Total
3228 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9192 | 1 Trihedral | 1 Vtscada | 2025-07-25 | N/A |
| Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation. | ||||
| CVE-2025-48964 | 1 Iputils | 1 Iputils | 2025-07-25 | 6.5 Medium |
| ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero). | ||||
| CVE-2024-47606 | 3 Debian, Gstreamer Project, Redhat | 8 Debian Linux, Gstreamer, Enterprise Linux and 5 more | 2025-07-24 | 9.8 Critical |
| GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10. | ||||
| CVE-2021-34536 | 1 Microsoft | 11 Windows 10, Windows 10 1507, Windows 10 1607 and 8 more | 2025-07-24 | 7.8 High |
| Storage Spaces Controller Elevation of Privilege Vulnerability | ||||
| CVE-2025-47268 | 2 Iputils Project, Redhat | 2 Iputils, Enterprise Linux | 2025-07-23 | 6.5 Medium |
| ping in iputils before 20250602 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication. | ||||
| CVE-2024-5197 | 3 Debian, Redhat, Webmproject | 3 Debian Linux, Enterprise Linux, Libvpx | 2025-07-22 | 9.1 Critical |
| There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond | ||||
| CVE-2024-34663 | 1 Google | 1 Android | 2025-07-17 | 5.3 Medium |
| Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory. | ||||
| CVE-2024-30067 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-16 | 5.5 Medium |
| Winlogon Elevation of Privilege Vulnerability | ||||
| CVE-2024-30064 | 1 Microsoft | 2 Windows Server 2022, Windows Server 2022 23h2 | 2025-07-16 | 8.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2024-30072 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows Server 2022 23h2 | 2025-07-16 | 7.8 High |
| Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability | ||||
| CVE-2025-22471 | 1 Dell | 1 Powerscale Onefs | 2025-07-15 | 6.5 Medium |
| Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2025-49180 | 1 Redhat | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2025-07-15 | 7.8 High |
| A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate. | ||||
| CVE-2025-49179 | 1 Redhat | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2025-07-15 | 7.3 High |
| A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks. | ||||
| CVE-2025-49176 | 1 Redhat | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2025-07-15 | 7.3 High |
| A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check. | ||||
| CVE-2025-30327 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2025-07-14 | 7.8 High |
| InCopy versions 20.2, 19.5.3 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-48172 | 1 Chmlib | 1 Chmlib | 2025-07-13 | 5.6 Medium |
| CHMLib through 2bef8d0, as used in SumatraPDF and other products, has a chm_lib.c _chm_decompress_block integer overflow. There is a resultant heap-based buffer overflow in _chm_fetch_bytes. | ||||
| CVE-2025-49531 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-07-13 | 7.8 High |
| Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-57256 | 1 Denx | 1 U-boot | 2025-07-13 | 7.1 High |
| An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite. | ||||
| CVE-2024-52035 | 1 Catdoc | 1 Catdoc | 2025-07-13 | 8.4 High |
| An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-50944 | 1 Simplcommerce | 1 Simplcommerce | 2025-07-13 | 9.8 Critical |
| Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method. | ||||