Total
3304 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21193 | 1 Google | 1 Android | 2024-12-04 | 7.5 High |
| In VideoFrame of VideoFrame.h, there is a possible abort due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233006499 | ||||
| CVE-2023-20755 | 2 Google, Mediatek | 55 Android, Mt6580, Mt6731 and 52 more | 2024-12-04 | 6.7 Medium |
| In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07509605. | ||||
| CVE-2024-36671 | 1 Nodemcu | 1 Nodemcu | 2024-12-04 | 9.8 Critical |
| nodemcu before v3.0.0-release_20240225 was discovered to contain an integer overflow via the getnum function at /modules/struct.c. | ||||
| CVE-2022-48336 | 1 Widevine | 1 Trusted Application | 2024-12-04 | 9.8 Critical |
| Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagParseAndStoreData integer overflow and resultant buffer overflow. | ||||
| CVE-2022-48333 | 1 Widevine | 1 Trusted Application | 2024-12-04 | 9.8 Critical |
| Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys prefix_len+feature_name_len integer overflow and resultant buffer overflow. | ||||
| CVE-2022-48335 | 1 Widevine | 1 Trusted Application | 2024-12-04 | 9.8 Critical |
| Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagVerifyProvisioning integer overflow and resultant buffer overflow. | ||||
| CVE-2023-35085 | 1 Ui | 47 U6-enterprise, U6-enterprise-iw, U6-extender and 44 more | 2024-12-04 | 9.8 Critical |
| An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.50 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update the UniFi Switches to Version 6.5.59 or later. | ||||
| CVE-2023-20693 | 3 Google, Linuxfoundation, Mediatek | 15 Android, Yocto, Mt6739 and 12 more | 2024-12-04 | 7.5 High |
| In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664711; Issue ID: ALPS07664711. | ||||
| CVE-2023-20691 | 3 Google, Linuxfoundation, Mediatek | 10 Android, Yocto, Mt6739 and 7 more | 2024-12-04 | 7.5 High |
| In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664731; Issue ID: ALPS07664731. | ||||
| CVE-2023-20690 | 3 Google, Linuxfoundation, Mediatek | 11 Android, Yocto, Mt6739 and 8 more | 2024-12-04 | 7.5 High |
| In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664735; Issue ID: ALPS07664735. | ||||
| CVE-2023-20689 | 3 Google, Linuxfoundation, Mediatek | 10 Android, Yocto, Mt6739 and 7 more | 2024-12-04 | 7.5 High |
| In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664741; Issue ID: ALPS07664741. | ||||
| CVE-2024-20795 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-12-04 | 7.8 High |
| Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-34151 | 4 Debian, Fedoraproject, Imagemagick and 1 more | 5 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 2 more | 2024-12-02 | 5.5 Medium |
| A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). | ||||
| CVE-2018-0360 | 3 Canonical, Clamav, Debian | 3 Ubuntu Linux, Clamav, Debian Linux | 2024-11-29 | N/A |
| ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c. | ||||
| CVE-2022-48334 | 1 Widevine | 1 Trusted Application | 2024-11-27 | 9.8 Critical |
| Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys total_len+file_name_len integer overflow and resultant buffer overflow. | ||||
| CVE-2023-38403 | 7 Apple, Debian, Es and 4 more | 12 Macos, Debian Linux, Iperf3 and 9 more | 2024-11-27 | 7.5 High |
| iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. | ||||
| CVE-2024-48983 | 2 Arm, Mbed | 2 Mbed, Mbed | 2024-11-25 | 7.5 High |
| An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet header. A buffer is then allocated to contain the entire packet, the size of which is calculated as the length of the packet body determined earlier plus the header length. WsfMsgAlloc then increments this again by sizeof(wsfMsg_t). This may cause an integer overflow that results in the buffer being significantly too small to contain the entire packet. This may cause a buffer overflow of up to 65 KB . This bug is trivial to exploit for a denial of service but can generally not be exploited further because the exploitable buffer is dynamically allocated. | ||||
| CVE-2018-9366 | 1 Google | 1 Android | 2024-11-22 | 7.8 High |
| In IMSA_Recv_Thread and VT_IMCB_Thread of ImsaClient.cpp and VideoTelephony.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2018-9348 | 1 Google | 1 Android | 2024-11-22 | 7.5 High |
| In SMF_ParseMetaEvent of eas_smf.c, there is a possible integer overflow. This could lead to remote denial of service due to resource exhaustion with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-25110 | 1 Microsoft | 1 Azure Uamqp | 2024-11-22 | 9.8 Critical |
| The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability. | ||||