Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

CVEs (569)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-11288 1Qualcomm 20Mdm9206 Firmware Mdm9607 FirmwareMdm9650 Firmware+17 more Nov 21, 2024 Jan 18, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Possible undefined behavior due to lack of size check in function for parameter segment_idx can lead to a read outside of the intended region in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MD...Show more Possible undefined behavior due to lack of size check in function for parameter segment_idx can lead to a read outside of the intended region in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDX24, SXR1130Show less
CVE-2018-4210 3Apple CanonicalWebkitgtk 7Iphone Os ItunesSafari+4 more Nov 21, 2024 Jan 11, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed w...Show more In iOS before 11.3, Safari before 11.1, tvOS before 11.3, watchOS before 4.3, iTunes before 12.7.4 for Windows, an array indexing issue existed in the handling of a function in javascript core. This issue was addressed with improved checks.Show less
CVE-2018-17458 2Google Redhat 4Chrome Enterprise Linux DesktopEnterprise Linux Server+1 more Nov 21, 2024 Jan 9, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An improper update of the WebAssembly dispatch table in WebAssembly in Google Chrome prior to 69.0.3497.92 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2018-11996 1Qualcomm 16Mdm9206 Firmware Mdm9607 FirmwareMdm9650 Firmware+13 more Nov 21, 2024 Nov 28, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM89...Show more When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20, SDX24.Show less
CVE-2018-5914 1Qualcomm 14Mdm9206 Firmware Mdm9607 FirmwareMdm9650 Firmware+11 more Nov 21, 2024 Oct 26, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, MDM9650, SD 210/SD 2...Show more Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.Show less
CVE-2017-18309 1Qualcomm 2Sd 845 Firmware Sd 850 Firmware Nov 21, 2024 Oct 26, 2018 N/A· v4 7.1 HIGH· v3 6.6 MEDIUM· v2 A micro-core of QMP transportation may cause a macro-core to read from or write to arbitrary memory in Snapdragon Mobile in version SD 845, SD 850.
CVE-2018-17848 2Fedoraproject Golang 2Fedora Net Nov 21, 2024 Oct 1, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (insertionModeStack).pop in node.go, called from inHe...Show more The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call.Show less
CVE-2018-11269 1Qualcomm 35Mdm9206 Firmware Mdm9607 FirmwareMdm9635m Firmware+32 more Nov 21, 2024 Sep 20, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD...Show more In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, a potential buffer overflow exists when parsing TFTP options.Show less
CVE-2018-11268 1Qualcomm 35Mdm9206 Firmware Mdm9607 FirmwareMdm9635m Firmware+32 more Nov 21, 2024 Sep 20, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD...Show more In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, a potential buffer overflow exists when parsing TFTP options.Show less
CVE-2018-11267 1Qualcomm 39Mdm9206 Firmware Mdm9607 FirmwareMdm9615 Firmware+36 more Nov 21, 2024 Sep 20, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 6...Show more In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, when sending an malformed XML data to deviceprogrammer/firehose it may do an out of bounds buffer write allowing a region of memory to be filled with 0x20.Show less
CVE-2018-11903 1Google 1Android Nov 21, 2024 Sep 19, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from caller function used as an array index for WMA interface...Show more In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from caller function used as an array index for WMA interfaces can lead to OOB write in WLAN HOST.Show less
CVE-2018-11902 1Google 1Android Nov 21, 2024 Sep 19, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to OOB access in WLAN HOST.
CVE-2018-11891 1Google 1Android Nov 21, 2024 Sep 19, 2018 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on the length of array while accessing can lead to an out of bound read in WLAN HOST function.
CVE-2018-11883 1Google 1Android Nov 21, 2024 Sep 19, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in policy mgr unit test if mode parameter in wlan function is given an out of bound value it can cause an out of...Show more In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in policy mgr unit test if mode parameter in wlan function is given an out of bound value it can cause an out of bound access while accessing the PCL table.Show less
CVE-2018-11827 1Google 1Android Nov 21, 2024 Sep 18, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper validation of array index in WMA roam synchronization handler can lead to OOB write.
CVE-2018-11299 1Google 1Android Nov 21, 2024 Sep 18, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when WLAN FW has not filled the vdev id correctly in stats events then WLAN host driver tries to access interfac...Show more In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when WLAN FW has not filled the vdev id correctly in stats events then WLAN host driver tries to access interface array without proper bound check which can lead to invalid memory access and as a side effect kernel panic or page fault.Show less
CVE-2018-16648 1Artifex 1Mupdf Nov 21, 2024 Sep 6, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha a...Show more In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow.Show less
CVE-2018-11263 1Google 1Android Nov 21, 2024 Sep 6, 2018 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radi...Show more In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radio from FW. If the radio_id received from the FW is greater than or equal to maximum, an OOB write will occur. On supported Google Pixel and Nexus devices, this has been addressed in security patch level 2018-08-05.Show less
CVE-2018-5894 1Qualcomm 24Mdm9206 Firmware Mdm9607 FirmwareMdm9650 Firmware+21 more Nov 21, 2024 Jul 6, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Improper Validation of Array Index in Multimedia While parsing an mp4 file in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur.
CVE-2018-5838 1Qualcomm 26Mdm9206 Firmware Mdm9607 FirmwareMdm9650 Firmware+23 more Nov 21, 2024 Jul 6, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger.

Previous 1...252627 28 29 Next