PyO3 has an Out-of-bounds Read in `nth` / `nth_back` for `PyList` and `PyTuple` iterators

PyO3 0.24.0 added optimized implementations of Iterator::nth and DoubleEndedIterator::nthback for the BoundListIterator and BoundTupleIterator types. These implementations computed the target index using unchecked usize addition index + n before bounds-checking against the sequence length, then...

CVE-2025-70252

An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check,which leads to a stack overflow vulnerability...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003825)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003825 advisory. An issue was discovered in the Linux kernel 3.16 through 5.5.6. setfdc in drivers/block/floppy.c leads to a waittilready out-of-bounds read because the FDC index is...

CVE-2022-38695

In BootRom, there's a possible unchecked command index. This could lead to local escalation of privilege with no additional execution privileges needed...

CVE-2025-55086

In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memory read...

CVE-2025-55086

In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memory read...

CVE-2025-55086

CVE-2025-55086 affects NetXDuo (Eclipse Foundation ThreadX) prior to v6.4.4. The DHCPV6 client contains an unchecked index when extracting the server DUID from the server reply, enabling a crafted network packet to cause an out-of-memory read. Multiple sources (NVD, Red Hat, OSV, CNNVD, CIRCL) co...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a buffer overflow caused by the OPP module not checking the index in the readfreq function...

Out of bounds write triggered by crafted coverage data

Function grcov::covdir::getcoverage uses the unsafe function getuncheckedmut without validating that the index is in bounds. This results in memory corruption, and could potentially allow arbitrary code execution provided that an attacker can feed the tool crafted coverage data...

SUSE CVE-2018-11489

The DGifDecompressLine function in dgiflib.c in GIFLIB possibly version 3.0.x, as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact...

SUSE CVE-2020-11041

In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend alsa, oss, pulse, .... The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot...

Vulnerability of the SNC_io parser function <EW>::read_sedge() seh->prev() in the Nef_S2/SNC_io parser.h component of the Computational Geometry Algorithms library. This allows an attacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the SNCio parser function ::readsedge in the NefS2/SNCio parser component, located in the CGAL computational geometry algorithm library, is related to unvalidated array indexing. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise...

PT-2025-8405

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue is related to the rtw89 driver, where hardware reports an incorrect mac id, leading to memory pollution. The problem occu...

DEBIAN-CVE-2021-28877

In the standard library in Rust before 1.51.0, the Zip implementation calls iteratorgetunchecked for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait...

An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it aka CID-2e90ca68b0d2.

...

DEBIAN-CVE-2020-11041

In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend alsa, oss, pulse, .... The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot...

DEBIAN-CVE-2020-9383

An issue was discovered in the Linux kernel 3.16 through 5.5.6. setfdc in drivers/block/floppy.c leads to a waittilready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2...

Android - IOMXNodeInstance::enableNativeBuffers Unchecked Index Vulnerability

Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=932 The code in IOMXNodeInstance.cpp that handles enableNativeBuffers uses portindex without validation, leading to writing the dword value 0 or 1 at an attacker controlled offset...