CWE-1285

Improper Validation of Specified Index, Position, or Offset in Input

Parent: CWE-20 - Improper Input Validation

The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.

49 vulnerabilities with CWE-1285
CVE-2024-36342 HIGH
GPU Driver < unknown - Buffer Overflow
CVSS 8.8
CVE-2024-10496 HIGH
NI LabVIEW < 2024 Q3 - Out-of-Bounds Read in BuildFontMap
CVSS 7.8
CVE-2024-10495 HIGH
NI LabVIEW < 2024 Q3 - Out-of-Bounds Read in Font Table Loading
CVSS 7.8
CVE-2024-10494 HIGH
NI LabVIEW < 2024 Q3 - Out-of-Bounds Read in HeapObjMapImpl.cpp
CVSS 7.8
CVE-2024-51566 MEDIUM
FreeBSD 14.1-RELEASE < p6, 13.4-RELEASE < p2, 13.3-RELEASE < p8 - Denial of Service via NVMe Driver Queue Processing
CVSS 6.5
CVE-2024-51564 HIGH
FreeBSD 14.1-RELEASE < p6, 13.4-RELEASE < p2, 13.3-RELEASE < p8 - Denial of Service via HDA Audio Driver Infinite Loop
CVSS 7.5
CVE-2024-0123 LOW
NVIDIA CUDA Toolkit < 12.6.2 - Denial of Service via Malicious ELF File in nvdisasm
CVSS 3.3
CVE-2024-41928 HIGH
FreeBSD 14.0-RELEASE-14.1-RELEASE - Out-of-bounds Read in bhyve
CVSS 8.4
CVE-2024-23612 HIGH
LabVIEW < 2024 Q1 - Remote Code Execution via Crafted VI File
CVSS 7.8
CVE-2024-23609 HIGH
LabVIEW < 2024 Q1 - Remote Code Execution via Crafted VI File
CVSS 7.8
CVE-2023-46724 HIGH
Squid 3.3.0.1-5.9 and < 6.4 - Denial of Service via Crafted SSL Certificate in TLS Handshake
CVSS 8.6
CVE-2023-39389 HIGH
Huawei EMUI and HarmonyOS - Denial of Service in PMS Module
CVSS 7.5
CVE-2023-39388 HIGH
Huawei EMUI and HarmonyOS - Denial of Service in PMS Module
CVSS 7.5
CVE-2023-36850 MEDIUM
Juniper Junos OS - Denial of Service via Malformed CFM Packet
CVSS 6.5
CVE-2023-0859 LOW
Office / Small Office Multifunction Printers and Laser Printers <11...
CVSS 2.2
CVE-2022-22223 MEDIUM
Juniper Junos OS on QFX10000 Series - Denial of Service via Transit IP/MPLS PHP Packets
CVSS 6.5
CVE-2022-22201 HIGH
Juniper Junos OS DoS via Malformed ESP Packet
CVSS 7.5
CVE-2022-36363 MEDIUM
Siemens LOGO! 8 BM Firmware - Information Disclosure via Improper Offset Validation in TCP Packets
CVSS 5.3
CVE-2022-21821 HIGH
NVIDIA CUDA Toolkit < 11.6.2 - Integer Overflow in cuobjdump
CVSS 7.8
CVE-2020-25241 HIGH
SIMATIC MV400 Family < 7.0.6 - TCP Session Termination via Invalid RST Sequence Number
CVSS 7.5
CVE-2019-25625 MEDIUM
Blob Studio 2.17 Denial of Service via Malformed Input
CVSS 6.2
CVE-2019-25622 MEDIUM
Paint Studio 2.17 Denial of Service via Malformed Input
CVSS 6.2
CVE-2019-25593 MEDIUM
jetCast Server 2.0 Denial of Service via Log Directory
CVSS 5.5
CVE-2018-25232 MEDIUM
Softros LAN Messenger 9.2 Denial of Service via Log Files Location
CVSS 5.5
Details
Vulnerabilities 49
Links
MITRE CWE Entry Search this CWE With Exploits