ReportizFlow
Filtered by vendor
Subscriptions
Total
3218 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3107 | 2 Freebsd, Netapp | 2 Freebsd, Clustered Data Ontap | 2025-07-09 | 7.5 High |
| A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service. | ||||
| CVE-2025-48172 | 1 Chmlib | 1 Chmlib | 2025-07-08 | 5.6 Medium |
| CHMLib through 2bef8d0, as used in SumatraPDF and other products, has a chm_lib.c _chm_decompress_block integer overflow. There is a resultant heap-based buffer overflow in _chm_fetch_bytes. | ||||
| CVE-2025-50404 | 2025-07-08 | 5.3 Medium | ||
| Intelbras RX1500 Router v2.2.17 and before is vulnerable to Integer Overflow. The websReadEvent function incorrectly uses the int type when processing the "command" field of the http header, causing the array to cross the boundary and overwrite other fields in the array. | ||||
| CVE-2024-43641 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-08 | 7.8 High |
| Windows Registry Elevation of Privilege Vulnerability | ||||
| CVE-2024-43635 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-08 | 8.8 High |
| Windows Telephony Service Remote Code Execution Vulnerability | ||||
| CVE-2024-43628 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-08 | 8.8 High |
| Windows Telephony Service Remote Code Execution Vulnerability | ||||
| CVE-2024-43623 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-08 | 7.8 High |
| Windows NT OS Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2024-37976 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-08 | 6.7 Medium |
| Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | ||||
| CVE-2024-43566 | 1 Microsoft | 1 Edge Chromium | 2025-07-08 | 7.5 High |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2025-5475 | 1 Sony | 2 Xav-ax8500, Xav-ax8500 Firmware | 2025-07-08 | 7.5 High |
| Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Bluetooth packets. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the elysian-bt-service process. Was ZDI-CAN-26283. | ||||
| CVE-2025-5478 | 1 Sony | 2 Xav-ax8500, Xav-ax8500 Firmware | 2025-07-08 | N/A |
| Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Bluetooth SDP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26288. | ||||
| CVE-2025-2021 | 1 Ashlar | 1 Cobalt | 2025-07-07 | N/A |
| Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25264. | ||||
| CVE-2025-2023 | 1 Ashlar | 1 Cobalt | 2025-07-07 | N/A |
| Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of LI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25348. | ||||
| CVE-2025-3360 | 1 Redhat | 1 Enterprise Linux | 2025-07-05 | 3.7 Low |
| A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function. | ||||
| CVE-2024-45780 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-07-05 | 6.7 Medium |
| A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to overflow with a crafted tar file, leading to a heap out-of-bounds write. This flaw eventually allows an attacker to circumvent secure boot protections. | ||||
| CVE-2024-45779 | 2 Gnu, Redhat | 3 Grub2, Enterprise Linux, Openshift | 2025-07-05 | 6 Medium |
| An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file reading, leading to a heap of bounds read. As a consequence, sensitive data may be leaked, or grub2 will crash. | ||||
| CVE-2024-45778 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-07-05 | 4.1 Medium |
| A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash. | ||||
| CVE-2025-0678 | 2 Gnu, Redhat | 4 Grub2, Enterprise Linux, Openshift and 1 more | 2025-07-05 | 7.8 High |
| A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the direct_read() will perform a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections. | ||||
| CVE-2025-6191 | 1 Google | 1 Chrome | 2025-07-03 | 8.8 High |
| Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-26639 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-07-03 | 7.8 High |
| Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. | ||||