Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

CVEs (569)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-28602 2Cgal Debian 2Computational Geometry Algorithms Library Debian Linux Nov 21, 2024 Apr 18, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lea...Show more Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser<PMDEC>::read_vertex() Halfedge_of[].Show less
CVE-2021-21949 1Accusoft 1Imagegear Nov 21, 2024 Apr 14, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An improper array index validation vulnerability exists in the JPEG-JFIF Scan header parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to an out-of-bounds write and potential code exectu...Show more An improper array index validation vulnerability exists in the JPEG-JFIF Scan header parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to an out-of-bounds write and potential code exectuion. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2021-21947 1Accusoft 1Imagegear Nov 21, 2024 Apr 14, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can...Show more Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer overflow takes place when the `SOF3` precision is greater or equal than 9.Show less
CVE-2022-1237 1Radare 1Radare2 Nov 21, 2024 Apr 6, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https:...Show more Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).Show less
CVE-2022-27223 3Debian LinuxNetapp 10Active Iq Unified Manager Debian LinuxH300e Firmware+7 more Nov 21, 2024 Mar 16, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.
CVE-2022-26100 1Sap 1Sapcar Nov 21, 2024 Mar 10, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obtain privileged access to the system.
CVE-2021-30325 1Qualcomm 159Apq8096au Firmware Ar8031 FirmwareAr8035 Firmware+156 more Nov 21, 2024 Feb 11, 2022 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapd...Show more Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and NetworkingShow less
CVE-2021-35005 1Teamviewer 1Teamviewer Nov 21, 2024 Jan 24, 2022 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 This vulnerability allows local attackers to disclose sensitive information on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order...Show more This vulnerability allows local attackers to disclose sensitive information on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TeamViewer service. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated array. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-13818.Show less
CVE-2022-21310 2Netapp Oracle 3Mysql Oncommand InsightOncommand Workflow Automation Nov 21, 2024 Jan 19, 2022 N/A· v4 6.3 MEDIUM· v3 4.0 MEDIUM· v2 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to e...Show more Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).Show less
CVE-2021-30311 1Qualcomm 67Ar8035 Firmware Qca6390 FirmwareQca6391 Firmware+64 more Nov 21, 2024 Jan 13, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Possible heap overflow due to lack of index validation before allocating and writing to heap buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2021-39985 1Huawei 1Harmonyos May 22, 2025 Jan 3, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The HwNearbyMain module has a Improper Validation of Array Index vulnerability.Successful exploitation of this vulnerability may cause a process to restart.
CVE-2021-30282 1Qualcomm 125Ar8031 Firmware Ar8035 FirmwareCsr8811 Firmware+122 more Nov 21, 2024 Jan 3, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Possible out of bound write in RAM partition table due to improper validation on number of partitions provided in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industri...Show more Possible out of bound write in RAM partition table due to improper validation on number of partitions provided in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and NetworkingShow less
CVE-2021-37062 1Huawei 1Harmonyos Nov 21, 2024 Dec 7, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory overflow and information leakage.
CVE-2021-37057 1Huawei 1Harmonyos Nov 21, 2024 Dec 7, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to restart the phone.
CVE-2021-30255 1Qualcomm 188Apq8009 Firmware Apq8009w FirmwareApq8017 Firmware+185 more Nov 21, 2024 Nov 12, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Possible buffer overflow due to improper input validation in PDM DIAG command in FTM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Sn...Show more Possible buffer overflow due to improper input validation in PDM DIAG command in FTM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesShow less
CVE-2021-1117 1Nvidia 1Gpu Display Driver Nov 21, 2024 Oct 27, 2021 N/A· v4 5.5 MEDIUM· v3 1.9 LOW· v2 Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an attacker through specific configuration and with local unprivileged system access may cause improper input vali...Show more Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an attacker through specific configuration and with local unprivileged system access may cause improper input validation, which may lead to denial of service.Show less
CVE-2021-35598 2Netapp Oracle 3Mysql Cluster Oncommand InsightSnapcenter Nov 21, 2024 Oct 20, 2021 N/A· v4 6.3 MEDIUM· v3 4.0 MEDIUM· v2 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to e...Show more Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).Show less
CVE-2021-35594 2Netapp Oracle 3Mysql Cluster Oncommand InsightSnapcenter Nov 21, 2024 Oct 20, 2021 N/A· v4 6.3 MEDIUM· v3 4.0 MEDIUM· v2 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to e...Show more Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).Show less
CVE-2021-35592 2Netapp Oracle 3Mysql Cluster Oncommand InsightSnapcenter Nov 21, 2024 Oct 20, 2021 N/A· v4 6.3 MEDIUM· v3 4.0 MEDIUM· v2 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerabili...Show more Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).Show less
CVE-2021-38654 1Microsoft 2365 Apps Office Nov 21, 2024 Sep 15, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Microsoft Office Visio Remote Code Execution Vulnerability

Previous 1...181920...29 Next