CWE-129 · Improper Validation of Array Index
580 CVEs classified under CWE-129 (Improper Validation of Array Index). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-27485 | Critical | 9.9 | 2020-11-16 | Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the a… |
CVE-2020-27483 | Critical | 9.9 | 2020-11-16 | Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the a… |
CVE-2026-21413 | Critical | 9.8 | 2026-04-07 | A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted… |
CVE-2025-27034 | Critical | 9.8 | 2025-09-24 | Memory corruption while selecting the PLMN from SOR failed list. |
CVE-2025-57052 | Critical | 9.8 | 2025-09-03 | cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass a… |
CVE-2025-3357 | Critical | 9.8 | 2025-05-28 | IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index va… |
CVE-2024-45569 | Critical | 9.8 | 2025-02-03 | Memory corruption while parsing the ML IE due to invalid frame content. |
CVE-2024-38623 | Critical | 9.8 | 2024-06-21 | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntf… |
CVE-2021-47548 | Critical | 9.8 | 2024-05-24 | In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst… |
CVE-2024-34048 | Critical | 9.8 | 2024-04-30 | O-RAN RIC I-Release e2mgr lacks array size checks in E2nodeConfigUpdateNotificationHandler. |
CVE-2024-31581 | Critical | 9.8 | 2024-04-17 | FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability… |
CVE-2024-24563 | Critical | 9.8 | 2024-02-07 | Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned inte… |
CVE-2023-28004 | Critical | 9.8 | 2023-04-18 | A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote… |
CVE-2023-26066 | Critical | 9.8 | 2023-04-10 | Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index. |
CVE-2022-33256 | Critical | 9.8 | 2023-03-10 | Memory corruption due to improper validation of array index in Multi-mode call processor. |
CVE-2023-0755 | Critical | 9.8 | 2023-02-23 | The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrar… |
CVE-2022-25720 | Critical | 9.8 | 2022-10-19 | Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon C… |
CVE-2022-26100 | Critical | 9.8 | 2022-03-10 | SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obta… |
CVE-2021-1933 | Critical | 9.8 | 2021-09-09 | UE assertion is possible due to improper validation of invite message with SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon… |
CVE-2021-38563 | Critical | 9.8 | 2021-08-11 | An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It mishandles situations in which an array size (derived from a /Size e… |