Vulnerabilities (CVE)

Filtered by CWE-190
Total 2237 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-25032 2 Debian, Nlnetlabs 2 Debian Linux, Unbound 2024-03-21 7.5 HIGH 9.8 CRITICAL
Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2019-12247 1 Qemu 1 Qemu 2024-03-21 5.0 MEDIUM 7.5 HIGH
QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable
CVE-2019-11072 1 Lighttpd 1 Lighttpd 2024-03-21 7.5 HIGH 9.8 CRITICAL
lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit.
CVE-2018-13327 1 Chucunlingaigo Project 1 Chucunlingaigo 2024-03-21 5.0 MEDIUM 7.5 HIGH
The transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.
CVE-2018-13326 1 Bittelux Project 1 Bittelux 2024-03-21 5.0 MEDIUM 7.5 HIGH
The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.
CVE-2018-13144 1 Pandora Project 1 Pandora 2024-03-21 5.0 MEDIUM 7.5 HIGH
The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.
CVE-2018-13113 1 Easy Trading Token Project 1 Easy Trading Token 2024-03-21 5.0 MEDIUM 7.5 HIGH
The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.
CVE-2014-4608 4 Canonical, Linux, Opensuse and 1 more 5 Ubuntu Linux, Linux Kernel, Opensuse and 2 more 2024-03-21 7.5 HIGH N/A
Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype.
CVE-2024-1916 2024-03-15 N/A 9.8 CRITICAL
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.
CVE-2024-1917 2024-03-15 N/A 9.8 CRITICAL
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.
CVE-2024-0803 2024-03-15 N/A 9.8 CRITICAL
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet.
CVE-2022-25147 1 Apache 1 Portable Runtime Utility 2024-03-15 N/A 6.5 MEDIUM
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.
CVE-2024-22396 2024-03-14 N/A N/A
An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.
CVE-2023-48409 1 Google 1 Android 2024-03-12 N/A 7.8 HIGH
In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-36328 2 Fedoraproject, Libtom 2 Fedora, Libtommath 2024-03-07 N/A 9.8 CRITICAL
Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS).
CVE-2024-27304 2024-03-06 N/A 9.8 CRITICAL
pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.
CVE-2023-43787 3 Fedoraproject, Redhat, X.org 3 Fedora, Enterprise Linux, Libx11 2024-03-05 N/A 7.8 HIGH
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
CVE-2024-20730 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-03-01 N/A 7.8 HIGH
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-27101 2024-03-01 N/A 7.3 HIGH
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The CheckPermission, BulkCheckPermission, and LookupSubjects API methods are affected. This vulnerability is fixed in 1.29.2.
CVE-2020-13576 2 Fedoraproject, Genivia 2 Fedora, Gsoap 2024-03-01 7.5 HIGH 9.8 CRITICAL
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.