Filtered by vendor
Subscriptions
Total
3036 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-21210 | 2 Oracle, Redhat | 8 Java Se, Enterprise Linux, Openjdk and 5 more | 2024-10-31 | 3.7 Low |
Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | ||||
CVE-2024-50610 | 1 Gnu | 1 Gnu Scientific Library | 2024-10-30 | 3.6 Low |
GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in siman/siman.c. When params.n_tries is negative, incorrect memory allocation occurs. | ||||
CVE-2024-47024 | 1 Google | 2 Android, Pixel | 2024-10-28 | 7.4 High |
In vring_size of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2024-47028 | 1 Google | 2 Android, Pixel | 2024-10-28 | 5.1 Medium |
In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2024-46483 | 1 Xlightftpd | 1 Xlight Ftp Server | 2024-10-23 | 9.8 Critical |
Xlight FTP Server <3.9.4.3 has an integer overflow vulnerability in the packet parsing logic of the SFTP server, which can lead to a heap overflow with attacker-controlled content. | ||||
CVE-2024-42643 | 1 Smartdns Project | 1 Smartdns | 2024-10-23 | 7.5 High |
Integer Overflow in fast_ping.c in SmartDNS Release46 allows remote attackers to cause a Denial of Service via misaligned memory access. | ||||
CVE-2024-47424 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2024-10-18 | 7.8 High |
Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-38215 | 1 Microsoft | 17 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 14 more | 2024-10-16 | 7.8 High |
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | ||||
CVE-2024-38144 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2024-10-16 | 8.8 High |
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | ||||
CVE-2024-38128 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2024-10-16 | 8.8 High |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | ||||
CVE-2024-41858 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2024-10-15 | 7.8 High |
InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-47416 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | 7.8 High |
Animate versions 23.0.7, 24.0.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2024-43495 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 3 more | 2024-10-09 | 7.3 High |
Windows libarchive Remote Code Execution Vulnerability | ||||
CVE-2024-20434 | 1 Cisco | 1 Ios Xe | 2024-10-08 | 4.3 Medium |
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this vulnerability by sending crafted frames to an affected device. A successful exploit could allow the attacker to render the control plane of the affected device unresponsive. The device would not be accessible through the console or CLI, and it would not respond to ping requests, SNMP requests, or requests from other control plane protocols. Traffic that is traversing the device through the data plane is not affected. A reload of the device is required to restore control plane services. | ||||
CVE-2024-9123 | 1 Google | 1 Chrome | 2024-09-26 | 7.1 High |
Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2024-44198 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-09-24 | 5.5 Medium |
An integer overflow was addressed through improved input validation. This issue is fixed in visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
CVE-2023-45854 | 1 Shopkit Project | 1 Shopkit | 2024-09-20 | 7.5 High |
A Business Logic vulnerability in Shopkit 1.0 allows an attacker to add products with negative quantities to the shopping cart via the qtd parameter in the add-to-cart function. | ||||
CVE-2024-44087 | 1 Siemens | 1 Automation License Manager | 2024-09-10 | 8.6 High |
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification. | ||||
CVE-2024-33035 | 1 Qualcomm | 84 Fastconnect 6200 Firmware, Fastconnect 6700 Firmware, Fastconnect 6800 Firmware and 81 more | 2024-09-05 | 8.4 High |
Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients. | ||||
CVE-2024-28044 | 1 Openatom | 1 Openharmony | 2024-09-04 | 3.3 Low |
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause crash through integer overflow. |