Total
2446 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28879 | 2 Fedoraproject, Rust-lang | 2 Fedora, Rust | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again. | |||||
| CVE-2021-26260 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215. | |||||
| CVE-2021-23215 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. | |||||
| CVE-2021-21223 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-07 | 6.8 MEDIUM | 9.6 CRITICAL |
| Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-20303 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2023-11-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well. | |||||
| CVE-2021-20268 | 1 Linux | 1 Linux Kernel | 2023-11-07 | 4.6 MEDIUM | 7.8 HIGH |
| An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifier in the way a user running the eBPF script calls dev_map_init_map or sock_map_alloc. This flaw allows a local user to crash the system or possibly escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-6569 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2023-11-07 | 6.8 MEDIUM | 6.3 MEDIUM |
| Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6523 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2023-11-07 | 9.3 HIGH | 8.8 HIGH |
| Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6381 | 6 Debian, Fedoraproject, Google and 3 more | 11 Debian Linux, Fedora, Android and 8 more | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-5310 | 3 Canonical, Fedoraproject, Python | 3 Ubuntu Linux, Fedora, Pillow | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. | |||||
| CVE-2020-4030 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-11-07 | 6.4 MEDIUM | 6.5 MEDIUM |
| In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2. | |||||
| CVE-2020-36242 | 3 Cryptography Project, Fedoraproject, Oracle | 3 Cryptography, Fedora, Communications Cloud Native Core Network Function Cloud Native Environment | 2023-11-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. | |||||
| CVE-2020-35738 | 3 Debian, Fedoraproject, Wavpack | 3 Debian Linux, Fedora, Wavpack | 2023-11-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected. | |||||
| CVE-2020-35523 | 4 Debian, Libtiff, Netapp and 1 more | 4 Debian Linux, Libtiff, Ontap Select Deploy Administration Utility and 1 more | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-29361 | 2 Debian, P11-kit Project | 2 Debian Linux, P11-kit | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc. | |||||
| CVE-2020-27813 | 2 Debian, Gorillatoolkit | 2 Debian Linux, Websocket | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections. | |||||
| CVE-2020-25693 | 2 Cimg, Fedoraproject | 2 Cimg, Fedora | 2023-11-07 | 5.8 MEDIUM | 8.1 HIGH |
| A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity. | |||||
| CVE-2020-21699 | 1 Alibaba | 1 Tengine | 2023-11-07 | N/A | 7.5 HIGH |
| The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests. | |||||
| CVE-2020-15986 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-15975 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||