Total
196 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1920 | 1 Qualcomm | 342 Apq8009, Apq8009 Firmware, Apq8009w and 339 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-31178 | 1 Microsoft | 6 365 Apps, Excel, Office and 3 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Office Information Disclosure Vulnerability | |||||
| CVE-2021-22379 | 1 Huawei | 2 Emui, Magic Ui | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Integer Underflow (Wrap or Wraparound) Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause DoS of Samgr. | |||||
| CVE-2021-25846 | 1 Moxa | 32 Vport 06ec-2v26m, Vport 06ec-2v26m Firmware, Vport 06ec-2v36m-ct and 29 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| Improper validation of the ChassisID TLV in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, allows attackers to cause a denial of service due to a negative number passed to the memcpy function via a crafted lldp packet. | |||||
| CVE-2021-3472 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2021-27486 | 1 Fatek | 1 Winproladder | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| FATEK Automation WinProladder Versions 3.30 and prior is vulnerable to an integer underflow, which may cause an out-of-bounds write and allow an attacker to execute arbitrary code. | |||||
| CVE-2020-24837 | 1 Zcfees Project | 1 Zcfees | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the transaction somehow and block the execution of the process function. | |||||
| CVE-2020-14378 | 3 Canonical, Dpdk, Opensuse | 3 Ubuntu Linux, Data Plane Development Kit, Leap | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period. | |||||
| CVE-2020-16273 | 1 Arm | 2 Armv8-m, Armv8-m Firmware | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| In Arm software implementing the Armv8-M processors (all versions), the stack selection mechanism could be influenced by a stack-underflow attack in v8-M TrustZone based processors. An attacker can cause a change to the stack pointer used by the Secure World from a non-secure application if the stack is not initialized. This vulnerability affects only the software that is based on Armv8-M processors with the Security Extension. | |||||
| CVE-2020-36221 | 3 Apple, Debian, Openldap | 4 Mac Os X, Macos, Debian Linux and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). | |||||
| CVE-2021-28027 | 1 Bam Project | 1 Bam | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block. | |||||
| CVE-2020-3691 | 1 Qualcomm | 506 Apq8009, Apq8009w, Apq8017 and 503 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Possible out of bound memory access in audio due to integer underflow while processing modified contents in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-36228 | 3 Apple, Debian, Openldap | 3 Macos, Debian Linux, Openldap | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service. | |||||
| CVE-2020-28194 | 1 Accel-ppp | 1 Accel-ppp | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2. It has an impact only when the attacker controls the RADIUS server, which can lead to arbitrary code execution. | |||||
| CVE-2021-28362 | 1 Contiki-os | 1 Contiki | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of invalid extension header options in an incoming IPv6 packet, there is an attempt to remove the RPL extension headers. Because the packet length and the extension header length are unchecked (with respect to the available data) at this stage, and these variables are susceptible to integer underflow, it is possible to construct an invalid extension header that will cause memory corruption issues and lead to a Denial-of-Service condition. This is related to rpl-ext-header.c. | |||||
| CVE-2020-11208 | 1 Qualcomm | 26 Qcs603, Qcs603 Firmware, Qcs605 and 23 more | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument' in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439 | |||||
| CVE-2020-24370 | 3 Debian, Fedoraproject, Lua | 3 Debian Linux, Fedora, Lua | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). | |||||
| CVE-2020-17395 | 1 Parallels | 1 Parallels Desktop | 2023-12-10 | 4.6 MEDIUM | 8.2 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the prl_naptd process. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11134. | |||||
| CVE-2019-15791 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, shiftfs_btrfs_ioctl_fd_replace() installs an fd referencing a file from the lower filesystem without taking an additional reference to that file. After the btrfs ioctl completes this fd is closed, which then puts a reference to that file, leading to a refcount underflow. | |||||
| CVE-2019-20590 | 2 Google, Qualcomm | 2 Android, Sdm660 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x) (Qualcomm chipsets) software. There is an integer underflow in the Secure Storage Trustlet. The Samsung ID is SVE-2019-13952 (July 2019). | |||||