Total
2944 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-51540 | 1 Dell | 1 Elastic Cloud Storage | 2025-01-21 | N/A | 8.1 HIGH |
|
Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges could potentially exploit this vulnerability to bypass retention policies and delete objects.
|
|||||
| CVE-2025-21338 | 1 Microsoft | 16 Office, Windows 10 1507, Windows 10 1607 and 13 more | 2025-01-21 | N/A | 7.8 HIGH |
|
GDI+ Remote Code Execution Vulnerability
|
|||||
| CVE-2025-21382 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-01-17 | N/A | 7.8 HIGH |
|
Windows Graphics Component Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-23022 | 1 Freetype | 1 Freetype | 2025-01-16 | N/A | 4.0 MEDIUM |
|
FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c.
|
|||||
| CVE-2024-21428 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2025-01-15 | N/A | 8.8 HIGH |
|
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
|
|||||
| CVE-2024-28942 | 1 Microsoft | 3 Ole Db Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-15 | N/A | 8.8 HIGH |
|
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2022-48480 | 1 Huawei | 1 Emui | 2025-01-15 | N/A | 7.5 HIGH |
|
Integer overflow vulnerability in some phones. Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2024-28923 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-14 | N/A | 6.4 MEDIUM |
|
Secure Boot Security Feature Bypass Vulnerability
|
|||||
| CVE-2024-28931 | 1 Microsoft | 5 Odbc Driver For Sql Server, Sql Server 2019, Sql Server 2022 and 2 more | 2025-01-14 | N/A | 8.8 HIGH |
|
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-28936 | 1 Microsoft | 5 Odbc Driver For Sql Server, Sql Server 2019, Sql Server 2022 and 2 more | 2025-01-14 | N/A | 8.8 HIGH |
|
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2024-28929 | 1 Microsoft | 5 Odbc Driver For Sql Server, Sql Server 2019, Sql Server 2022 and 2 more | 2025-01-14 | N/A | 8.8 HIGH |
|
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2023-32307 | 2 Debian, Signalwire | 2 Debian Linux, Sofia-sip | 2025-01-14 | N/A | 7.5 HIGH |
|
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification.
Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/s ...
Show More |
|||||
| CVE-2024-49112 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-14 | N/A | 9.8 CRITICAL |
|
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
|
|||||
| CVE-2024-21454 | 1 Qualcomm | 6 Auto 4g Modem, Auto 4g Modem Firmware, Auto 5g Modem-rf and 3 more | 2025-01-13 | N/A | 7.5 HIGH |
|
Transient DOS while decoding the ToBeSignedMessage in Automotive Telematics.
|
|||||
| CVE-2024-21470 | 1 Qualcomm | 66 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 63 more | 2025-01-13 | N/A | 8.4 HIGH |
|
Memory corruption while allocating memory for graphics.
|
|||||
| CVE-2024-45555 | 1 Qualcomm | 82 Msm8996au, Msm8996au Firmware, Qam8255p and 79 more | 2025-01-13 | N/A | 8.4 HIGH |
|
Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image.
|
|||||
| CVE-2024-56451 | 1 Huawei | 1 Harmonyos | 2025-01-13 | N/A | 7.3 HIGH |
|
Integer overflow vulnerability during glTF model loading in the 3D engine module
Impact: Successful exploitation of this vulnerability may affect availability.
|
|||||
| CVE-2024-10917 | 1 Eclipse | 1 Openj9 | 2025-01-09 | N/A | 3.7 LOW |
|
In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters.
|
|||||
| CVE-2024-40765 | 2025-01-09 | N/A | 9.8 CRITICAL | ||
|
An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.
|
|||||
| CVE-2024-26171 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-08 | N/A | 6.7 MEDIUM |
|
Secure Boot Security Feature Bypass Vulnerability
|
|||||
| CVE-2024-55656 | 2025-01-08 | N/A | 8.8 HIGH | ||
|
RedisBloom adds a set of probabilistic data structures to Redis. There is an integer overflow vulnerability in RedisBloom, which is a module used in Redis. The integer overflow vulnerability allows an attacker (a redis client which knows the password) to allocate memory in the heap lesser than the required memory due to wraparound. Then read and write can be performed beyond this allocated memory, leading to info leak and OOB write. The integer overflow is in CMS.INITBYDIM command, which initial ...
Show More |
|||||
| CVE-2024-51737 | 2025-01-08 | N/A | 7.0 HIGH | ||
|
RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an integer overflow, leading to heap overflow and potential remote code execution. This vulnerability is fixed in 2.6.24, 2.8.21, and 2.10.10. Avoid setting value of -1 or large values for configuration paramet ...
Show More |
|||||
| CVE-2024-51480 | 2025-01-08 | N/A | 7.0 HIGH | ||
|
RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This vulnerability is fixed in 1.6.20, 1.8.15, 1.10.15, and 1.12.3.
|
|||||
| CVE-2024-30021 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-01-08 | N/A | 6.8 MEDIUM |
|
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
|
|||||
| CVE-2024-30012 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-01-08 | N/A | 6.8 MEDIUM |
|
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
|
|||||
| CVE-2024-49078 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-01-08 | N/A | 6.8 MEDIUM |
|
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-49089 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-08 | N/A | 7.2 HIGH |
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
|||||
| CVE-2024-49085 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-01-08 | N/A | 8.8 HIGH |
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
|||||
| CVE-2024-3757 | 1 Openatom | 1 Openharmony | 2025-01-02 | N/A | 3.3 LOW |
|
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow.
|
|||||
| CVE-2024-7025 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
|
Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2023-35644 | 1 Microsoft | 8 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 5 more | 2025-01-01 | N/A | 7.8 HIGH |
|
Windows Sysmain Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-35905 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-12-30 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Protect against int overflow for stack access size
This patch re-introduces protection against the size of access to stack
memory being negative; the access size can appear negative as a result
of overflowing its signed int representation. This should not actually
happen, as there are other protections along the way, but we should
protect against it anyway. One code path was missing such protections
(fixed in the previous ...
Show More |
|||||
| CVE-2024-50944 | 2024-12-28 | N/A | 9.8 CRITICAL | ||
|
Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method.
|
|||||
| CVE-2023-45853 | 2 Smihica, Zlib | 2 Pyminizip, Zlib | 2024-12-20 | N/A | 9.8 CRITICAL |
|
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
|
|||||
| CVE-2019-17546 | 2 Libtiff, Osgeo | 2 Libtiff, Gdal | 2024-12-20 | 6.8 MEDIUM | 8.8 HIGH |
|
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
|
|||||
| CVE-2018-9404 | 1 Google | 1 Android | 2024-12-19 | N/A | 6.7 MEDIUM |
|
In oemCallback of ril.cpp, there is a possible out of bounds write due to an
integer overflow. This could lead to local escalation of privilege with
System execution privileges needed. User interaction is not needed for
exploitation.
|
|||||
| CVE-2017-13323 | 1 Google | 1 Android | 2024-12-18 | N/A | 7.8 HIGH |
|
In String16 of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2018-9352 | 1 Google | 1 Android | 2024-12-18 | N/A | 6.5 MEDIUM |
|
In ihevcd_allocate_dynamic_bufs of ihevcd_api.c there is a possible resource exhaustion due to integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
|
|||||
| CVE-2021-0701 | 1 Google | 1 Android | 2024-12-18 | N/A | 9.8 CRITICAL |
|
In PVRSRVBridgeSyncPrimOpCreate of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2018-9481 | 2 Apache, Google | 2 Traffic Server, Android | 2024-12-18 | N/A | 6.5 MEDIUM |
|
In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||