Total
217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28130 | 2024-04-24 | N/A | 7.5 HIGH | ||
| An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2023-21665 | 1 Qualcomm | 440 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8905 and 437 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory corruption in Graphics while importing a file. | |||||
| CVE-2023-21651 | 1 Qualcomm | 280 Aqt1000, Aqt1000 Firmware, Ar8031 and 277 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE. | |||||
| CVE-2023-21638 | 1 Qualcomm | 72 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 69 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory corruption in Video while calling APIs with different instance ID than the one received in initialization. | |||||
| CVE-2023-21627 | 1 Qualcomm | 96 Aqt1000, Aqt1000 Firmware, Qca6390 and 93 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory corruption in Trusted Execution Environment while calling service API with invalid address. | |||||
| CVE-2022-40531 | 1 Qualcomm | 568 Apq8009, Apq8009 Firmware, Apq8017 and 565 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message. | |||||
| CVE-2022-33301 | 1 Qualcomm | 32 Qca6595, Qca6595 Firmware, Qca6595au and 29 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory corruption due to incorrect type conversion or cast in audio while using audio playback/capture when crafted address is sent from AGM IPC to AGM. | |||||
| CVE-2022-33240 | 1 Qualcomm | 18 Qca6595, Qca6595 Firmware, Qca6595au and 15 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory corruption in Audio due to incorrect type cast during audio use-cases. | |||||
| CVE-2023-33101 | 2024-04-12 | N/A | 7.5 HIGH | ||
| Transient DOS while processing DL NAS TRANSPORT message with payload length 0. | |||||
| CVE-2022-3979 | 1 Nagvis | 1 Nagvis | 2024-04-11 | 5.1 MEDIUM | 8.1 HIGH |
| A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.9.34 is able to address this issue. The identifier of the patch is 7574fd8a2903282c2e0d1feef5c4876763db21d5. It is recommended to upgrade the affected component. The identifier VDB-213557 was assigned to this vulnerability. | |||||
| CVE-2023-6249 | 2024-02-20 | N/A | 8.0 HIGH | ||
| Signed to unsigned conversion esp32_ipm_send | |||||
| CVE-2021-43537 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-02-02 | 6.8 MEDIUM | 8.8 HIGH |
| An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | |||||
| CVE-2023-45204 | 1 Siemens | 1 Tecnomatix | 2023-12-10 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a type confusion vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21268) | |||||
| CVE-2023-28162 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-12-10 | N/A | 8.8 HIGH |
| While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. | |||||
| CVE-2022-25715 | 1 Qualcomm | 64 Aqt1000, Aqt1000 Firmware, Mdm9150 and 61 more | 2023-12-10 | N/A | 7.8 HIGH |
| Memory corruption in display driver due to incorrect type casting while accessing the fence structure fields | |||||
| CVE-2022-41911 | 1 Google | 1 Tensorflow | 2023-12-10 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
| CVE-2022-41890 | 1 Google | 1 Tensorflow | 2023-12-10 | N/A | 7.5 HIGH |
| TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input `b`. We have patched the issue in GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
| CVE-2020-10735 | 3 Fedoraproject, Python, Redhat | 5 Fedora, Python, Enterprise Linux and 2 more | 2023-12-10 | N/A | 7.5 HIGH |
| A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. | |||||
| CVE-2022-22102 | 1 Qualcomm | 18 Qca6574au, Qca6574au Firmware, Qca6696 and 15 more | 2023-12-10 | N/A | 7.8 HIGH |
| Memory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Auto | |||||
| CVE-2022-21786 | 2 Google, Mediatek | 13 Android, Mt6833, Mt6853 and 10 more | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
| In audio DSP, there is a possible memory corruption due to improper casting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558822; Issue ID: ALPS06558822. | |||||