Filtered by CWE-681
Filtered by vendor Subscriptions
Total 111 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-49093 2024-12-20 8.8 High
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
CVE-2024-38044 1 Microsoft 5 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 2 more 2024-12-10 7.2 High
DHCP Server Service Remote Code Execution Vulnerability
CVE-2024-1552 4 Debian, Linux, Mozilla and 1 more 9 Debian Linux, Linux Kernel, Firefox and 6 more 2024-12-10 7.5 High
Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
CVE-2024-26162 1 Microsoft 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more 2024-12-06 8.8 High
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2024-7747 2024-11-29 6.5 Medium
The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. This is due to a numerical logic flaw when transferring funds to another user. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create funds during a transfer and distribute these funds to any number of other users or their own account, rendering products free. Attackers could also request to withdraw funds if the Wallet Withdrawal extension is used and the request is approved by an administrator.
CVE-2023-46848 2 Redhat, Squid-cache 6 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux Server Aus and 3 more 2024-11-23 8.6 High
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
CVE-2024-32481 2024-11-21 5.3 Medium
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a `range` of the form `range(start, start + N)`, if `start` is negative, the execution will always revert. This issue is caused by an incorrect assertion inserted by the code generation of the range `stmt.parse_For_range()`. The issue arises when `start` is signed, instead of using `sle`, `le` is used and `start` is interpreted as an unsigned integer for the comparison. If it is a negative number, its 255th bit is set to `1` and is hence interpreted as a very large unsigned integer making the assertion always fail. Any contract having a `range(start, start + N)` where `start` is a signed integer with the possibility for `start` to be negative is affected. If a call goes through the loop while supplying a negative `start` the execution will revert. Version 0.4.0b1 fixes the issue.
CVE-2023-5184 1 Zephyrproject 1 Zephyr 2024-11-21 7 High
 Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers.
CVE-2023-3635 2 Redhat, Squareup 6 Amq Streams, Jboss Enterprise Bpms Platform, Jboss Fuse and 3 more 2024-11-21 5.9 Medium
GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.
CVE-2023-29346 1 Microsoft 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more 2024-11-21 7.8 High
NTFS Elevation of Privilege Vulnerability
CVE-2023-28063 1 Dell 582 Alienware M15 R6, Alienware M15 R6 Firmware, Alienware M15 R7 and 579 more 2024-11-21 6.7 Medium
Dell BIOS contains a Signed to Unsigned Conversion Error vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to denial of service.
CVE-2023-24884 1 Microsoft 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more 2024-11-21 8.8 High
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVE-2023-23401 1 Microsoft 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more 2024-11-21 7.8 High
Windows Media Remote Code Execution Vulnerability
CVE-2023-23388 1 Microsoft 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more 2024-11-21 8.8 High
Windows Bluetooth Driver Elevation of Privilege Vulnerability
CVE-2023-21736 1 Microsoft 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more 2024-11-21 7.8 High
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2023-20006 1 Cisco 6 Adaptive Security Appliance Software, Firepower 2110, Firepower 2120 and 3 more 2024-11-21 8.6 High
A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to an implementation error within the cryptographic functions for SSL/TLS traffic processing when they are offloaded to the hardware. An attacker could exploit this vulnerability by sending a crafted stream of SSL/TLS traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected error in the hardware-based cryptography engine, which could cause the device to reload.
CVE-2023-0185 4 Citrix, Nvidia, Redhat and 1 more 4 Hypervisor, Virtual Gpu, Enterprise Linux Kernel-based Virtual Machine and 1 more 2024-11-21 6.7 Medium
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure.
CVE-2022-43663 1 Wellintech 1 Kinghistorian 2024-11-21 8.1 High
An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2022-42324 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2024-11-21 5.5 Medium
Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32_t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most significant bit, and then creates unsigned/signed confusion in the remainder. This in turn can feed a negative value into logic not expecting a negative value, resulting in unexpected exceptions being thrown. The unexpected exception is not handled suitably, creating a busy-loop trying (and failing) to take the bad packet out of the xenstore ring.
CVE-2022-40225 1 Siemens 3 Siplus Tim 1531 Irc, Siplus Tim 1531 Irc Firmware, Tim 1531 Irc 2024-11-21 6.5 Medium
A vulnerability has been identified in SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). Casting an internal value could lead to floating point exception under certain circumstances. This could allow an attacker to cause a denial of service condition on affected devices.