Total
2237 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-25032 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-03-21 | 7.5 HIGH | 9.8 CRITICAL |
Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
CVE-2019-12247 | 1 Qemu | 1 Qemu | 2024-03-21 | 5.0 MEDIUM | 7.5 HIGH |
QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable | |||||
CVE-2019-11072 | 1 Lighttpd | 1 Lighttpd | 2024-03-21 | 7.5 HIGH | 9.8 CRITICAL |
lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit. | |||||
CVE-2018-13327 | 1 Chucunlingaigo Project | 1 Chucunlingaigo | 2024-03-21 | 5.0 MEDIUM | 7.5 HIGH |
The transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party. | |||||
CVE-2018-13326 | 1 Bittelux Project | 1 Bittelux | 2024-03-21 | 5.0 MEDIUM | 7.5 HIGH |
The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party. | |||||
CVE-2018-13144 | 1 Pandora Project | 1 Pandora | 2024-03-21 | 5.0 MEDIUM | 7.5 HIGH |
The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party. | |||||
CVE-2018-13113 | 1 Easy Trading Token Project | 1 Easy Trading Token | 2024-03-21 | 5.0 MEDIUM | 7.5 HIGH |
The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party. | |||||
CVE-2014-4608 | 4 Canonical, Linux, Opensuse and 1 more | 5 Ubuntu Linux, Linux Kernel, Opensuse and 2 more | 2024-03-21 | 7.5 HIGH | N/A |
Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype. | |||||
CVE-2024-1916 | 2024-03-15 | N/A | 9.8 CRITICAL | ||
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet. | |||||
CVE-2024-1917 | 2024-03-15 | N/A | 9.8 CRITICAL | ||
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet. | |||||
CVE-2024-0803 | 2024-03-15 | N/A | 9.8 CRITICAL | ||
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet. | |||||
CVE-2022-25147 | 1 Apache | 1 Portable Runtime Utility | 2024-03-15 | N/A | 6.5 MEDIUM |
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. | |||||
CVE-2024-22396 | 2024-03-14 | N/A | N/A | ||
An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload. | |||||
CVE-2023-48409 | 1 Google | 1 Android | 2024-03-12 | N/A | 7.8 HIGH |
In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-36328 | 2 Fedoraproject, Libtom | 2 Fedora, Libtommath | 2024-03-07 | N/A | 9.8 CRITICAL |
Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). | |||||
CVE-2024-27304 | 2024-03-06 | N/A | 9.8 CRITICAL | ||
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size. | |||||
CVE-2023-43787 | 3 Fedoraproject, Redhat, X.org | 3 Fedora, Enterprise Linux, Libx11 | 2024-03-05 | N/A | 7.8 HIGH |
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. | |||||
CVE-2024-20730 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-03-01 | N/A | 7.8 HIGH |
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-27101 | 2024-03-01 | N/A | 7.3 HIGH | ||
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The CheckPermission, BulkCheckPermission, and LookupSubjects API methods are affected. This vulnerability is fixed in 1.29.2. | |||||
CVE-2020-13576 | 2 Fedoraproject, Genivia | 2 Fedora, Gsoap | 2024-03-01 | 7.5 HIGH | 9.8 CRITICAL |
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. |