Total
2446 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34843 | 1 Intel | 1 Trace Analyzer And Collector | 2023-03-02 | N/A | 7.8 HIGH |
| Integer overflow in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-14250 | 3 Canonical, Gnu, Opensuse | 3 Ubuntu Linux, Binutils, Leap | 2023-03-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. | |||||
| CVE-2019-14444 | 4 Canonical, Gnu, Netapp and 1 more | 5 Ubuntu Linux, Binutils, Hci Management Node and 2 more | 2023-03-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf. | |||||
| CVE-2018-19107 | 4 Canonical, Debian, Exiv2 and 1 more | 6 Ubuntu Linux, Debian Linux, Exiv2 and 3 more | 2023-03-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file. | |||||
| CVE-2019-16905 | 3 Netapp, Openbsd, Siemens | 7 Cloud Backup, Steelstore Cloud Integrated Storage, Openssh and 4 more | 2023-03-01 | 4.4 MEDIUM | 7.8 HIGH |
| OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH. | |||||
| CVE-2018-20847 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2023-02-27 | 6.8 MEDIUM | 8.8 HIGH |
| An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. | |||||
| CVE-2019-18675 | 1 Linux | 1 Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation. | |||||
| CVE-2020-13974 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. | |||||
| CVE-2018-13406 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-02-24 | 7.2 HIGH | 7.8 HIGH |
| An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used. | |||||
| CVE-2023-23462 | 1 Libpeconv Project | 1 Libpeconv | 2023-02-24 | N/A | 9.8 CRITICAL |
| Libpeconv – integer overflow, before commit 75b1565 (30/11/2022). | |||||
| CVE-2022-47451 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-02-22 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | |||||
| CVE-2022-47322 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-02-21 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | |||||
| CVE-2022-38680 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-02-21 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | |||||
| CVE-2022-38674 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-02-21 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | |||||
| CVE-2017-1000158 | 2 Debian, Python | 2 Debian Linux, Python | 2023-02-16 | 7.5 HIGH | 9.8 CRITICAL |
| CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) | |||||
| CVE-2015-8394 | 2 Pcre, Php | 2 Perl Compatible Regular Expression Library, Php | 2023-02-16 | 7.5 HIGH | 9.8 CRITICAL |
| PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | |||||
| CVE-2015-8387 | 3 Fedoraproject, Pcre, Php | 3 Fedora, Perl Compatible Regular Expression Library, Php | 2023-02-16 | 7.5 HIGH | 7.3 HIGH |
| PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | |||||
| CVE-2019-16096 | 1 Kilo Project | 1 Kilo | 2023-02-16 | 5.0 MEDIUM | 7.5 HIGH |
| Kilo 0.0.1 has a heap-based buffer overflow because there is an integer overflow in a calculation involving the number of tabs in one row. | |||||
| CVE-2023-0615 | 1 Linux | 1 Linux Kernel | 2023-02-14 | N/A | 5.5 MEDIUM |
| A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled. | |||||
| CVE-2017-7482 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Mrg | 2023-02-14 | 7.2 HIGH | 7.8 HIGH |
| In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation. | |||||