Total
2446 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27425 | 1 Cesanta | 1 Mongoose Os | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | |||||
| CVE-2021-27421 | 1 Nxp | 1 Mcuxpresso Software Development Kit | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to unexpected behavior such segmentation fault when assigning a particular block of memory from the heap via malloc. | |||||
| CVE-2021-27419 | 1 Uclibc-ng Project | 1 Uclibc-ng | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | |||||
| CVE-2021-27417 | 1 Ecoscentric | 1 Ecospro | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow. | |||||
| CVE-2022-28705 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, on platforms with an ePVA and the pva.fwdaccel BigDB variable enabled, undisclosed requests to a virtual server with a FastL4 profile that has ePVA acceleration enabled can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2021-27411 | 1 Silabs | 1 Micrium Os | 2022-05-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as very small blocks of memory being allocated instead of very large ones. | |||||
| CVE-2020-28895 | 2 Oracle, Windriver | 2 Communications Eagle, Vxworks | 2022-05-12 | 7.5 HIGH | 7.3 HIGH |
| In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption. | |||||
| CVE-2020-35198 | 2 Oracle, Windriver | 2 Communications Eagle, Vxworks | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption. | |||||
| CVE-2021-27439 | 1 Tencent | 1 Tencentos-tiny | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tos_mmheap_alloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | |||||
| CVE-2022-21743 | 2 Google, Mediatek | 53 Android, Mt6580, Mt6735 and 50 more | 2022-05-12 | 4.6 MEDIUM | 7.8 HIGH |
| In ion, there is a possible use after free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06371108; Issue ID: ALPS06371108. | |||||
| CVE-2022-20107 | 3 Google, Linux, Mediatek | 38 Android, Linux Kernel, Mt9011 and 35 more | 2022-05-12 | 4.9 MEDIUM | 4.4 MEDIUM |
| In subtitle service, there is a possible application crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330673; Issue ID: DTV03330673. | |||||
| CVE-2018-8098 | 2 Debian, Libgit2 | 2 Debian Linux, Libgit2 | 2022-05-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file. | |||||
| CVE-2021-22680 | 1 Nxp | 1 Mqx | 2022-05-11 | 7.5 HIGH | 9.8 CRITICAL |
| NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | |||||
| CVE-2021-22556 | 1 Google | 1 Fuchsia | 2022-05-10 | 4.6 MEDIUM | 7.8 HIGH |
| The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond. | |||||
| CVE-2021-25803 | 1 Videolan | 1 Vlc Media Player | 2022-05-03 | 5.8 MEDIUM | 7.1 HIGH |
| A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. | |||||
| CVE-2021-22413 | 1 Huawei | 2 Emui, Magic Ui | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset. | |||||
| CVE-2021-45608 | 1 Netgear | 6 D7800, D7800 Firmware, R6400v2 and 3 more | 2022-04-29 | 7.5 HIGH | 9.8 CRITICAL |
| Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. Remote code execution from the WAN interface (TCP port 20005) cannot be ruled out; however, exploitability was judged to be of "rather significant complexity" but not "impossible." The overflow is in SoftwareBus_dispatchNormalEPMsgOut in the KCodes NetUSB kernel module. Affected NETGEAR devices are D7800 before 1.0.1.68, R6400v2 before 1.0.4.122, and R6700v3 before 1.0.4.122. | |||||
| CVE-2020-14309 | 2 Gnu, Opensuse | 2 Grub2, Leap | 2022-04-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. | |||||
| CVE-2020-15588 | 1 Zohocorp | 1 Manageengine Desktop Central | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. This issue will occur only when untrusted communication is initiated with server. In cloud, Agent will always connect with trusted communication. | |||||
| CVE-2020-0432 | 2 Google, Opensuse | 2 Android, Leap | 2022-04-28 | 4.6 MEDIUM | 7.8 HIGH |
| In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807 | |||||