Total
2629 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11347 | 2025-02-13 | N/A | 7.3 HIGH | ||
| Integer Overflow or Wraparound vulnerability in Lexmark International CX, XC, CS, et. Al. (Postscript interpreter modules) allows Forced Integer Overflow.The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user. | |||||
| CVE-2024-2212 | 1 Eclipse | 1 Threadx | 2025-02-13 | N/A | 7.3 HIGH |
| In Eclipse ThreadX before 6.4.0, xQueueCreate() and xQueueCreateSet() functions from the FreeRTOS compatibility API (utility/rtos_compatibility_layers/FreeRTOS/tx_freertos.c) were missing parameter checks. This could lead to integer wraparound, under-allocations and heap buffer overflows. | |||||
| CVE-2024-24857 | 1 Linux | 1 Linux Kernel | 2025-02-13 | N/A | 4.6 MEDIUM |
| A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service. | |||||
| CVE-2024-22211 | 1 Freerdp | 1 Freerdp | 2025-02-13 | N/A | 3.7 LOW |
| FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability. | |||||
| CVE-2023-46246 | 1 Vim | 1 Vim | 2025-02-13 | N/A | 4.0 MEDIUM |
| Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068. | |||||
| CVE-2023-43826 | 1 Apache | 1 Guacamole | 2025-02-13 | N/A | 7.5 HIGH |
| Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.5.4, which fixes this issue. | |||||
| CVE-2023-3107 | 2 Freebsd, Netapp | 2 Freebsd, Clustered Data Ontap | 2025-02-13 | N/A | 7.5 HIGH |
| A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service. | |||||
| CVE-2023-28613 | 1 Samsung | 6 Exynos 1280, Exynos 1280 Firmware, Exynos 2200 and 3 more | 2025-02-13 | N/A | 6.8 MEDIUM |
| An issue was discovered in Samsung Exynos Mobile Processor and Baseband Modem Processor for Exynos 1280, Exynos 2200, and Exynos Modem 5300. An integer overflow in IPv4 fragment handling can occur due to insufficient parameter validation when reassembling these fragments. | |||||
| CVE-2022-25147 | 1 Apache | 1 Portable Runtime Utility | 2025-02-13 | N/A | 6.5 MEDIUM |
| Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. | |||||
| CVE-2023-20663 | 4 Google, Linux, Mediatek and 1 more | 29 Android, Linux Kernel, Mt5221 and 26 more | 2025-02-13 | N/A | 6.7 MEDIUM |
| In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560741; Issue ID: ALPS07560741. | |||||
| CVE-2024-21836 | 1 Ggerganov | 1 Llama.cpp | 2025-02-12 | N/A | 8.8 HIGH |
| A heap-based buffer overflow vulnerability exists in the GGUF library header.n_tensors functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2024-23496 | 1 Ggerganov | 1 Llama.cpp | 2025-02-12 | N/A | 8.8 HIGH |
| A heap-based buffer overflow vulnerability exists in the GGUF library gguf_fread_str functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2024-23605 | 1 Ggerganov | 1 Llama.cpp | 2025-02-12 | N/A | 8.8 HIGH |
| A heap-based buffer overflow vulnerability exists in the GGUF library header.n_kv functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2024-21825 | 1 Ggerganov | 1 Llama.cpp | 2025-02-12 | N/A | 8.8 HIGH |
| A heap-based buffer overflow vulnerability exists in the GGUF library GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2023-24537 | 1 Golang | 1 Go | 2025-02-12 | N/A | 7.5 HIGH |
| Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. | |||||
| CVE-2023-20682 | 4 Google, Linux, Mediatek and 1 more | 44 Android, Linux Kernel, Mt5221 and 41 more | 2025-02-12 | N/A | 6.7 MEDIUM |
| In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441605; Issue ID: ALPS07441605. | |||||
| CVE-2024-53880 | 2025-02-12 | N/A | 4.9 MEDIUM | ||
| NVIDIA Triton Inference Server contains a vulnerability in the model loading API, where a user could cause an integer overflow or wraparound error by loading a model with an extra-large file size that overflows an internal variable. A successful exploit of this vulnerability might lead to denial of service. | |||||
| CVE-2023-20507 | 2025-02-11 | N/A | 2.3 LOW | ||
| An integer overflow in the ASP could allow a privileged attacker to perform an out-of-bounds write, potentially resulting in loss of data integrity. | |||||
| CVE-2025-0302 | 1 Openatom | 1 Openharmony | 2025-02-11 | N/A | 5.5 MEDIUM |
| in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through integer overflow. | |||||
| CVE-2023-26065 | 1 Lexmark | 217 6500e, B2236, B2338 and 214 more | 2025-02-11 | N/A | 9.8 CRITICAL |
| Certain Lexmark devices through 2023-02-19 have an Integer Overflow. | |||||