CWE:
 

Topic
Date
Author
High
FreeBSD Kernel Crash / Code Execution / Disclosure
28.01.2015
CoreLabs
High
Oracle VirtualBox 3D Acceleration Memory Corruption
12.03.2014
Core
High
Android MSM camera driver for the Linux kernel 3.x Buffer Overflow
14.01.2014
quicinc
High
SAP Netweaver Message Server Buffer Overflow
16.02.2013
Martin Gallo and


CVEMAP Search Results

CVE
Details
Description
2018-03-16
Medium
CVE-2017-15830

Vendor: Google
Software: Android
 

 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper ch_list array index initialization in function sme_set_plm_request() causes potential buffer overflow.

 
Medium
CVE-2017-14889

Vendor: Google
Software: Android
 

 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to the lack of a range check on the array index into the WMI descriptor pool, arbitrary address execution may potentially occur in the process mgmt completion handler.

 
2018-02-23
Medium
CVE-2017-15861

Vendor: Google
Software: Android
 

 
In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation.

 
2017-12-09
High
CVE-2017-16410

Vendor: Adobe
Software: Acrobat
 

 
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the image conversion module, when processing GIF files. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space.

 
High
CVE-2017-16391

Vendor: Adobe
Software: Acrobat
 

 
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the printing functionality. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space.

 
2017-11-22
Medium
CVE-2017-8172

Updating...
 

 
Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a out-of-bounds array access that results in smart phone restart.

 
2017-11-20
Medium
CVE-2017-16899

Vendor: Xfig project
Software: XFIG
 

 
An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.

 
2017-10-22
Medium
CVE-2017-11292

Vendor: Adobe
Software: Flash player
 

 
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.

 
2017-08-18
High
CVE-2016-10386

Vendor: Google
Software: Android
 

 
In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP.

 
2017-07-02
High
CVE-2017-8797

Vendor: Linux
Software: Linux kernel
 

 
The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top