Total
242 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44444 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-01-10 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services. | |||||
| CVE-2022-37301 | 1 Schneider-electric | 96 Modicon M340 Bmx P34-2010, Modicon M340 Bmx P34-2010 Firmware, Modicon M340 Bmx P34-2030 and 93 more | 2022-11-30 | N/A | 7.5 HIGH |
| A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior) | |||||
| CVE-2020-14346 | 3 Canonical, Redhat, X.org | 3 Ubuntu Linux, Enterprise Linux, Xorg-server | 2022-11-08 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2021-25121 | 1 Bestwebsoft | 1 Rating | 2022-11-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Rating by BestWebSoft WordPress plugin before 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating | |||||
| CVE-2020-14362 | 3 Canonical, Redhat, X.org | 3 Ubuntu Linux, Enterprise Linux, Xorg-server | 2022-11-03 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-14361 | 3 Canonical, Redhat, X.org | 3 Ubuntu Linux, Enterprise Linux, Xorg-server | 2022-11-03 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2021-24894 | 1 Implecode | 1 Reviews Plus | 2022-10-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/page | |||||
| CVE-2020-11208 | 1 Qualcomm | 26 Qcs603, Qcs603 Firmware, Qcs605 and 23 more | 2022-10-19 | 7.2 HIGH | 7.8 HIGH |
| Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument' in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439 | |||||
| CVE-2022-39293 | 1 Microsoft | 1 Azure Rtos Usbx | 2022-10-18 | N/A | 9.8 CRITICAL |
| Azure RTOS USBX is a high-performance USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. The case is, in [_ux_host_class_pima_read](https://github.com/azure-rtos/usbx/blob/master/common/usbx_host_classes/src/ux_host_class_pima_read.c), there is data length from device response, returned in the very first packet, and read by [L165 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L165), as header_length. Then in [L178 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L178), there is a “if” branch, which check the expression of “(header_length - UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE) > data_length” where if header_length is smaller than UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE, calculation could overflow and then [L182 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L182) the calculation of data_length is also overflow, this way the later [while loop start from L192](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L192) can move data_pointer to unexpected address and cause write buffer overflow. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). The following can be used as a workaround: Add check of `header_length`: 1. It must be greater than `UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE`. 1. It should be greater or equal to the current returned data length (`transfer_request -> ux_transfer_request_actual_length`). | |||||
| CVE-2022-27492 | 1 Whatsapp | 1 Whatsapp | 2022-09-23 | N/A | 7.8 HIGH |
| An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file. | |||||
| CVE-2022-2335 | 1 Softing | 6 Edgeaggregator, Edgeconnector, Opc and 3 more | 2022-08-19 | N/A | 7.5 HIGH |
| A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. | |||||
| CVE-2022-1698 | 1 Organizr | 1 Organizr | 2022-07-25 | 5.0 MEDIUM | 7.5 HIGH |
| Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications. | |||||
| CVE-2021-21811 | 1 Att | 1 Xmill | 2022-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-1108 | 1 Nvidia | 10 Jetson Agx Xavier, Jetson Linux, Jetson Nano and 7 more | 2022-07-08 | 4.6 MEDIUM | 7.3 HIGH |
| NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system. | |||||
| CVE-2021-2390 | 2 Netapp, Oracle | 2 Oncommand Insight, Mysql Server | 2022-06-28 | 7.1 HIGH | 5.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2019-5099 | 1 Leadtools | 1 Leadtools | 2022-06-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this vulnerability. | |||||
| CVE-2019-5144 | 1 Kakadusoftware | 1 Kakadu Software | 2022-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable heap underflow vulnerability exists in the derive_taps_and_gains function in kdu_v7ar.dll of Kakadu Software SDK 7.10.2. A specially crafted jp2 file can cause a heap overflow, which can result in remote code execution. An attacker could provide a malformed file to the victim to trigger this vulnerability. | |||||
| CVE-2021-40589 | 1 Zangband-data Project | 1 Zangband-data | 2022-06-15 | 7.5 HIGH | 9.8 CRITICAL |
| ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits. | |||||
| CVE-2019-5148 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2022-06-13 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability. | |||||
| CVE-2022-29204 | 1 Google | 1 Tensorflow | 2022-06-02 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a positive scalar but there is no validation. Since this value is used to allocate the output tensor, a negative value would result in a `CHECK`-failure (assertion failure), as per TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||