Total
478 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52728 | 1 Linuxfoundation | 1 Onos-lib-go | 2025-07-14 | N/A | 5.5 MEDIUM |
| Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.25 allows an index out-of-range condition in putBitString. | |||||
| CVE-2025-5866 | 1 Rt-thread | 1 Rt-thread | 2025-07-11 | 7.4 HIGH | 8.0 HIGH |
| A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index. | |||||
| CVE-2025-5868 | 1 Rt-thread | 1 Rt-thread | 2025-07-11 | 7.4 HIGH | 8.0 HIGH |
| A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. This issue affects the function sys_thread_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index. | |||||
| CVE-2024-47249 | 1 Apache | 1 Nimble | 2025-07-08 | N/A | 5.0 MEDIUM |
| Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue. | |||||
| CVE-2024-34050 | 1 Onosproject | 1 Traffic Steering Xapplication | 2025-06-27 | N/A | 7.5 HIGH |
| Open Networking Foundation SD-RAN Rimedo rimedo-ts 0.1.1 has a slice bounds out-of-range panic in "return uint64(b[2])<<16 | uint64(b[1])<<8 | uint64(b[0])" in reader.go. | |||||
| CVE-2025-1975 | 1 Ollama | 1 Ollama | 2025-06-24 | N/A | 7.5 HIGH |
| A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash. | |||||
| CVE-2024-23084 | 1 Mikkotommila | 1 Apfloat | 2025-06-18 | N/A | 7.5 HIGH |
| Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException via the component org.apfloat.internal.DoubleCRTMath::add(double[], double[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | |||||
| CVE-2025-3357 | 1 Ibm | 1 Tivoli Monitoring | 2025-06-09 | N/A | 9.8 CRITICAL |
| IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array. | |||||
| CVE-2022-42011 | 2 Fedoraproject, Freedesktop | 2 Fedora, Dbus | 2025-06-09 | N/A | 6.5 MEDIUM |
| An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. | |||||
| CVE-2025-48075 | 1 Gofiber | 1 Fiber | 2025-05-30 | N/A | 7.5 HIGH |
| Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, `fiber.Ctx.BodyParser` can map flat data to nested slices using `key[idx]value` syntax, but when idx is negative, it causes a panic instead of returning an error stating it cannot process the data. Since this data is user-provided, this could lead to denial of service for anyone relying on this `fiber.Ctx.BodyParser` functionality. Version 2.52.7 fixes the issue. | |||||
| CVE-2024-34047 | 1 O-ran-sc | 1 Ric-plt-e2mgr | 2025-05-27 | N/A | 4.3 MEDIUM |
| O-RAN RIC I-Release e2mgr lacks array size checks in RicServiceUpdateHandler. | |||||
| CVE-2024-34048 | 1 O-ran-sc | 1 Ric-plt-e2mgr | 2025-05-27 | N/A | 9.8 CRITICAL |
| O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler. | |||||
| CVE-2021-39985 | 1 Huawei | 1 Harmonyos | 2025-05-22 | 5.0 MEDIUM | 7.5 HIGH |
| The HwNearbyMain module has a Improper Validation of Array Index vulnerability.Successful exploitation of this vulnerability may cause a process to restart. | |||||
| CVE-2019-0906 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2025-05-20 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory. | |||||
| CVE-2024-45574 | 1 Qualcomm | 8 Sdm429w, Sdm429w Firmware, Snapdragon 429 Mobile and 5 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption during array access in Camera kernel due to invalid index from invalid command data. | |||||
| CVE-2024-45576 | 1 Qualcomm | 38 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 35 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption while prociesing command buffer buffer in OPE module. | |||||
| CVE-2024-45578 | 1 Qualcomm | 28 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 25 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption while acquire and update IOCTLs during IFE output resource ID validation. | |||||
| CVE-2022-25720 | 1 Qualcomm | 370 Apq8009, Apq8009 Firmware, Apq8009w and 367 more | 2025-05-09 | N/A | 9.8 CRITICAL |
| Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2020-25792 | 1 Sized-chunks Project | 1 Sized-chunks | 2025-05-05 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair(). | |||||
| CVE-2023-2008 | 1 Linux | 1 Linux Kernel | 2025-05-05 | N/A | 7.8 HIGH |
| A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. | |||||