Filtered by CWE-190
Filtered by vendor Subscriptions
Total 3036 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-21210 2 Oracle, Redhat 8 Java Se, Enterprise Linux, Openjdk and 5 more 2024-10-31 3.7 Low
Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2024-50610 1 Gnu 1 Gnu Scientific Library 2024-10-30 3.6 Low
GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in siman/siman.c. When params.n_tries is negative, incorrect memory allocation occurs.
CVE-2024-47024 1 Google 2 Android, Pixel 2024-10-28 7.4 High
In vring_size of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-47028 1 Google 2 Android, Pixel 2024-10-28 5.1 Medium
In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-46483 1 Xlightftpd 1 Xlight Ftp Server 2024-10-23 9.8 Critical
Xlight FTP Server <3.9.4.3 has an integer overflow vulnerability in the packet parsing logic of the SFTP server, which can lead to a heap overflow with attacker-controlled content.
CVE-2024-42643 1 Smartdns Project 1 Smartdns 2024-10-23 7.5 High
Integer Overflow in fast_ping.c in SmartDNS Release46 allows remote attackers to cause a Denial of Service via misaligned memory access.
CVE-2024-47424 2 Adobe, Microsoft 2 Framemaker, Windows 2024-10-18 7.8 High
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-38215 1 Microsoft 17 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 14 more 2024-10-16 7.8 High
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2024-38144 1 Microsoft 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more 2024-10-16 8.8 High
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2024-38128 1 Microsoft 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more 2024-10-16 8.8 High
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-41858 3 Adobe, Apple, Microsoft 3 Incopy, Macos, Windows 2024-10-15 7.8 High
InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-47416 3 Adobe, Apple, Microsoft 3 Animate, Macos, Windows 2024-10-10 7.8 High
Animate versions 23.0.7, 24.0.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-43495 1 Microsoft 6 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 3 more 2024-10-09 7.3 High
Windows libarchive Remote Code Execution Vulnerability
CVE-2024-20434 1 Cisco 1 Ios Xe 2024-10-08 4.3 Medium
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this vulnerability by sending crafted frames to an affected device. A successful exploit could allow the attacker to render the control plane of the affected device unresponsive. The device would not be accessible through the console or CLI, and it would not respond to ping requests, SNMP requests, or requests from other control plane protocols. Traffic that is traversing the device through the data plane is not affected. A reload of the device is required to restore control plane services.
CVE-2024-9123 1 Google 1 Chrome 2024-09-26 7.1 High
Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
CVE-2024-44198 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2024-09-24 5.5 Medium
An integer overflow was addressed through improved input validation. This issue is fixed in visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2023-45854 1 Shopkit Project 1 Shopkit 2024-09-20 7.5 High
A Business Logic vulnerability in Shopkit 1.0 allows an attacker to add products with negative quantities to the shopping cart via the qtd parameter in the add-to-cart function.
CVE-2024-44087 1 Siemens 1 Automation License Manager 2024-09-10 8.6 High
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification.
CVE-2024-33035 1 Qualcomm 84 Fastconnect 6200 Firmware, Fastconnect 6700 Firmware, Fastconnect 6800 Firmware and 81 more 2024-09-05 8.4 High
Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients.
CVE-2024-28044 1 Openatom 1 Openharmony 2024-09-04 3.3 Low
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause crash through integer overflow.