Input validation

The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code...

CVE-2023-0755

CVE-2023-0755 maps to a PTC ThingWorx Edge C-SDK vulnerability (and related components) caused by improper validation of array index, leading to potential remote code execution and server crash. Affected products (per ICSA/CISA and related sources) include ThingWorx Edge C-SDK (versions up to 2.2...

CVE-2023-0755

The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code...

PT-2023-16504 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX affected versions not specified Description: The issue is related to an improper validation of array index. This could allow an attacker to crash the server and remotely execute arbitrary code. Recommendations: At the moment, there ...

K15911: Linux kernel vulnerabilities CVE-2014-3182 and CVE-2014-3183

Security Advisory Description Description CVE-2014-3182 Array index error in the logidjrawevent function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service invalid kfree via a crafted devi...

SUSE CVE-2007-2831

Array index error in the 1 ieee80211ioctlgetwmmparams and 2 ieee80211ioctlsetwmmparams functions in net80211/ieee80211wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service system crash, possibly obtain kernel memory contents, and possibly execute arbitrary code via ...

SUSE CVE-2007-3329

Multiple array index errors in the 1 getintrablock, 2 getinterblockh263, and 3 getinterblockmpeg functions in src/bitstream/mbcoding.c in Xvid 1.1.2 allow remote attackers to execute arbitrary code via a crafted a Avi, b H.263, or c MPEG file...

SUSE CVE-2007-5760

Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index...

SUSE CVE-2008-1686

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure...

SUSE CVE-2008-5498

Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument aka the bgdcolor or clrBack argument for an indexed image...

SUSE CVE-2008-5744

Array index error in the dahdi/tor2.c driver in Zaptel aka DAHDI 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong variable in a range check...

SUSE CVE-2009-0398

Array index error in the gstqtptrakhandler function in gst/qtdemux/qtdemux.c in GStreamer Plug-ins aka gstreamer-plugins 0.6.0 allows remote attackers to have an unknown impact via a crafted QuickTime media file...

SUSE CVE-2009-0689

Array index error in the 1 dtoa implementation in dtoa.c aka pdtoa.c and the 2 gdtoa aka new dtoa implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x...

SUSE CVE-2009-2559

Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service crash via unspecified vectors related to an array index error. NOTE: some of these details are obtained from third party information...

SUSE CVE-2009-2990

Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors...

SUSE CVE-2010-1791

Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving a JavaScript array index...

SUSE CVE-2010-2161

Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code."...

SUSE CVE-2010-3631

Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors...

SUSE CVE-2010-3704

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code v...

SUSE CVE-2011-1169

Array index error in the asihpihpiioctl function in sound/pci/asihpi/hpioctl.c in the AudioScience HPI driver in the Linux kernel before 2.6.38.1 might allow local users to cause a denial of service memory corruption or possibly gain privileges via a crafted adapter index value that triggers acce...