Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the use of function return values as array indexes without checking them, which could lead to out-of-bounds...

AMD Graphics Driver 安全漏洞

AMD Graphics Driver is an integrated graphics driver from UltraMicroelectronics AMD. A security vulnerability exists in AMD Graphics Driver that stems from insufficient validation of array indexes, which could lead to out-of-bounds reads and loss of availability...

Arbitrary Code Execution

gtkwave is vulnerable to Arbitrary Code Execution. The vulnerability is due to insufficient validation of array indexes, specifically in the tdelta indexing when signallens is 0. A specially crafted .fst file can exploit these vulnerabilities to execute arbitrary code when opened by a victim...

Design/Logic Flaw

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an int as an index for an array. The typechecker allows the usage of...

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from incorrect validation of array indexes in the Kernel...

Qualcomm Chipsets Input Validation Error Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from memory corruption due to improper validation of array indexes in audio...

OESA-2023-1378 libX11 security update

Core X11 protocol client library. Security Fixes: A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions writ...

Schneider Electric PowerLogic 输入验证错误漏洞

Schneider Electric PowerLogic is an industrial control device from Schneider Electric, France. Provides increased power factor to improve power quality and troubleshoot power failures to protect networks, devices, and operators. An input validation error vulnerability exists in Schneider Electric...

Unexpected use of array indexes in HomeFi.sol

Lines of code Vulnerability details Unexpected use of array indexes in HomeFi.sol Impact Elements in array are expected to start from 0 when regular indexes are used, however, cause of the order of operations in the HomeFi.createProject function, the element 0 will never be used as index in...

Qualcomm 输入验证错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits including primarily semiconductor devices, but also passive components, etc., and from time to time fabricated on the surface of semiconductor wafers. An input validation error vulnerability exists in the Mode...

USN-5313-2: OpenJDK 11 regression

USN-5313-1 fixed vulnerabilities and added features in OpenJDK. Unfortunately, that update introduced a regression in OpenJDK 11 that could impact interoperability with some popular HTTP/2 servers making it unable to connect to said servers. This update fixes the problem. We apologize for the...

USN-5313-1: OpenJDK vulnerabilities

It was discovered that OpenJDK incorrectly handled deserialization filters. An attacker could possibly use this issue to insert, delete or obtain sensitive information. CVE-2022-21248 It was discovered that OpenJDK incorrectly read uncompressed TIFF files. An attacker could possibly use this issu...

Vulnerability Spotlight: Use-after-free vulnerability in tinyobjloader

Lilith of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered that a specific function of tinyobjloader does not properly validate array indexes. An adversary could trick a user into opening a specially crafted file, causing an index... This is only the...

DEBIAN-CVE-2020-19668

Unverified indexs into the array lead to out of bound access in the gifoutcode function in fromgif.c in libsixel 1.8.6...

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1632)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-7067 OOB Read in urldecode()

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support uncommon, urldecode function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes...

Google Android WLAN suffers from an unspecified vulnerability (CNVD-2019-28614)

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, and WLAN is a wireless connection module used in it. A security vulnerability exists in WLAN in Android, which stems from the program not properly validating array indexes. A loca...

GTetrinet: Remote code execution

Background GTetrinet is a networked Tetris clone for GNOME 2. Description Michael Gehring has found that GTetrinet fails to properly handle array indexes. Impact An attacker can potentially execute arbitrary code by sending a negative number of players to the server. Workaround There is no known...