Filtered by vendor
Subscriptions
Total
300 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-28930 | 1 Microsoft | 6 Odbc Driver 17 For Sql Server, Odbc Driver 18 For Sql Server, Sql Server and 3 more | 2024-11-21 | 8.8 High |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | ||||
CVE-2024-24474 | 2024-11-21 | 8.8 High | ||
QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len. | ||||
CVE-2024-23313 | 1 The Biosig Project | 1 Libbiosig | 2024-11-21 | 9.8 Critical |
An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
CVE-2024-21466 | 1 Qualcomm | 128 Fastconnect 7800, Fastconnect 7800 Firmware, Immersive Home 3210 Platform and 125 more | 2024-11-21 | 6.5 Medium |
Information disclosure while parsing sub-IE length during new IE generation. | ||||
CVE-2024-21309 | 1 Microsoft | 8 Windows 11 21h2, Windows 11 21h2, Windows 11 22h2 and 5 more | 2024-11-21 | 7.8 High |
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | ||||
CVE-2024-0808 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 9.8 Critical |
Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) | ||||
CVE-2024-0565 | 3 Linux, Netapp, Redhat | 6 Linux Kernel, Ontap Tools, Enterprise Linux and 3 more | 2024-11-21 | 6.8 Medium |
An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service. | ||||
CVE-2023-5753 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 6.3 Medium |
Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c | ||||
CVE-2023-47360 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | 7.5 High |
Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. | ||||
CVE-2023-44378 | 1 Consensys | 1 Gnark | 2024-11-21 | 7.1 High |
gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of `a`, for small values there exists a second decomposition for `a+r` (where `r` is the modulus the values are being reduced by). The second decomposition was possible due to overflowing the field where the values are defined. Upgrading to version 0.9.0 should fix the issue without needing to change the calls to value comparison methods. | ||||
CVE-2023-43628 | 1 Gpsd Project | 1 Gpsd | 2024-11-21 | 5.9 Medium |
An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability. | ||||
CVE-2023-42753 | 3 Debian, Linux, Redhat | 9 Debian Linux, Linux Kernel, Enterprise Linux and 6 more | 2024-11-21 | 7 High |
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. | ||||
CVE-2023-42118 | 1 Exim | 1 Libspf2 | 2024-11-21 | 7.5 High |
Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-17578. | ||||
CVE-2023-40181 | 4 Debian, Fedoraproject, Freerdp and 1 more | 4 Debian Linux, Fedora, Freerdp and 1 more | 2024-11-21 | 5.3 Medium |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
CVE-2023-39414 | 1 Tonybybell | 1 Gtkwave | 2024-11-21 | 7 High |
Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer underflow when performing the right shift operation. | ||||
CVE-2023-39413 | 1 Tonybybell | 1 Gtkwave | 2024-11-21 | 7 High |
Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer underflow when performing the left shift operation. | ||||
CVE-2023-39350 | 4 Debian, Fedoraproject, Freerdp and 1 more | 4 Debian Linux, Fedora, Freerdp and 1 more | 2024-11-21 | 5.9 Medium |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
CVE-2023-38427 | 2 Linux, Netapp | 5 Linux Kernel, H300s, H410s and 2 more | 2024-11-21 | 9.8 Critical |
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts. | ||||
CVE-2023-38162 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 2 more | 2024-11-21 | 7.5 High |
DHCP Server Service Denial of Service Vulnerability | ||||
CVE-2023-36909 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2024-11-21 | 6.5 Medium |
Microsoft Message Queuing Denial of Service Vulnerability |