Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

CVEs (569)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-33053 1Qualcomm 117Csr8811 Firmware Immersive Home 214 Platform FirmwareImmersive Home 216 Platform Firmware+114 more Aug 11, 2025 Dec 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in Kernel while parsing metadata.
CVE-2023-6298 1Itextpdf 1Itext Nov 21, 2024 Nov 26, 2023 N/A· v4 6.5 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability classified as problematic was found in Apryse iText 8.0.2. This vulnerability affects the function main of the file PdfDocument.java. The manipulation leads to improper validation of array index. The atta...Show more A vulnerability classified as problematic was found in Apryse iText 8.0.2. This vulnerability affects the function main of the file PdfDocument.java. The manipulation leads to improper validation of array index. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-246124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. A statement published afterwards explains that the exception is not a vulnerability and the identified CWEs might not apply to the software.Show less
CVE-2023-46724 1Squid Cache 1Squid Feb 13, 2025 Nov 1, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service at...Show more Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.Show less
CVE-2023-35126 1Justsystems 19Easy Postcard Max Ichitaro 2021Ichitaro 2022+16 more Nov 21, 2024 Oct 19, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with th...Show more An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2023-24850 1Qualcomm 204Apq5053 Aa Firmware Apq8017 FirmwareApq8037 Firmware+201 more Aug 11, 2025 Oct 3, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.
CVE-2023-28573 1Qualcomm 195315 5g Iot Firmware Aqt1000 FirmwareAr8035 Firmware+192 more Nov 21, 2024 Sep 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in WLAN HAL while parsing WMI command parameters.
CVE-2023-28567 1Qualcomm 285315 5g Iot Firmware Aqt1000 FirmwareAr8031 Firmware+282 more Nov 21, 2024 Sep 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in WLAN HAL while handling command through WMI interfaces.
CVE-2023-28565 1Qualcomm 2929205 Lte Firmware Apq8017 FirmwareApq8064au Firmware+289 more Nov 21, 2024 Sep 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in WLAN HAL while handling command streams through WMI interfaces.
CVE-2023-28558 1Qualcomm 195315 5g Iot Modem Firmware Aqt1000 FirmwareAr8031 Firmware+192 more Nov 21, 2024 Sep 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in WLAN handler while processing PhyID in Tx status handler.
CVE-2023-28557 1Qualcomm 273315 5g Iot Modem Firmware Aqt1000 FirmwareAr8031 Firmware+270 more Nov 21, 2024 Sep 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.
CVE-2023-28548 1Qualcomm 179Aqt1000 Firmware Ar8035 FirmwareAr9380 Firmware+176 more Nov 21, 2024 Sep 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.
CVE-2023-21636 1Qualcomm 51Aqt1000 Firmware Qca6390 FirmwareQca6391 Firmware+48 more Nov 21, 2024 Sep 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory Corruption due to improper validation of array index in Linux while updating adn record.
CVE-2022-40534 1Qualcomm 13Snapdragon W5+ Gen 1 Wearable Platform Firmware Sw5100 FirmwareSw5100p Firmware+10 more Nov 21, 2024 Sep 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption due to improper validation of array index in Audio.
CVE-2022-33275 1Qualcomm 259315 5g Iot Modem Firmware Apq5053 Aa FirmwareAqt1000 Firmware+256 more Nov 21, 2024 Sep 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range.
CVE-2023-36307 1Simonwaldherr 1Zplgfa Nov 21, 2024 Sep 5, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer index out of range during a ConvertToGraphicField call) via an image of zero width. NOTE: it is unclear whether there are common use cases in which th...Show more ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer index out of range during a ConvertToGraphicField call) via an image of zero width. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequenceShow less
CVE-2023-36308 1Disintegration 1Imaging Nov 4, 2025 Sep 5, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether th...Show more disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequenceShow less
CVE-2022-48503 1Apple 6Ipados Iphone OsMacos+3 more Oct 23, 2025 Aug 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.
CVE-2023-21650 1Qualcomm 51Aqt1000 Firmware Csrb31024 FirmwareQam8295p Firmware+48 more Nov 21, 2024 Aug 8, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length.
CVE-2023-29458 1Zabbix 1Zabbix Nov 3, 2025 Jul 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is...Show more Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.Show less
CVE-2023-31194 1Diagon Project 1Diagon Nov 4, 2025 Jul 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted markdown file can lead to memory corruption. A victim would need to open a malicious...Show more An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted markdown file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.Show less

Previous 1...131415...29 Next