Total
3295 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-4291 | 1 Hancom | 1 Hancom Office 2014 | 2025-04-20 | N/A |
| When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a field from the structure in an operation that can cause the integer to overflow. This result is then used to allocate memory to copy file data in. Due to the lack of bounds checking on the integer, the allocated memory buffer can be made to be undersized at which point the reading of file data will write outside the bounds of the buffer. This can lead to code execution under the context of the application. | ||||
| CVE-2022-20597 | 1 Google | 1 Android | 2025-04-18 | 7.8 High |
| In ppmpu_set of ppmpu.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243480506References: N/A | ||||
| CVE-2022-20598 | 1 Google | 1 Android | 2025-04-18 | 7.8 High |
| In sec_media_protect of media.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege of secure mode MFC Core with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242357514References: N/A | ||||
| CVE-2024-22051 | 2 Github, Gjtorikian | 2 Cmark-gfm, Commonmarker | 2025-04-17 | 9.8 Critical |
| CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns. | ||||
| CVE-2023-38622 | 1 Tonybybell | 1 Gtkwave | 2025-04-17 | 7.8 High |
| Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `len` array. | ||||
| CVE-2022-47629 | 3 Debian, Gnupg, Redhat | 9 Debian Linux, Libksba, Enterprise Linux and 6 more | 2025-04-16 | 9.8 Critical |
| Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. | ||||
| CVE-2021-27427 | 1 Riot-os | 1 Riot | 2025-04-16 | 7.3 High |
| RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | ||||
| CVE-2021-27417 | 1 Ecoscentric | 1 Ecospro | 2025-04-16 | 4.6 Medium |
| eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow. | ||||
| CVE-2021-27411 | 1 Silabs | 1 Micrium Os | 2025-04-16 | 6.5 Medium |
| Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as very small blocks of memory being allocated instead of very large ones. | ||||
| CVE-2021-27419 | 1 Uclibc-ng Project | 1 Uclibc-ng | 2025-04-16 | 7.3 High |
| uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | ||||
| CVE-2021-27425 | 1 Cesanta | 1 Mongoose Os | 2025-04-16 | 7.3 High |
| Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | ||||
| CVE-2021-27435 | 1 Arm | 1 Mbed | 2025-04-16 | 7.3 High |
| ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | ||||
| CVE-2021-27431 | 1 Arm | 1 Cmsis-rtos | 2025-04-16 | 7.3 High |
| ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution. | ||||
| CVE-2021-27421 | 1 Nxp | 1 Mcuxpresso Software Development Kit | 2025-04-16 | 7.3 High |
| NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to unexpected behavior such segmentation fault when assigning a particular block of memory from the heap via malloc. | ||||
| CVE-2021-22680 | 1 Nxp | 1 Mqx | 2025-04-16 | 7.3 High |
| NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | ||||
| CVE-2021-27439 | 1 Tencent | 1 Tencentos-tiny | 2025-04-16 | 7.3 High |
| TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tos_mmheap_alloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | ||||
| CVE-2021-27433 | 1 Arm | 1 Mbed Ualloc | 2025-04-16 | 7.3 High |
| ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | ||||
| CVE-2025-0101 | 2025-04-16 | 6.5 Medium | ||
| A low privileged user can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes some functions to work unexpected or stop working at all. Both during runtime and after a restart. | ||||
| CVE-2022-21801 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2025-04-15 | 7.5 High |
| A denial of service vulnerability exists in the netserver recv_command functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to a reboot. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2021-21914 | 1 Accusoft | 1 Imagegear | 2025-04-15 | 8.8 High |
| A heap-based buffer overflow vulnerability exists in the DecoderStream::Append functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||