Total
2944 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9183 | 1 Qualcomm | 16 Sd 410, Sd 410 Firmware, Sd 412 and 13 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 617, SD 650/52, SD 800, SD 808, and SD 810, in TQS QSEE application, while parsing "Set Certificates" command an integer overflow may result in buffer overflow.
|
|||||
| CVE-2015-9160 | 1 Qualcomm | 58 Mdm9206, Mdm9206 Firmware, Mdm9607 and 55 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, integer overflow may occur when values passed from HLOS (graphics driver busy time, and total time) in TZBSP_GFX_DCVS_UPDATE_ID are very la ...
Show More |
|||||
| CVE-2015-9150 | 1 Qualcomm | 8 Mdm9625, Mdm9625 Firmware, Mdm9635m and 5 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, SD 400, and SD 800, while computing the length of memory allocated for a Diag event, if the buffer length is very small or greater than the maximum, an integer overflow may occur, which later results in a buffer overflow.
|
|||||
| CVE-2015-9148 | 1 Qualcomm | 48 Mdm9625, Mdm9625 Firmware, Mdm9635m and 45 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, SD 400, SD 425, SD 430, SD 450, SD 600, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, in the Diag User-PD command registration function, a length variable used during buffer allocation is not checked, so if it is very large, an integer overflow followed by a buffer overf ...
Show More |
|||||
| CVE-2015-9133 | 1 Qualcomm | 16 Sd 400, Sd 400 Firmware, Sd 410 and 13 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, SD 410/12, SD 617, SD 650/52, SD 800, and SD 810, if Widevine App TZ_WV_CMD_DECRYPT_VIDEO is called with a size too large, an integer overflow may occur.
|
|||||
| CVE-2015-8751 | 1 Jasper Project | 1 Jasper | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation.
|
|||||
| CVE-2015-5297 | 1 Pixman | 1 Pixman | 2024-11-21 | 7.5 HIGH | 6.7 MEDIUM |
|
An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to crash or, potentially, execute arbitrary code.
|
|||||
| CVE-2015-4042 | 1 Gnu | 1 Coreutils | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.
|
|||||
| CVE-2015-1530 | 1 Google | 1 Android | 2024-11-21 | 6.0 MEDIUM | 7.8 HIGH |
|
media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size.
|
|||||
| CVE-2014-9994 | 1 Qualcomm | 4 Sd 400, Sd 400 Firmware, Sd 800 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, lack of validation of input could cause a integer overflow that could subsequently lead to a buffer overflow.
|
|||||
| CVE-2014-5044 | 1 Gnu | 1 Libgfortran | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.
|
|||||
| CVE-2014-4860 | 1 Tianocore | 1 Edk2 | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
|
Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase.
|
|||||
| CVE-2014-4859 | 1 Tianocore | 1 Edk2 | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
|
Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.
|
|||||
| CVE-2014-4610 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run.
|
|||||
| CVE-2014-4609 | 1 Libav | 1 Libav | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run.
|
|||||
| CVE-2014-4607 | 1 Oberhumer | 2 Liblzo2, Lzo2 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.
|
|||||
| CVE-2014-2885 | 1 Truecrypt Project | 1 Truecrypt | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in EncryptedIoQueue.c or (2) cause a denial of service (memory consumption) via vectors involving large StartingOffset and Length values in the ProcessVolumeDeviceControlIrp function in Ntdriver.c.
|
|||||
| CVE-2014-0147 | 3 Fedoraproject, Qemu, Redhat | 10 Fedora, Qemu, Enterprise Linux Desktop and 7 more | 2024-11-21 | N/A | 6.2 MEDIUM |
|
Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.
|
|||||
| CVE-2013-3493 | 1 Xnview | 1 Xnview | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
XnView 2.03 has an integer overflow vulnerability
|
|||||
| CVE-2013-3486 | 1 Irfanview | 1 Flashpix Plugin | 2024-11-21 | 9.3 HIGH | 9.6 CRITICAL |
|
IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerability
|
|||||
| CVE-2013-2807 | 1 Rockwellautomation | 1 Rslinx Enterprise | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “Total Record Size” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size” that will cau ...
