2597 matches found
CVE-2026-14193
DVP80ES300T with Improper Validation of Array Index Vulnerability...
CVE-2026-14193
The vulnerability CVE-2026-14193 affects the DVP80ES300T device and is described as an Improper Validation of Array Index vulnerability. In the provided data, the CVSS v3.1 base score is 7.5 ( HIGH ), with Network attack vector, no privileges required, no user interaction, and availability impact...
CVE-2026-14193 DVP80ES300T - Improper Validation of Array Index Vulnerability
DVP80ES300T with Improper Validation of Array Index Vulnerability...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: In the net: rose module, the function rosekillbydevice collects sockets into a local array, and then iterates over those arrays to disconnect sockets bound to devices that are being shut down. The loop mistakenly indexes arraycnt...
PT-2026-51708
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter module where the hbh mt6 check function fails to reject optsnr values supplied from userspace that exceed the capacity of the struct ip6t opts structure...
CVE-2026-45692
CVE-2026-45692 (Caddy) describes a remote admin authorization bypass where the /config traversal layer and the authorization layer disagree on the target object. Specifically, from 2.4.0 through 2.11.3, an authorized path such as /config/apps/http/servers/srv/routes/0 could be used to access or m...
SUSE-SU-2026:2584-1 Security update for exiv2
This update for exiv2 fixes the following issues - CVE-2021-34334: DoS due to integer overflow in loop counter bsc1189338. - CVE-2026-25884: out-of-bounds read in CrwMap: decode0x0805 bsc1259083. - CVE-2026-27596: integer overflow in LoaderNative: getData leads to out-of-bounds read bsc1259084. -...
Carrier Corporation i-VU Improper Validation of Array Index (CVE-2025-0657)
CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...
Automated Logic WebCTRL Improper Validation of Array Index (CVE-2025-0657)
CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...
keycloak: Keycloak: Denial of Service via malformed Authorization header
A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an...
CVE-2026-25276 Improper Validation of Array Index in Secure Processor
Memory corruption while using Strongbox due to missing bounds check...
CVE-2026-25276 Improper Validation of Array Index in Secure Processor
Memory corruption while using Strongbox due to missing bounds check...
Improper Validation of Array Index
Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Validation of Array Index through the defaultSandboxPrepareStackTrace function in lib/setup-sandbox.js. An attacker can observe or rewrite...
CVE-2026-9803
A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an...
CVE-2026-9803
A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an...
UBUNTU-CVE-2026-46037
In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmppointers Extended echo replies use ICMPEXTECHOREPLY as the outbound reply type. That value is outside the range covered by icmppointers, which only describes the traditional ICMP...
CVE-2026-46037
In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmppointers Extended echo replies use ICMPEXTECHOREPLY as the outbound reply type. That value is outside the range covered by icmppointers, which only describes the traditional ICMP...
CVE-2026-46037
The CVE-2026-46037 issue affects the Linux kernel IPv4 ICMP component. Extended echo replies could use ICMP_EXT_ECHOREPLY outside the icmp_pointers[] range; the fix avoids icmp_pointers[] lookups for out-of-range types and uses array_index_nospec() for in-range lookups. Multiple OS feeds report p...
rsync: Rsync: Out of bounds array access via negative index
An out of bounds read flaw has been discovered in rsync. A malicious client acting as the receiver of an rsync file transfer can trigger an OOB read via a negative array index. The rsync client requires at least read access to the remote rsync module to trigger the issue...
Astra Linux - уязвимость в ppp
A vulnerability classified as problematic has been discovered in ppp. The affected function is dumpppp in the file pppdump/pppdump.c of the pppdump component. Manipulation of the arguments spkt.buf/rpkt.buf leads to improper validation of array indices. The real existence of this vulnerability is...