Total
243 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-0469 | 1 Linux | 1 Linux Kernel | 2023-02-01 | 5.5 Medium |
A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service. | ||||
CVE-2022-44444 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-01-10 | 5.5 Medium |
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services. | ||||
CVE-2022-37301 | 1 Schneider-electric | 96 Modicon M340 Bmx P34-2010, Modicon M340 Bmx P34-2010 Firmware, Modicon M340 Bmx P34-2030 and 93 more | 2022-11-30 | 7.5 High |
A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior) | ||||
CVE-2020-14346 | 3 Canonical, Redhat, X.org | 3 Ubuntu Linux, Enterprise Linux, Xorg-server | 2022-11-08 | 7.8 High |
A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
CVE-2021-25121 | 1 Bestwebsoft | 1 Rating | 2022-11-05 | 6.5 Medium |
The Rating by BestWebSoft WordPress plugin before 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating | ||||
CVE-2020-14362 | 3 Canonical, Redhat, X.org | 3 Ubuntu Linux, Enterprise Linux, Xorg-server | 2022-11-03 | 7.8 High |
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
CVE-2020-14361 | 3 Canonical, Redhat, X.org | 3 Ubuntu Linux, Enterprise Linux, Xorg-server | 2022-11-03 | 7.8 High |
A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
CVE-2021-24894 | 1 Implecode | 1 Reviews Plus | 2022-10-25 | 6.5 Medium |
The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/page | ||||
CVE-2020-11208 | 1 Qualcomm | 26 Qcs603, Qcs603 Firmware, Qcs605 and 23 more | 2022-10-19 | 7.8 High |
Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument' in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439 | ||||
CVE-2022-39293 | 1 Microsoft | 1 Azure Rtos Usbx | 2022-10-18 | 9.8 Critical |
Azure RTOS USBX is a high-performance USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. The case is, in [_ux_host_class_pima_read](https://github.com/azure-rtos/usbx/blob/master/common/usbx_host_classes/src/ux_host_class_pima_read.c), there is data length from device response, returned in the very first packet, and read by [L165 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L165), as header_length. Then in [L178 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L178), there is a “if” branch, which check the expression of “(header_length - UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE) > data_length” where if header_length is smaller than UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE, calculation could overflow and then [L182 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L182) the calculation of data_length is also overflow, this way the later [while loop start from L192](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L192) can move data_pointer to unexpected address and cause write buffer overflow. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). The following can be used as a workaround: Add check of `header_length`: 1. It must be greater than `UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE`. 1. It should be greater or equal to the current returned data length (`transfer_request -> ux_transfer_request_actual_length`). | ||||
CVE-2017-13666 | 1 Multicorewareinc | 1 X265 | 2022-10-03 | N/A |
An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can cause an integer underflow, which leads to a crash. This is a different vulnerability than CVE-2017-8906. | ||||
CVE-2017-8906 | 1 Multicorewareinc | 1 X265 High Efficiency Video Coding | 2022-10-03 | 5.5 Medium |
An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.4, as used by the x265_encoder_encode dependency in libbpg and other products. A small picture can cause an integer underflow, which leads to a Denial of Service in the process of encoding. | ||||
CVE-2017-11757 | 1 Actian | 2 Pervasive Psql, Zen | 2022-10-03 | N/A |
Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client encryption-key exchange. The issue results from an integer underflow that leads to a zero-byte allocation. The _srvLnaConnectMP1 function is affected. | ||||
CVE-2018-6612 | 1 Jhead Project | 1 Jhead | 2022-10-03 | 5.5 Medium |
An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact. | ||||
CVE-2022-27492 | 1 Whatsapp | 1 Whatsapp | 2022-09-23 | 7.8 High |
An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file. | ||||
CVE-2022-2335 | 1 Softing | 6 Edgeaggregator, Edgeconnector, Opc and 3 more | 2022-08-19 | 7.5 High |
A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. | ||||
CVE-2022-1698 | 1 Organizr | 1 Organizr | 2022-07-25 | 7.5 High |
Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications. | ||||
CVE-2021-21811 | 1 Att | 1 Xmill | 2022-07-21 | 9.8 Critical |
A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | ||||
CVE-2021-1108 | 1 Nvidia | 10 Jetson Agx Xavier, Jetson Linux, Jetson Nano and 7 more | 2022-07-08 | 7.3 High |
NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes in the system. | ||||
CVE-2021-2390 | 2 Netapp, Oracle | 2 Oncommand Insight, Mysql Server | 2022-06-28 | 5.9 Medium |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). |