Packetbeat 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-02)

Improper Validation of Array Index in Packetbeat Leading to Overflow Buffers ESA-2026-02 Improper Validation of Array Index CWE-129 in Packetbeat’s MongoDB protocol parser can allow an attacker to cause Overflow Buffers CAPEC-100 through specially crafted network traffic. This requires an attacke...

EUVD-2023-31729

Malicious code in bioql PyPI...

EUVD-2023-34048

Malicious code in bioql PyPI...

CVE-2024-5680

CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver...

CVE-2024-5680

CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver...

CVE-2024-5680

CVE-2024-5680 affects the Foxboro.sys driver and is described as an Improper Validation of Array Index (CWE-129) with potential local denial-of-service or kernel memory concerns when a local attacker uses an IOCTL-based script/program. Connected sources corroborate: (1) NVD/NVD-derived descriptio...

libigl readNODE out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2024-1930 libigl readNODE out-of-bounds write vulnerability May 28, 2024 CVE Number CVE-2024-22181 SUMMARY An out-of-bounds write vulnerability exists in the readNODE functionality of libigl v2.5.0. A specially crafted .node file can lead to an out-of-bounds write...

CVE-2024-1847 Multiple vulnerabilities exist in file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024...

JustSystems Corporation Ichitaro 2023 DocumentViewStyles and DocumentEditStyles stream relative write vulnerabilities

Talos Vulnerability Report TALOS-2023-1825 JustSystems Corporation Ichitaro 2023 DocumentViewStyles and DocumentEditStyles stream relative write vulnerabilities October 19, 2023 CVE Number CVE-2023-35126 SUMMARY An out-of-bounds write vulnerability exists within the parsers for both the...

Apple DCERPC packet stats buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1660 Apple DCERPC packet stats buffer overflow vulnerability July 13, 2023 CVE Number CVE-2023-23513 SUMMARY A buffer overflow vulnerability exists in the stats logging functionality of DCERPC library as used in Apple macOS 12.6.1 A specially-crafted network...

CVE-2023-2570

A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an unpredictable index to an IOCTL call in the Foxboro.sys driver...

CVE-2023-2570

CVE-2023-2570 involves an Improper Validation of Array Index in the Foxboro.sys driver IOCTL handling, leading to local denial-of-service and potential kernel execution. Root cause: incorrect validation of an array index. Affected product context appears to be Schneider Electric EcoStruxure Foxbo...

CVE-2023-2570

A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an unpredictable index to an IOCTL call in the Foxboro.sys driver...

Google Chrome WebRTC RTCStatsCollector out of bounds memory access vulnerability

Talos Vulnerability Report TALOS-2023-1693 Google Chrome WebRTC RTCStatsCollector out of bounds memory access vulnerability May 4, 2023 CVE Number CVE-2023-0698 SUMMARY An out-of-bounds memory access vulnerability exists in stats reporting functionality of the WebRTC implementation in Google Chro...

CVE-2023-28004

A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution...

Remote code execution

A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution...

CVE-2023-28004

Schneider Electric PowerLogic HDPM6000 is affected by CVE-2023-28004 due to CWE-129: improper validation of an array index. A specially crafted Ethernet packet could cause denial of service or remote code execution. Reported affected versions include HDPM6000 0.58.6 and earlier; remediation is av...

CVE-2023-28004

A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution...

Accusoft ImageGear JPEG-JFIF Scan header parser out-of-bounds write vulnerability

Summary An improper array index validation vulnerability exists in the JPEG-JFIF Scan header parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to an out-of-bounds write and potential code exectuion. An attacker can provide a malicious file to trigger this...

tinyobjloader LoadObj improper array index validation vulnerability

Summary An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. Teste...