Total
2446 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20693 | 3 Google, Linuxfoundation, Mediatek | 15 Android, Yocto, Mt6739 and 12 more | 2023-07-07 | N/A | 7.5 HIGH |
| In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664711; Issue ID: ALPS07664711. | |||||
| CVE-2023-20691 | 3 Google, Linuxfoundation, Mediatek | 10 Android, Yocto, Mt6739 and 7 more | 2023-07-07 | N/A | 7.5 HIGH |
| In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664731; Issue ID: ALPS07664731. | |||||
| CVE-2023-20689 | 3 Google, Linuxfoundation, Mediatek | 10 Android, Yocto, Mt6739 and 7 more | 2023-07-07 | N/A | 7.5 HIGH |
| In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664741; Issue ID: ALPS07664741. | |||||
| CVE-2023-20755 | 2 Google, Mediatek | 55 Android, Mt6580, Mt6731 and 52 more | 2023-07-07 | N/A | 6.7 MEDIUM |
| In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07509605. | |||||
| CVE-2023-20756 | 2 Google, Mediatek | 55 Android, Mt6580, Mt6731 and 52 more | 2023-07-07 | N/A | 6.7 MEDIUM |
| In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07549928. | |||||
| CVE-2022-28331 | 2 Apache, Microsoft | 2 Portable Runtime, Windows | 2023-07-07 | N/A | 9.8 CRITICAL |
| On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow. | |||||
| CVE-2022-3515 | 2 Gnupg, Gpg4win | 4 Gnupg, Libksba, Vs-desktop and 1 more | 2023-07-06 | N/A | 9.8 CRITICAL |
| A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment. | |||||
| CVE-2023-21193 | 1 Google | 1 Android | 2023-07-05 | N/A | 7.5 HIGH |
| In VideoFrame of VideoFrame.h, there is a possible abort due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233006499 | |||||
| CVE-2023-25004 | 1 Autodesk | 17 Alias, Autocad, Autocad Advance Steel and 14 more | 2023-07-05 | N/A | 7.8 HIGH |
| A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution. | |||||
| CVE-2022-48334 | 1 Widevine | 1 Trusted Application | 2023-07-03 | N/A | 9.8 CRITICAL |
| Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys total_len+file_name_len integer overflow and resultant buffer overflow. | |||||
| CVE-2022-48335 | 1 Widevine | 1 Trusted Application | 2023-07-03 | N/A | 9.8 CRITICAL |
| Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagVerifyProvisioning integer overflow and resultant buffer overflow. | |||||
| CVE-2022-48336 | 1 Widevine | 1 Trusted Application | 2023-07-03 | N/A | 9.8 CRITICAL |
| Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagParseAndStoreData integer overflow and resultant buffer overflow. | |||||
| CVE-2022-48331 | 1 Widevine | 1 Trusted Application | 2023-07-03 | N/A | 9.8 CRITICAL |
| Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys feature_name_len integer overflow and resultant buffer overflow. | |||||
| CVE-2022-48332 | 1 Widevine | 1 Trusted Application | 2023-07-03 | N/A | 9.8 CRITICAL |
| Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys file_name_len integer overflow and resultant buffer overflow. | |||||
| CVE-2022-48333 | 1 Widevine | 1 Trusted Application | 2023-07-03 | N/A | 9.8 CRITICAL |
| Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys prefix_len+feature_name_len integer overflow and resultant buffer overflow. | |||||
| CVE-2022-32543 | 1 Estsoft | 1 Alyac | 2023-06-29 | N/A | 7.8 HIGH |
| An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-29886 | 1 Estsoft | 1 Alyac | 2023-06-28 | N/A | 7.8 HIGH |
| An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-2566 | 1 Ffmpeg | 1 Ffmpeg | 2023-06-27 | N/A | 7.8 HIGH |
| A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 | |||||
| CVE-2020-20335 | 1 Kilo Project | 1 Kilo | 2023-06-27 | N/A | 7.5 HIGH |
| Buffer Overflow vulnerability in Antirez Kilo before commit 7709a04ae8520c5b04d261616098cebf742f5a23 allows a remote attacker to cause a denial of service via the editorUpdateRow function in kilo.c. | |||||
| CVE-2023-34454 | 1 Xerial | 1 Snappy-java | 2023-06-27 | N/A | 7.5 HIGH |
| snappy-java is a fast compressor/decompressor for Java. Due to unchecked multiplications, an integer overflow may occur in versions prior to 1.1.10.1, causing an unrecoverable fatal error. The function `compress(char[] input)` in the file `Snappy.java` receives an array of characters and compresses it. It does so by multiplying the length by 2 and passing it to the rawCompress` function. Since the length is not tested, the multiplication by two can cause an integer overflow and become negative. The rawCompress function then uses the received length and passes it to the natively compiled maxCompressedLength function, using the returned value to allocate a byte array. Since the maxCompressedLength function treats the length as an unsigned integer, it doesn’t care that it is negative, and it returns a valid value, which is casted to a signed integer by the Java engine. If the result is negative, a `java.lang.NegativeArraySizeException` exception will be raised while trying to allocate the array `buf`. On the other side, if the result is positive, the `buf` array will successfully be allocated, but its size might be too small to use for the compression, causing a fatal Access Violation error. The same issue exists also when using the `compress` functions that receive double, float, int, long and short, each using a different multiplier that may cause the same issue. The issue most likely won’t occur when using a byte array, since creating a byte array of size 0x80000000 (or any other negative value) is impossible in the first place. Version 1.1.10.1 contains a patch for this issue. | |||||