Show More |
|||||
| CVE-2013-2806 | 1 Rockwellautomation | 1 Rslinx Enterprise | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size.” Then the ...
Show More |
|||||
| CVE-2012-5340 | 2 Artifex, Sumatrapdfreader | 2 Mupdf, Sumatrapdf | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.
|
|||||
| CVE-2011-3631 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges.
|
|||||
| CVE-2011-1298 | 2 Apple, Google | 2 Macos, Blink | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An Integer Overflow exists in WebKit in Google Chrome before Blink M11 in the macOS WebCore::GraphicsContext::fillRect function.
|
|||||
| CVE-2010-4653 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.
|
|||||
| CVE-2009-0947 | 1 Apple | 1 Files | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02.
|
|||||
| CVE-2002-2439 | 1 Gnu | 1 Gcc | 2024-11-20 | 4.6 MEDIUM | 7.8 HIGH |
|
Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts.
|
|||||
| CVE-2024-33024 | 1 Qualcomm | 362 Ar8035, Ar8035 Firmware, Csr8811 and 359 more | 2024-11-20 | N/A | 7.5 HIGH |
|
Transient DOS while parsing the ML IE when a beacon with length field inside the common info of ML IE greater than the ML IE length.
|
|||||
| CVE-2024-33022 | 1 Qualcomm | 248 Ar8035, Ar8035 Firmware, Csra6620 and 245 more | 2024-11-20 | N/A | 7.8 HIGH |
|
Memory corruption while allocating memory in HGSL driver.
|
|||||
| CVE-2024-46613 | 1 Weechat | 1 Weechat | 2024-11-19 | N/A | 9.8 CRITICAL |
|
WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two billion items in a list. This affects string_free_split_shared , string_free_split, string_free_split_command, and string_free_split_tags.
|
|||||
| CVE-2024-43635 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-18 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2024-43641 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-18 | N/A | 7.8 HIGH |
|
Windows Registry Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-43628 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-18 | N/A | 8.8 HIGH |
|
Windows Telephony Service Remote Code Execution Vulnerability
|
|||||
| CVE-2024-43623 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-15 | N/A | 7.8 HIGH |
|
Windows NT OS Kernel Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-21783 | 2024-11-15 | N/A | 4.8 MEDIUM | ||
|
Integer overflow for some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2024-49888 | 1 Linux | 1 Linux Kernel | 2024-11-13 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix a sdiv overflow issue
Zac Ecob reported a problem where a bpf program may cause kernel crash due
to the following error:
Oops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI
The failure is due to the below signed divide:
LLONG_MIN/-1 where LLONG_MIN equals to -9,223,372,036,854,775,808.
LLONG_MIN/-1 is supposed to give a positive number 9,223,372,036,854,775,808,
but it is impossible since for 64-bit system, the m ...
Show More |
|||||
| CVE-2022-48938 | 1 Linux | 1 Linux Kernel | 2024-11-08 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
CDC-NCM: avoid overflow in sanity checking
A broken device may give an extreme offset like 0xFFF0
and a reasonable length for a fragment. In the sanity
check as formulated now, this will create an integer
overflow, defeating the sanity check. Both offset
and offset + len need to be checked in such a manner
that no overflow can occur.
And those quantities should be unsigned.
|
|||||
| CVE-2024-34121 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-11-01 | N/A | 7.8 HIGH |
|
Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2022-48987 | 1 Linux | 1 Linux Kernel | 2024-11-01 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
media: v4l2-dv-timings.c: fix too strict blanking sanity checks
Sanity checks were added to verify the v4l2_bt_timings blanking fields
in order to avoid integer overflows when userspace passes weird values.
But that assumed that userspace would correctly fill in the front porch,
backporch and sync values, but sometimes all you know is the total
blanking, which is then assigned to just one of these fields.
And that can fail w ...
Show More |
|||||