Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

CVEs (569)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-25241 1Siemens 7Simatic Mv420 Sr B Body Firmware Simatic Mv420 Sr B FirmwareSimatic Mv420 Sr P Body Firmware+4 more Nov 21, 2024 Mar 15, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An att...Show more A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). The underlying TCP stack of the affected products does not correctly validate the sequence number for incoming TCP RST packages. An attacker could exploit this to terminate arbitrary TCP sessions.Show less
CVE-2020-35636 2Cgal Debian 2Computational Geometry Algorithms Library Debian Linux Nov 21, 2024 Mar 4, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially crafted malformed file c...Show more A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.Show less
CVE-2020-35628 3Cgal DebianFedoraproject 3Computational Geometry Algorithms Library Debian LinuxFedora Nov 21, 2024 Mar 4, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An at...Show more A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability.Show less
CVE-2020-28636 3Cgal DebianFedoraproject 3Computational Geometry Algorithms Library Debian LinuxFedora Nov 21, 2024 Mar 4, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker ca...Show more A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability.Show less
CVE-2020-28601 3Cgal DebianFedoraproject 3Computational Geometry Algorithms Library Debian LinuxFedora Nov 21, 2024 Mar 4, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attac...Show more A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability.Show less
CVE-2020-11271 1Qualcomm 340Aqt1000 Firmware Ar8031 FirmwareAr8035 Firmware+337 more Nov 21, 2024 Feb 22, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...Show more Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and NetworkingShow less
CVE-2020-11187 1Qualcomm 98Aqt1000 Firmware Csrb31024 FirmwarePm7150a Firmware+95 more Nov 21, 2024 Feb 22, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Possible memory corruption in BSI module due to improper validation of parameter count in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile
CVE-2020-11163 1Qualcomm 250Apq8017 Firmware Aqt1000 FirmwareAr8035 Firmware+247 more Nov 21, 2024 Feb 22, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snap...Show more Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon MobileShow less
CVE-2020-11146 1Qualcomm 314Apq8076 Aqt1000Ar8031+311 more Nov 21, 2024 Jan 21, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Out of bound write while copying data using IOCTL due to lack of check of array index received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT...Show more Out of bound write while copying data using IOCTL due to lack of check of array index received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesShow less
CVE-2021-3121 2Golang Hashicorp 2Consul Protobuf Nov 21, 2024 Jan 11, 2021 N/A· v4 8.6 HIGH· v3 7.5 HIGH· v2 An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
CVE-2020-36067 1Gjson Project 1Gjson Nov 21, 2024 Jan 5, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.
CVE-2020-28852 1Golang 1Text Nov 21, 2024 Jan 2, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
CVE-2020-28851 1Golang 1Go Nov 21, 2024 Jan 2, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
CVE-2020-29245 1Tag Project 1Tag Nov 21, 2024 Dec 28, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readAtomData.
CVE-2020-29244 1Tag Project 1Tag Nov 21, 2024 Dec 28, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readTextWithDescrFrame.
CVE-2020-29243 1Tag Project 1Tag Nov 21, 2024 Dec 28, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readAPICFrame.
CVE-2020-29242 1Tag Project 1Tag Nov 21, 2024 Dec 28, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readPICFrame.
CVE-2020-20412 2Stepmania Xiph.org 2Libvorbis Stepmania Nov 21, 2024 Dec 26, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146.
CVE-2020-27485 1Garmin 1Forerunner 235 Firmware Nov 21, 2024 Nov 16, 2020 N/A· v4 9.9 CRITICAL· v3 6.5 MEDIUM· v2 Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the...Show more Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check the index provided when accessing the local variable in the LGETV and LPUTV instructions. This provides the ability to both read and write memory outside the bounds of the TVM context allocation. It can be leveraged to construct a use-after-free scenario, leading to a constrained read/write primitive across the entire MAX32630 address space. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment.Show less
CVE-2020-27483 1Garmin 1Forerunner 235 Firmware Nov 21, 2024 Nov 16, 2020 N/A· v4 9.9 CRITICAL· v3 6.5 MEDIUM· v2 Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the...Show more Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the offset provided for the stack value duplication instruction, DUP. The offset is unchecked and memory prior to the start of the execution stack can be read and treated as a TVM object. A successful exploit could use the vulnerability to leak runtime information such as the heap handle or pointer for a number of TVM context variables. Some reachable values may be controlled enough to forge a TVM object on the stack, leading to possible remote code execution.Show less

Previous 1...202122...29 Next