Total
2409 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22976 | 3 Netapp, Oracle, Vmware | 3 Active Iq Unified Manager, Financial Services Crime And Compliance Management Studio, Spring Security | 2024-06-13 | 4.3 MEDIUM | 5.3 MEDIUM |
| Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE. | |||||
| CVE-2024-30072 | 2024-06-13 | N/A | 7.8 HIGH | ||
| Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability | |||||
| CVE-2024-30064 | 2024-06-13 | N/A | 8.8 HIGH | ||
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-30067 | 2024-06-13 | N/A | 5.5 MEDIUM | ||
| Winlogon Elevation of Privilege Vulnerability | |||||
| CVE-2019-12247 | 1 Qemu | 1 Qemu | 2024-06-11 | 5.0 MEDIUM | 7.5 HIGH |
| QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable | |||||
| CVE-2019-11072 | 1 Lighttpd | 1 Lighttpd | 2024-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit. | |||||
| CVE-2024-36121 | 1 Netty | 1 Netty-incubator-codec-ohttp | 2024-06-11 | N/A | 9.1 CRITICAL |
| netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which would allow an attacker to cause the sequence number to overflow and thus the nonce to repeat. | |||||
| CVE-2019-25038 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2024-30212 | 2024-06-11 | N/A | N/A | ||
| If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works to write to this memory area. If RAM contains pointers, those can be - depending on the application - overwritten to return data from any other offset including Progam and Boot Flash. | |||||
| CVE-2024-2452 | 2024-06-10 | N/A | 7.0 HIGH | ||
| In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. This could cause subsequent heap buffer overflows. | |||||
| CVE-2024-2212 | 2024-06-10 | N/A | 7.3 HIGH | ||
| In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows. | |||||
| CVE-2024-32039 | 2024-06-10 | N/A | 9.8 CRITICAL | ||
| FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default). | |||||
| CVE-2023-40548 | 2 Fedoraproject, Redhat | 2 Fedora, Shim | 2024-06-10 | N/A | 7.4 HIGH |
| A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase. | |||||
| CVE-2024-4453 | 2024-06-10 | N/A | 7.8 HIGH | ||
| GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-23896. | |||||
| CVE-2023-47212 | 2024-06-10 | N/A | 9.8 CRITICAL | ||
| A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2023-45681 | 1 Nothings | 1 Stb Vorbis.c | 2024-06-10 | N/A | 7.8 HIGH |
| stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution. | |||||
| CVE-2021-3520 | 4 Lz4 Project, Netapp, Oracle and 1 more | 7 Lz4, Active Iq Unified Manager, Cloud Backup and 4 more | 2024-06-06 | 7.5 HIGH | 9.8 CRITICAL |
| There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well. | |||||
| CVE-2023-43545 | 2024-06-03 | N/A | 6.7 MEDIUM | ||
| Memory corruption when more scan frequency list or channels are sent from the user space. | |||||
| CVE-2024-5197 | 2024-06-03 | N/A | N/A | ||
| There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond | |||||
| CVE-2023-24909 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 8 more | 2024-05-29 | N/A | 8.8 HIGH |
| Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | |||||