ReportizFlow
Filtered by vendor
Subscriptions
Total
518 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0755 | 3 Ge, Ptc, Rockwellautomation | 9 Digital Industrial Gateway Server, Kepware Server, Kepware Serverex and 6 more | 2025-01-17 | 9.8 Critical |
| The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. | ||||
| CVE-2024-45550 | 1 Qualcomm | 16 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 13 more | 2025-01-14 | 7.8 High |
| Memory corruption occurs when invoking any IOCTL-calling application that executes all MCDM driver IOCTL calls. | ||||
| CVE-2023-31307 | 1 Amd | 32 Radeon Pro W6300, Radeon Pro W6400, Radeon Pro W6600 and 29 more | 2024-12-13 | 2.3 Low |
| Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service. | ||||
| CVE-2024-33044 | 1 Qualcomm | 425 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 422 more | 2024-12-12 | 8.4 High |
| Memory corruption while Configuring the SMR/S2CR register in Bypass mode. | ||||
| CVE-2024-5680 | 1 Schneider-electric | 1 Ecostruxure Foxboro Dcs Control Core Services | 2024-11-21 | 7.1 High |
| CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver. | ||||
| CVE-2024-32673 | 2024-11-21 | 5.5 Medium | ||
| Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly runtime engine allows a segmentation fault issue. This issue affects Walrus: before 72c7230f32a0b791355bbdfc78669701024b0956. | ||||
| CVE-2024-21522 | 2024-11-21 | 7.5 High | ||
| All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash. | ||||
| CVE-2024-21493 | 2024-11-21 | 5.3 Medium | ||
| All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead to a panic (index out of range). Panics during the parsing of a configuration file may introduce ambiguity and vulnerabilities, hindering the correct interpretation and configuration of the web server. | ||||
| CVE-2024-0901 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 High |
| Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length. | ||||
| CVE-2023-51455 | 2024-11-21 | 6.8 Medium | ||
| A Improper Validation of Array Index issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to corrupt a controlled memory location due to a missing input validation in the on_receive_session_packet_ack function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, potentially leading to a memory information leak or to an arbitrary code execution. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620. | ||||
| CVE-2023-38409 | 2 Linux, Redhat | 8 Linux Kernel, Enterprise Linux, Rhel Aus and 5 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info). | ||||
| CVE-2023-36308 | 1 Disintegration | 1 Imaging | 2024-11-21 | 5.5 Medium |
| disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence | ||||
| CVE-2023-36307 | 1 Simonwaldherr | 1 Zplgfa | 2024-11-21 | 5.5 Medium |
| ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer index out of range during a ConvertToGraphicField call) via an image of zero width. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence | ||||
| CVE-2023-31194 | 1 Diagon Project | 1 Diagon | 2024-11-21 | 5.3 Medium |
| An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted markdown file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. | ||||
| CVE-2023-2570 | 1 Schneider-electric | 1 Ecostruxure Foxboro Dcs Control Core Services | 2024-11-21 | 7 High |
| A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an unpredictable index to an IOCTL call in the Foxboro.sys driver. | ||||
| CVE-2023-29458 | 1 Zabbix | 1 Zabbix | 2024-11-21 | 5.9 Medium |
| Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use. | ||||
| CVE-2023-28573 | 1 Qualcomm | 398 315 5g Iot, 315 5g Iot Firmware, Aqt1000 and 395 more | 2024-11-21 | 7.8 High |
| Memory corruption in WLAN HAL while parsing WMI command parameters. | ||||
| CVE-2023-28558 | 1 Qualcomm | 399 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 396 more | 2024-11-21 | 7.8 High |
| Memory corruption in WLAN handler while processing PhyID in Tx status handler. | ||||
| CVE-2023-28557 | 1 Qualcomm | 556 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 553 more | 2024-11-21 | 7.8 High |
| Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload. | ||||
| CVE-2023-28004 | 1 Schneider-electric | 2 Powerlogic Hdpm6000, Powerlogic Hdpm6000 Firmware | 2024-11-21 | 9.8 Critical |
| A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution. | ||||