Vulnerabilities (CVE)

Filtered by CWE-129
Total 572 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-9948 1 Google 1 Android 2026-06-17 9.3 HIGH 7.8 HIGH
In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Array Index vulnerability could potentially exist.
CVE-2014-6317 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2026-06-17 7.1 HIGH N/A
Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font, aka "Denial of Service in Windows Kernel Mode Driver Vulnerability."
CVE-2014-4616 4 Opensuse, Opensuse Project, Python and 1 more 4 Opensuse, Opensuse, Python and 1 more 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
CVE-2014-10048 1 Qualcomm 54 Mdm9206, Mdm9206 Firmware, Mdm9607 and 51 more 2026-06-17 10.0 HIGH 9.8 CRITICAL
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, while setting the offsets, time-services allows the user to set bases greater than valid base value which will lead to array index out-of-bound.
CVE-2014-10044 1 Qualcomm 20 Mdm9615, Mdm9615 Firmware, Mdm9625 and 17 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 210/SD 212/SD 205, SD 400, SD 617, SD 800, and SD 820, in the time daemon, unauthorized users can potentially modify system time and cause an array index to be out-of-bound.
CVE-2013-1593 1 Sap 1 Netweaver 2026-06-16 5.0 MEDIUM 7.5 HIGH
A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN.
CVE-2011-1169 1 Linux 1 Linux Kernel 2026-06-16 7.2 HIGH N/A
Array index error in the asihpi_hpi_ioctl function in sound/pci/asihpi/hpioctl.c in the AudioScience HPI driver in the Linux kernel before 2.6.38.1 might allow local users to cause a denial of service (memory corruption) or possibly gain privileges via a crafted adapter index value that triggers access to an invalid kernel pointer.
CVE-2010-2806 3 Apple, Canonical, Freetype 5 Iphone Os, Mac Os X, Tvos and 2 more 2026-06-16 6.8 MEDIUM N/A
Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.
CVE-2009-3080 7 Canonical, Debian, Linux and 4 more 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more 2026-06-16 7.2 HIGH N/A
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
CVE-2007-5756 1 Winpcap 1 Winpcap 2026-06-16 6.9 MEDIUM N/A
Multiple array index errors in the bpf_filter_init function in NPF.SYS in WinPcap before 4.0.2, when run in monitor mode (aka Table Management Extensions or TME), and as used in Wireshark and possibly other products, allow local users to gain privileges via crafted IOCTL requests.
CVE-2005-0369 1 Armagetronad 2 Armagetron, Armagetron Advanced 2026-06-16 5.0 MEDIUM 5.3 MEDIUM
Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier allows remote attackers to cause a denial of service (application crash) via a packet with a large (1) descriptor ID or (2) claim_id, which exceeds the boundaries of an array.
CVE-2003-0721 1 Washington 1 Pine 2026-06-16 7.5 HIGH N/A
Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number.