may occur when coalesce info is read via
debugfs, this patch fix the problem.
|
|||||
| CVE-2024-38556 | 1 Linux | 1 Linux Kernel | 2025-03-06 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Add a timeout to acquire the command queue semaphore
Prevent forced completion handling on an entry that has not yet been
assigned an index, causing an out of bounds access on idx = -22.
Instead of waiting indefinitely for the sem, blocking flow now waits for
index to be allocated or a sem acquisition timeout before beginning the
timer for FW completion.
Kernel log example:
mlx5_core 0000:06:00.0: wait_func_handle_e ...
Show More |
|||||
| CVE-2022-48702 | 1 Linux | 1 Linux Kernel | 2025-03-05 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
The voice allocator sometimes begins allocating from near the end of the
array and then wraps around, however snd_emu10k1_pcm_channel_alloc()
accesses the newly allocated voices as if it never wrapped around.
This results in out of bounds access if the first voice has a high enough
index so that first_voice + requested_voice_count > NUM_G (64).
The mor ...
Show More |
|||||
| CVE-2024-36921 | 1 Linux | 1 Linux Kernel | 2025-03-01 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mvm: guard against invalid STA ID on removal
Guard against invalid station IDs in iwl_mvm_mld_rm_sta_id as that would
result in out-of-bounds array accesses. This prevents issues should the
driver get into a bad state during error handling.
|
|||||
| CVE-2023-52640 | 1 Linux | 1 Linux Kernel | 2025-02-27 | N/A | 7.1 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix oob in ntfs_listxattr
The length of name cannot exceed the space occupied by ea.
|
|||||
| CVE-2021-47135 | 1 Linux | 1 Linux Kernel | 2025-02-27 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report
Fix possible array out of bound access in mt7921_mcu_tx_rate_report.
Remove unnecessary varibable in mt7921_mcu_tx_rate_report
|
|||||
| CVE-2024-2214 | 1 Eclipse | 1 Threadx | 2025-02-13 | N/A | 7.0 HIGH |
|
In Eclipse ThreadX before version 6.4.0, the _Mtxinit() function in the
Xtensa port was missing an array size check causing a memory overwrite.
The affected file was ports/xtensa/xcc/src/tx_clib_lock.c
|
|||||
| CVE-2023-46724 | 1 Squid-cache | 1 Squid | 2025-02-13 | N/A | 8.6 HIGH |
|
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This b ...
Show More |
|||||
| CVE-2024-22181 | 1 Libigl | 1 Libigl | 2025-02-12 | N/A | 7.8 HIGH |
|
An out-of-bounds write vulnerability exists in the readNODE functionality of libigl v2.5.0. A specially crafted .node file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2023-26066 | 1 Lexmark | 217 6500e, B2236, B2338 and 214 more | 2025-02-11 | N/A | 9.8 CRITICAL |
|
Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index.
|
|||||
| CVE-2024-49837 | 1 Qualcomm | 52 Qam8255p, Qam8255p Firmware, Qam8295p and 49 more | 2025-02-05 | N/A | 7.8 HIGH |
|
Memory corruption while reading CPU state data during guest VM suspend.
|
|||||
| CVE-2024-49843 | 1 Qualcomm | 104 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 7800 and 101 more | 2025-02-05 | N/A | 7.8 HIGH |
|
Memory corruption while processing IOCTL from user space to handle GPU AHB bus error.
|
|||||
| CVE-2024-49834 | 1 Qualcomm | 254 Csra6620, Csra6620 Firmware, Csra6640 and 251 more | 2025-02-05 | N/A | 7.8 HIGH |
|
Memory corruption while power-up or power-down sequence of the camera sensor.
|
|||||
| CVE-2024-45582 | 1 Qualcomm | 68 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 65 more | 2025-02-05 | N/A | 7.8 HIGH |
|
Memory corruption while validating number of devices in Camera kernel .
|
|||||
| CVE-2024-49832 | 1 Qualcomm | 50 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 47 more | 2025-02-05 | N/A | 7.8 HIGH |
|
Memory corruption in Camera due to unusually high number of nodes passed to AXI port.
|
|||||
| CVE-2024-49833 | 1 Qualcomm | 160 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 157 more | 2025-02-05 | N/A | 7.8 HIGH |
|
Memory corruption can occur in the camera when an invalid CID is used.
|
|||||
| CVE-2024-45569 | 1 Qualcomm | 348 Ar8035, Ar8035 Firmware, Csr8811 and 345 more | 2025-02-05 | N/A | 9.8 CRITICAL |
|
Memory corruption while parsing the ML IE due to invalid frame content.
|
|||||
| CVE-2024-45550 | 1 Qualcomm | 16 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 13 more | 2025-01-13 | N/A | 7.8 HIGH |
|
Memory corruption occurs when invoking any IOCTL-calling application that executes all MCDM driver IOCTL calls.
|
|||||
| CVE-2023-52818 | 1 Linux | 1 Linux Kernel | 2024-12-30 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
For pptable structs that use flexible array sizes, use flexible arrays.
|
|||||
| CVE-2024-35905 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-12-30 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Protect against int overflow for stack access size
This patch re-introduces protection against the size of access to stack
memory being negative; the access size can appear negative as a result
of overflowing its signed int representation. This should not actually
happen, as there are other protections along the way, but we should
protect against it anyway. One code path was missing such protections
(fixed in the previous ...
Show More |
|||||
| CVE-2023-52649 | 1 Linux | 1 Linux Kernel | 2024-12-23 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/vkms: Avoid reading beyond LUT array
When the floor LUT index (drm_fixp2int(lut_index) is the last
index of the array the ceil LUT index will point to an entry
beyond the array. Make sure we guard against it and use the
value of the floor LUT index.
v3:
- Drop bits from commit description that didn't contribute
anything of value
|
|||||