Filtered by vendor
Subscriptions
Total
359 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-29204 | 1 Google | 1 Tensorflow | 2025-06-26 | 5.5 Medium |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a positive scalar but there is no validation. Since this value is used to allocate the output tensor, a negative value would result in a `CHECK`-failure (assertion failure), as per TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | ||||
CVE-2019-16535 | 1 Clickhouse | 1 Clickhouse | 2025-06-25 | 9.8 Critical |
In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol. | ||||
CVE-2024-24474 | 1 Qemu | 1 Qemu | 2025-06-25 | 8.8 High |
QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len. | ||||
CVE-2023-38162 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2025-06-25 | 7.5 High |
DHCP Server Service Denial of Service Vulnerability | ||||
CVE-2024-21309 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 2 more | 2025-06-17 | 7.8 High |
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | ||||
CVE-2023-39414 | 1 Tonybybell | 1 Gtkwave | 2025-06-17 | 7 High |
Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer underflow when performing the right shift operation. | ||||
CVE-2023-39413 | 1 Tonybybell | 1 Gtkwave | 2025-06-17 | 7 High |
Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer underflow when performing the left shift operation. | ||||
CVE-2025-4948 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-06-17 | 7.5 High |
A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk. | ||||
CVE-2017-15874 | 1 Busybox | 1 Busybox | 2025-06-09 | 5 Medium |
archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation. | ||||
CVE-2024-0565 | 3 Linux, Netapp, Redhat | 6 Linux Kernel, Ontap Tools, Enterprise Linux and 3 more | 2025-06-03 | 6.8 Medium |
An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service. | ||||
CVE-2024-54028 | 1 Catdoc | 1 Catdoc | 2025-06-02 | 8.4 High |
An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | ||||
CVE-2025-49112 | 2025-06-02 | 3.1 Low | ||
setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used. | ||||
CVE-2024-0808 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-05-30 | 9.8 Critical |
Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) | ||||
CVE-2025-23138 | 2025-05-26 | 5.5 Medium | ||
In the Linux kernel, the following vulnerability has been resolved: watch_queue: fix pipe accounting mismatch Currently, watch_queue_set_size() modifies the pipe buffers charged to user->pipe_bufs without updating the pipe->nr_accounted on the pipe itself, due to the if (!pipe_has_watch_queue()) test in pipe_resize_ring(). This means that when the pipe is ultimately freed, we decrement user->pipe_bufs by something other than what than we had charged to it, potentially leading to an underflow. This in turn can cause subsequent too_many_pipe_buffers_soft() tests to fail with -EPERM. To remedy this, explicitly account for the pipe usage in watch_queue_set_size() to match the number set via account_pipe_buffers() (It's unclear why watch_queue_set_size() does not update nr_accounted; it may be due to intentional overprovisioning in watch_queue_set_size()?) | ||||
CVE-2022-27492 | 1 Whatsapp | 1 Whatsapp | 2025-05-22 | 7.8 High |
An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file. | ||||
CVE-2025-30324 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2025-05-22 | 7.8 High |
Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2022-49563 | 1 Linux | 1 Linux Kernel | 2025-05-21 | 5.5 Medium |
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for RSA Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scatterlist into a linear buffer. | ||||
CVE-2025-43546 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2025-05-15 | 7.8 High |
Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2025-43555 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-05-15 | 7.8 High |
Animate versions 24.0.8, 23.0.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
CVE-2022-3165 | 3 Fedoraproject, Qemu, Redhat | 3 Fedora, Qemu, Enterprise Linux | 2025-05-15 | 6.5 Medium |
An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service. |