Vulnerabilities (CVE)

Filtered by CWE-191
Total 113 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3323 1 Zephyrproject 1 Zephyr 2021-10-18 7.5 HIGH 9.8 CRITICAL
Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc
CVE-2021-3321 1 Zephyrproject 1 Zephyr 2021-10-18 5.8 MEDIUM 8.8 HIGH
Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal. Zephyr versions >= >=2.4.0 contain Integer Overflow to Buffer Overflow (CWE-680). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-w44j-66g7-xw99
CVE-2021-41821 1 Wazuh 1 Wazuh 2021-10-12 4.0 MEDIUM 6.5 MEDIUM
Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the manager.
CVE-2020-8174 3 Netapp, Nodejs, Oracle 8 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 5 more 2021-10-07 9.3 HIGH 8.1 HIGH
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
CVE-2021-1919 1 Qualcomm 310 Apq8009, Apq8009 Firmware, Apq8009w and 307 more 2021-09-14 10.0 HIGH 9.8 CRITICAL
Integer underflow can occur when the RTCP length is lesser than than the actual blocks present in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2021-1920 1 Qualcomm 342 Apq8009, Apq8009 Firmware, Apq8009w and 339 more 2021-09-14 10.0 HIGH 9.8 CRITICAL
Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2021-22379 1 Huawei 2 Emui, Magic Ui 2021-08-06 5.0 MEDIUM 7.5 HIGH
There is an Integer Underflow (Wrap or Wraparound) Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause DoS of Samgr.
CVE-2017-9214 3 Debian, Openvswitch, Redhat 6 Debian Linux, Openvswitch, Enterprise Linux and 3 more 2021-08-04 7.5 HIGH 9.8 CRITICAL
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.
CVE-2021-33536 1 Weidmueller 16 Ie-wl-bl-ap-cl-eu, Ie-wl-bl-ap-cl-eu Firmware, Ie-wl-bl-ap-cl-us and 13 more 2021-07-27 5.0 MEDIUM 7.5 HIGH
In Weidmueller Industrial WLAN devices in multiple versions an exploitable denial-of-service vulnerability exists in ServiceAgent functionality. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability.
CVE-2019-14532 1 Sleuthkit 1 The Sleuth Kit 2021-07-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table.
CVE-2020-6098 1 Freediameter 1 Freediameter 2021-07-21 5.0 MEDIUM 7.5 HIGH
An exploitable denial of service vulnerability exists in the freeDiameter functionality of freeDiameter 1.3.2. A specially crafted Diameter request can trigger a memory corruption resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2019-9755 1 Tuxera 1 Ntfs-3g 2021-07-21 4.4 MEDIUM 7.0 HIGH
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges.
CVE-2019-2297 1 Qualcomm 60 Apq8009, Apq8009 Firmware, Apq8017 and 57 more 2021-07-21 4.6 MEDIUM 7.8 HIGH
Buffer overflow can occur while processing non-standard NAN message from user space. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA660, SDA845, SDM636, SDM660, SDM845, SDX20, SDX24, SM8150
CVE-2019-13602 1 Videolan 1 Vlc Media Player 2021-07-21 6.8 MEDIUM 8.8 HIGH
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.
CVE-2019-10053 1 Suricata-ids 1 Suricata 2021-07-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow.
CVE-2019-5144 1 Kakadusoftware 1 Kakadu Software 2021-07-21 6.8 MEDIUM 8.8 HIGH
An exploitable heap underflow vulnerability exists in the derive_taps_and_gains function in kdu_v7ar.dll of Kakadu Software SDK 7.10.2. A specially crafted jp2 file can cause a heap overflow, which can result in remote code execution. An attacker could provide a malformed file to the victim to trigger this vulnerability.
CVE-2019-14523 1 Schismtracker 1 Schism Tracker 2021-07-07 6.8 MEDIUM 7.8 HIGH
An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c.
CVE-2021-26260 2 Fedoraproject, Openexr 2 Fedora, Openexr 2021-07-03 4.3 MEDIUM 5.5 MEDIUM
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.
CVE-2020-36221 3 Apple, Debian, Openldap 4 Mac Os X, Macos, Debian Linux and 1 more 2021-06-29 5.0 MEDIUM 7.5 HIGH
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).
CVE-2020-36228 3 Apple, Debian, Openldap 3 Macos, Debian Linux, Openldap 2021-06-29 5.0 MEDIUM 7.5 HIGH
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.