Total
3257 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3077 | 1 Zephyrproject | 1 Zephyr | 2025-01-23 | 6.8 Medium |
| An malicious BLE device can crash BLE victim device by sending malformed gatt packet | ||||
| CVE-2023-28277 | 1 Microsoft | 1 Windows Server 2022 | 2025-01-23 | 4.9 Medium |
| Windows DNS Server Information Disclosure Vulnerability | ||||
| CVE-2023-28248 | 1 Microsoft | 10 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 7 more | 2025-01-23 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2023-28237 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-23 | 7.8 High |
| Windows Kernel Remote Code Execution Vulnerability | ||||
| CVE-2023-33204 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2025-01-22 | 7.8 High |
| sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. | ||||
| CVE-2024-51540 | 1 Dell | 1 Elastic Cloud Storage | 2025-01-21 | 8.1 High |
| Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges could potentially exploit this vulnerability to bypass retention policies and delete objects. | ||||
| CVE-2023-23298 | 1 Garmin | 1 Connect-iq | 2025-01-21 | 9.8 Critical |
| The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware. | ||||
| CVE-2023-0754 | 3 Ge, Ptc, Rockwellautomation | 9 Digital Industrial Gateway Server, Kepware Server, Kepware Serverex and 6 more | 2025-01-16 | 9.8 Critical |
| The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. | ||||
| CVE-2022-48480 | 1 Huawei | 1 Emui | 2025-01-15 | 7.5 High |
| Integer overflow vulnerability in some phones. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-21454 | 1 Qualcomm | 8 Auto 4g Modem, Auto 4g Modem Firmware, Auto 5g Modem-rf and 5 more | 2025-01-13 | 7.5 High |
| Transient DOS while decoding the ToBeSignedMessage in Automotive Telematics. | ||||
| CVE-2024-21470 | 1 Qualcomm | 66 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 63 more | 2025-01-13 | 8.4 High |
| Memory corruption while allocating memory for graphics. | ||||
| CVE-2024-56451 | 1 Huawei | 1 Harmonyos | 2025-01-13 | 7.3 High |
| Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-42384 | 1 Cesanta | 1 Mongoose | 2025-01-13 | 7.5 High |
| Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application. | ||||
| CVE-2024-10917 | 1 Eclipse | 1 Openj9 | 2025-01-09 | 3.7 Low |
| In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters. | ||||
| CVE-2024-40765 | 2025-01-09 | 9.8 Critical | ||
| An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload. | ||||
| CVE-2024-55656 | 2025-01-08 | 8.8 High | ||
| RedisBloom adds a set of probabilistic data structures to Redis. There is an integer overflow vulnerability in RedisBloom, which is a module used in Redis. The integer overflow vulnerability allows an attacker (a redis client which knows the password) to allocate memory in the heap lesser than the required memory due to wraparound. Then read and write can be performed beyond this allocated memory, leading to info leak and OOB write. The integer overflow is in CMS.INITBYDIM command, which initialize a Count-Min Sketch to dimensions specified by user. It accepts two values (width and depth) and uses them to allocate memory in NewCMSketch(). This vulnerability is fixed in 2.2.19, 2.4.12, 2.6.14, and 2.8.2. | ||||
| CVE-2024-51737 | 2025-01-08 | 7 High | ||
| RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an integer overflow, leading to heap overflow and potential remote code execution. This vulnerability is fixed in 2.6.24, 2.8.21, and 2.10.10. Avoid setting value of -1 or large values for configuration parameters MAXSEARCHRESULTS and MAXAGGREGATERESULTS, to avoid exploiting large LIMIT arguments. | ||||
| CVE-2024-51480 | 2025-01-08 | 7 High | ||
| RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This vulnerability is fixed in 1.6.20, 1.8.15, 1.10.15, and 1.12.3. | ||||
| CVE-2023-33864 | 1 Renderdoc | 1 Renderdoc | 2025-01-08 | 9.8 Critical |
| StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. It uses uint32_t(m_BufferSize-m_InputSize) even though m_InputSize can exceed m_BufferSize. | ||||
| CVE-2023-33863 | 1 Renderdoc | 1 Renderdoc | 2025-01-08 | 9.8 Critical |
| SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1. | ||||