CVE-2026-43274

A flaw was found in the Linux kernel's mailbox subsystem, specifically within the mchp-ipc-sbi component. This vulnerability involves an out-of-bounds access in the mchpipcgetclusteraggrirq function. The clustercfg array, which holds per-CPU configuration structures, was incorrectly indexed using...

CVE-2026-43034

A flaw was found in the bnxten driver within the Linux kernel. This vulnerability arises from the bnxthwrmfuncbackingstoreqcapsv2 function using an incorrect type value from the firmware response to index internal data arrays. This improper indexing could lead to memory corruption, potentially...

PT-2025-53167

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.15.0-48 Description The Linux kernel contains a flaw within the ixgbe driver related to handling XDP TX operations on systems with more than 64 CPUs. A kernel panic can occur due to an array-index-out-of-bounds...

CVE-2025-39975 smb: client: fix wrong index reference in smb2_compound_op()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix wrong index reference in smb2compoundop In smb2compoundop, the loop that processes each command's response uses wrong indices when accessing response bufferes. This incorrect indexing leads to improper handling o...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: block: fix integer overflow in BLKSECDISCARD CVE-2024-49994 In the Linux kernel, the following vulnerability has been resolved: ext4: fix access to uninitialised lock in fc replay path CVE-2024-50014 In the Linux...

CVE-2024-54137

A flaw was found in the liboqs library. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This issue results in an incorrect shared secret valu...

CVE-2024-54137

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treat...

liboqs 信息泄露漏洞

liboqs is an Open Quantum Safe open source C library for quantum-safe cryptographic algorithms. An information disclosure vulnerability exists in versions of liboqs prior to 0.12.0 that stems from an indexing error where part of the key is incorrectly treated as non-secret data, resulting in the...

PT-2022-11306 · V2Fly +1 · V2Ray-Core +1

Name of the Vulnerable Software and Affected Versions: v2fly/v2ray-core versions prior to 4.44.0 Description: The issue is related to an off-by-one error in indexing operations on arrays, slices, or strings. This error occurs when the index is checked for being less than or equal to the length =,...

tinyexr Denial of Service Vulnerability (CNVD-2021-94957)

tinyexr is a small library for loading and saving OpenEXR .exr images. tinyexr version 0.9.5 suffers from a denial-of-service vulnerability. The vulnerability stems from an array indexing error in the tinyexr::SaveEXR component. An attacker could exploit this vulnerability to cause a denial of...

tinyexr denial of service vulnerability

tinyexr is a small library for loading and saving OpenEXR .exr images. tinyexr version 0.9.5 suffers from a denial-of-service vulnerability. The vulnerability stems from an array indexing error in the tinyexr::DecodeEXRImage component. An attacker could exploit this vulnerability to cause a denia...

tinyexr commit 输入验证错误漏洞

tinyexr is a small library for loading and saving OpenEXR .exr images. tinyexr version 0.9.5 suffers from a denial-of-service vulnerability. The vulnerability stems from an array indexing error in the tinyexr::SaveEXR component. An attacker could exploit this vulnerability to cause a denial of...

Arbitrary Code Execution

gstreamer-plugins-good is vulnerable to arbitrary code execution. The vulnerability exists through multiple heap buffer overflows and an array indexing error were found in the GStreamer's QuickTime media file format decoding plugin. An attacker could create a carefully-crafted QuickTime media .mo...

Arbitrary Code Execution

gstreamer-plugins-good is vulnerable to arbitrary code execution. The vulnerability exists as multiple heap buffer overflows and an array indexing error were found in the GStreamer's QuickTime media file format decoding plugin. An attacker could create a carefully-crafted QuickTime media .mov fil...

Arbitrary Code Execution

gstreamer-plugins-good is vulnerable to arbitrary code execution. The vulnerability exists as multiple heap buffer overflows and an array indexing error were found in the GStreamer's QuickTime media file format decoding plugin. An attacker could create a carefully-crafted QuickTime media .mov fil...

Huawei EulerOS: Security Advisory for libpng12 (EulerOS-SA-2019-1391)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Foxit PhantomPDF < 8.3.11 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 8.3.11. It is, therefore affected by multiple vulnerabilities: - An uninitialized pointer flaw exists when calling xfa.event.rest XFA JavaScript that can cause the...

EulerOS Virtualization for ARM 64 3.0.1.0 : libpng12 (EulerOS-SA-2019-1391)

According to the versions of the libpng12 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An array-indexing error was discovered in the pngconverttorfc1123 function of libpng. An attacker could possibly use...

Information Disclosure

libpng is vulnerable to information disclosure. An array-indexing error was discovered in the pngconverttorfc1123 function. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image...

Symantec Protection Engine 7.0.x < 7.0.5 HF01 / 7.5.x < 7.5.3 HF03 / 7.8.x < 7.8.0 HF01 Multiple Vulnerabilities (SYM16-010)

The version of Symantec Protection Engine installed on the remote host is 7.0.x prior to 7.0.5 HF01, 7.5.x prior to 7.5.3 HF03, or 7.8.x prior to 7.8.0 HF01. It is, therefore, affected by multiple vulnerabilities : - An array indexing error exists in the Unpack::ShortLZ function within file...