Total
342 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22374 | 1 Huawei | 2 Emui, Magic Ui | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Improper Validation of Array Index Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause stability risks. | |||||
| CVE-2020-18428 | 1 Tinyexr Project | 1 Tinyexr | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| tinyexr commit 0.9.5 was discovered to contain an array index error in the tinyexr::SaveEXR component, which can lead to a denial of service (DOS). | |||||
| CVE-2021-33815 | 1 Ffmpeg | 1 Ffmpeg | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked. | |||||
| CVE-2020-11291 | 1 Qualcomm | 192 Apq8017, Apq8017 Firmware, Apq8053 and 189 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Possible buffer overflow while updating ikev2 parameters for delete payloads received during informational exchange due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile | |||||
| CVE-2021-38563 | 2 Foxit, Foxitsoftware | 2 Pdf Reader, Pdf Editor | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It mishandles situations in which an array size (derived from a /Size entry) is smaller than the maximum indirect object number, and thus there is an attempted incorrect array access (leading to a NULL pointer dereference, or out-of-bounds read or write). | |||||
| CVE-2021-21833 | 1 Accusoft | 1 Imagegear | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An improper array index validation vulnerability exists in the TIF IP_planar_raster_unpack functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2020-11294 | 1 Qualcomm | 488 Ar8035, Ar8035 Firmware, Pm215 and 485 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2020-11307 | 1 Qualcomm | 242 Apq8009w, Apq8009w Firmware, Apq8017 and 239 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables | |||||
| CVE-2020-18430 | 1 Tinyexr Project | 1 Tinyexr | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| tinyexr 0.9.5 was discovered to contain an array index error in the tinyexr::DecodeEXRImage component, which can lead to a denial of service (DOS). | |||||
| CVE-2020-11134 | 1 Qualcomm | 650 Aqt1000, Aqt1000 Firmware, Ar8031 and 647 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN ranging setup attribute inside a NAN management frame are not Properly validated in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-31658 | 1 Tp-link | 4 Tl-sg2005, Tl-sg2005 Firmware, Tl-sg2008 and 1 more | 2024-02-28 | 5.8 MEDIUM | 8.1 HIGH |
| TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the "device description" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause the application to crash, and all device configuration information will be erased. | |||||
| CVE-2020-28589 | 1 Tinyobjloader Project | 1 Tinyobjloader | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2020-35634 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Sloop_of. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability. | |||||
| CVE-2021-22333 | 1 Huawei | 2 Emui, Magic Ui | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| There is an Improper Validation of Array Index vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause code to execute, thus obtaining system permissions. | |||||
| CVE-2020-35635 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability. | |||||
| CVE-2020-27483 | 1 Garmin | 2 Forerunner 235, Forerunner 235 Firmware | 2024-02-28 | 6.5 MEDIUM | 9.9 CRITICAL |
| Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the offset provided for the stack value duplication instruction, DUP. The offset is unchecked and memory prior to the start of the execution stack can be read and treated as a TVM object. A successful exploit could use the vulnerability to leak runtime information such as the heap handle or pointer for a number of TVM context variables. Some reachable values may be controlled enough to forge a TVM object on the stack, leading to possible remote code execution. | |||||
| CVE-2020-28851 | 1 Golang | 1 Go | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) | |||||
| CVE-2020-25792 | 1 Sized-chunks Project | 1 Sized-chunks | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair(). | |||||
| CVE-2020-11227 | 1 Qualcomm | 802 Apq8009, Apq8009 Firmware, Apq8009w and 799 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2020-11163 | 1 Qualcomm | 500 Apq8017, Apq8017 Firmware, Aqt1000 and 497 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||