Total
472 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5868 | 1 Rt-thread | 1 Rt-thread | 2025-07-11 | 7.4 HIGH | 8.0 HIGH |
| A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. This issue affects the function sys_thread_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index. | |||||
| CVE-2024-35164 | 1 Apache | 1 Guacamole | 2025-07-09 | N/A | 6.8 MEDIUM |
| The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.6.0, which fixes this issue. | |||||
| CVE-2023-27349 | 1 Bluez | 1 Bluez | 2025-07-08 | N/A | 8.0 HIGH |
| BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19908. | |||||
| CVE-2024-47249 | 1 Apache | 1 Nimble | 2025-07-08 | N/A | 5.0 MEDIUM |
| Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue. | |||||
| CVE-2024-34050 | 1 Onosproject | 1 Traffic Steering Xapplication | 2025-06-27 | N/A | 7.5 HIGH |
| Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64(b[2])<<16 | uint64(b[1])<<8 | uint64(b[0])" in reader.go. | |||||
| CVE-2025-1975 | 1 Ollama | 1 Ollama | 2025-06-24 | N/A | 7.5 HIGH |
| A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash. | |||||
| CVE-2023-40477 | 1 Rarlab | 1 Winrar | 2025-06-20 | N/A | 7.8 HIGH |
| RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of recovery volumes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21233. | |||||
| CVE-2024-23084 | 1 Mikkotommila | 1 Apfloat | 2025-06-18 | N/A | 7.5 HIGH |
| Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException via the component org.apfloat.internal.DoubleCRTMath::add(double[], double[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | |||||
| CVE-2025-3357 | 1 Ibm | 1 Tivoli Monitoring | 2025-06-09 | N/A | 9.8 CRITICAL |
| IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array. | |||||
| CVE-2022-42011 | 2 Fedoraproject, Freedesktop | 2 Fedora, Dbus | 2025-06-09 | N/A | 6.5 MEDIUM |
| An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. | |||||
| CVE-2024-53203 | 1 Linux | 1 Linux Kernel | 2025-06-04 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() The "command" variable can be controlled by the user via debugfs. The worry is that if con_index is zero then "&uc->ucsi->connector[con_index - 1]" would be an array underflow. | |||||
| CVE-2024-31581 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2025-06-03 | N/A | 9.8 CRITICAL |
| FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application. | |||||
| CVE-2025-48075 | 1 Gofiber | 1 Fiber | 2025-05-30 | N/A | 7.5 HIGH |
| Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, `fiber.Ctx.BodyParser` can map flat data to nested slices using `key[idx]value` syntax, but when idx is negative, it causes a panic instead of returning an error stating it cannot process the data. Since this data is user-provided, this could lead to denial of service for anyone relying on this `fiber.Ctx.BodyParser` functionality. Version 2.52.7 fixes the issue. | |||||
| CVE-2024-34047 | 1 O-ran-sc | 1 Ric-plt-e2mgr | 2025-05-27 | N/A | 4.3 MEDIUM |
| O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler. | |||||
| CVE-2024-34048 | 1 O-ran-sc | 1 Ric-plt-e2mgr | 2025-05-27 | N/A | 9.8 CRITICAL |
| O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler. | |||||
| CVE-2021-39985 | 1 Huawei | 1 Harmonyos | 2025-05-22 | 5.0 MEDIUM | 7.5 HIGH |
| The HwNearbyMain module has a Improper Validation of Array Index vulnerability.Successful exploitation of this vulnerability may cause a process to restart. | |||||
| CVE-2019-0906 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2025-05-20 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. | |||||
| CVE-2024-45574 | 1 Qualcomm | 8 Sdm429w, Sdm429w Firmware, Snapdragon 429 Mobile and 5 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption during array access in Camera kernel due to invalid index from invalid command data. | |||||
| CVE-2024-45576 | 1 Qualcomm | 38 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 35 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption while prociesing command buffer buffer in OPE module. | |||||
| CVE-2024-45578 | 1 Qualcomm | 28 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 25 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption while acquire and update IOCTLs during IFE output resource ID validation. | |||||