CVEbaza.plCWE DictionaryCWE-118
Common Weakness Enumeration

CWE-118

Incorrect Access of Indexable Resource ('Range Error')

Category: ClassCVE: 24
Description

The product does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.

CVE vulnerabilities with CWE-118 (24)
9.8
CVSS
CRITICAL
CVE-2015-9142

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9645, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, bounds check is missing for vtable index in DAL-TO-QDI conversion framework.

pub. 2018-04-18
9.8
CVSS
CRITICAL
CVE-2016-10495

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, made changes to map the scan type value to an index value that is in range.

pub. 2018-04-18
9.8
CVSS
CRITICAL
CVE-2015-2000

The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.

pub. 2018-03-29
9.8
CVSS
CRITICAL
CVE-2015-2001

The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.

pub. 2018-03-29
9.8
CVSS
CRITICAL
CVE-2015-2002

The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.

pub. 2018-03-29
9.8
CVSS
CRITICAL
CVE-2015-2003

The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.

pub. 2018-03-29
9.8
CVSS
CRITICAL
CVE-2015-2004

The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function.

pub. 2018-03-29
9.8
CVSS
CRITICAL
CVE-2014-9411

In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection.

pub. 2017-08-18
7.8
CVSS
HIGH
CVE-2023-37921

Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2vzt conversion utility.

pub. 2024-01-08
7.8
CVSS
HIGH
CVE-2023-37922

Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2lxt2 conversion utility.

pub. 2024-01-08
7.8
CVSS
HIGH
CVE-2023-37923

Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2lxt conversion utility.

pub. 2024-01-08
7.8
CVSS
HIGH
CVE-2018-7530

Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may allow the pointer to call an incorrect object resulting in an access of resource using incompatible type condition.

pub. 2018-04-17
7.8
CVSS
HIGH
CVE-2017-5884

gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.

pub. 2017-02-28
7.7
CVSS
HIGH
CVE-2020-3235

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the software processes specific SNMP object identifiers. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: To exploit this vulnerability by using SNMPv2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability by using SNMPv3, the attacker must know the user credentials for the affected system.

pub. 2020-06-03
7.5
CVSS
HIGH
CVE-2020-3369

A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper processing of FTP traffic. An attacker could exploit this vulnerability by sending crafted FTP packets through an affected device. A successful exploit could allow the attacker to make the device reboot continuously, causing a DoS condition.

pub. 2020-07-16
6.8
CVSS
MEDIUM
CVE-2024-43524

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

pub. 2024-10-08
6.7
CVSS
MEDIUM
CVE-2023-0201

NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable resource, which may lead to code execution, denial of service, compromised integrity, and information disclosure.

pub. 2023-04-22
6.6
CVSS
MEDIUM
CVE-2025-48902

Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may affect availability.

pub. 2025-06-06
6.5
CVSS
MEDIUM
CVE-2022-38072

An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

pub. 2023-04-03
6.5
CVSS
MEDIUM
CVE-2017-10872

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors.

pub. 2017-12-22
Showing 20 of 24 vulnerabilities
Information
ID: CWE-118
Type: Class
Vulnerabilities: 24
MITRE CWE ↗
← CWE Dictionary