Total
495 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52768 | 1 Linux | 1 Linux Kernel | 2025-04-02 | N/A | 5.6 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: use vmm_table as array in wilc struct Enabling KASAN and running some iperf tests raises some memory issues with vmm_table: BUG: KASAN: slab-out-of-bounds in wilc_wlan_handle_txq+0x6ac/0xdb4 Write of size 4 at addr c3a61540 by task wlan0-tx/95 KASAN detects that we are writing data beyond range allocated to vmm_table. There is indeed a mismatch between the size passed to allocator in wilc_wlan_init, and the range of possible indexes used later: allocation size is missing a multiplication by sizeof(u32) | |||||
| CVE-2023-52819 | 1 Linux | 1 Linux Kernel | 2025-04-02 | N/A | 6.6 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga For pptable structs that use flexible array sizes, use flexible arrays. | |||||
| CVE-2021-47548 | 1 Linux | 1 Linux Kernel | 2025-04-01 | N/A | 9.8 CRITICAL |
| In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() The if statement: if (port >= DSAF_GE_NUM) return; limits the value of port less than DSAF_GE_NUM (i.e., 8). However, if the value of port is 6 or 7, an array overflow could occur: port_rst_off = dsaf_dev->mac_cb[port]->port_rst_off; because the length of dsaf_dev->mac_cb is DSAF_MAX_PORT_NUM (i.e., 6). To fix this possible array overflow, we first check port and if it is greater than or equal to DSAF_MAX_PORT_NUM, the function returns. | |||||
| CVE-2021-47547 | 1 Linux | 1 Linux Kernel | 2025-04-01 | N/A | 4.4 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound In line 5001, if all id in the array 'lp->phy[8]' is not 0, when the 'for' end, the 'k' is 8. At this time, the array 'lp->phy[8]' may be out of bound. | |||||
| CVE-2024-38542 | 1 Linux | 1 Linux Kernel | 2025-04-01 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: RDMA/mana_ib: boundary check before installing cq callbacks Add a boundary check inside mana_ib_install_cq_cb to prevent index overflow. | |||||
| CVE-2024-41564 | 1 Emilyploszaj | 1 Emi | 2025-03-26 | N/A | 4.3 MEDIUM |
| EMI v.1.1.10 and before, fixed in v.1.1.11, contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index and decrement stack count in EMI mod for Minecraft, which allows in-game item duplication. | |||||
| CVE-2022-47348 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
| In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. | |||||
| CVE-2022-47345 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
| In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. | |||||
| CVE-2022-47344 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
| In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. | |||||
| CVE-2022-47343 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
| In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. | |||||
| CVE-2022-47342 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | N/A | 5.5 MEDIUM |
| In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. | |||||
| CVE-2022-47347 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-25 | N/A | 5.5 MEDIUM |
| In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. | |||||
| CVE-2022-47346 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-25 | N/A | 5.5 MEDIUM |
| In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services. | |||||
| CVE-2024-38623 | 1 Linux | 1 Linux Kernel | 2025-03-24 | N/A | 9.8 CRITICAL |
| In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256) | |||||
| CVE-2024-41565 | 1 Mezz | 1 Justenoughitems | 2025-03-19 | N/A | 4.3 MEDIUM |
| JustEnoughItems (JEI) 19.5.0.33 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index in JEI for Minecraft, which allows in-game item duplication. | |||||
| CVE-2024-42698 | 1 Shedaniel | 1 Roughlyenoughitems | 2025-03-18 | N/A | 4.3 MEDIUM |
| Roughly Enough Items (REI) v.16.0.729 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index and decrement stack count in the Roughly Enough Items (REI) mod for Minecraft, which allows in-game item duplication. | |||||
| CVE-2025-30077 | 2025-03-17 | N/A | 6.2 MEDIUM | ||
| Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits. | |||||
| CVE-2023-52601 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-03-14 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbAdjTree Currently there is a bound check missing in the dbAdjTree while accessing the dmt_stree. To add the required check added the bool is_ctl which is required to determine the size as suggest in the following commit. https://lore.kernel.org/linux-kernel-mentees/f9475918-2186-49b8-b801-6f0f9e75f4fa@oracle.com/ | |||||
| CVE-2023-20633 | 2 Google, Mediatek | 25 Android, Mt6580, Mt6735 and 22 more | 2025-03-06 | N/A | 6.7 MEDIUM |
| In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628508; Issue ID: ALPS07628508. | |||||
| CVE-2023-52799 | 1 Linux | 1 Linux Kernel | 2025-03-06 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbFindLeaf Currently while searching for dmtree_t for sufficient free blocks there is an array out of bounds while getting element in tp->dm_stree. To add the required check for out of bound we first need to determine the type of dmtree. Thus added an extra parameter to dbFindLeaf so that the type of tree can be determined and the required check can be applied. | |||||