Total
3572 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1633 | 1 Renesas | 10 Arm-trusted-firmware, R-car D3e, R-car E3e and 7 more | 2025-01-24 | 2 Low |
| During the secure boot, bl2 (the second stage of the bootloader) loops over images defined in the table “bl2_mem_params_descs”. For each image, the bl2 reads the image length and destination from the image’s certificate. Because of the way of reading from the image, which base on 32-bit unsigned integer value, it can result to an integer overflow. An attacker can bypass memory range restriction and write data out of buffer bounds, which could result in bypass of secure boot. Affected git version from c2f286820471ed276c57e603762bd831873e5a17 until (not | ||||
| CVE-2023-2512 | 1 Cloudflare | 1 Workerd | 2025-01-24 | 6.5 Medium |
| Prior to version v1.20230419.0, the FormData API implementation was subject to an integer overflow. If a FormData instance contained more than 2^31 elements, the forEach() method could end up reading from the wrong location in memory while iterating over elements. This would most likely lead to a segmentation fault, but could theoretically allow arbitrary undefined behavior. In order for the bug to be exploitable, the process would need to be able to allocate 160GB of RAM. Due to this, the bug was never exploitable on the Cloudflare Workers platform, but could theoretically be exploitable on deployments of workerd running on machines with a huge amount of memory. Moreover, in order to be remotely exploited, an attacker would have to upload a single form-encoded HTTP request of at least tens of gigabytes in size. The application code would then have to use request.formData() to parse the request and formData.forEach() to iterate over this data. Due to these limitations, the exploitation likelihood was considered Low. A fix that addresses this vulnerability has been released in version v1.20230419.0 and users are encouraged to update to the latest version available. | ||||
| CVE-2024-3077 | 1 Zephyrproject | 1 Zephyr | 2025-01-23 | 6.8 Medium |
| An malicious BLE device can crash BLE victim device by sending malformed gatt packet | ||||
| CVE-2023-28277 | 1 Microsoft | 1 Windows Server 2022 | 2025-01-23 | 4.9 Medium |
| Windows DNS Server Information Disclosure Vulnerability | ||||
| CVE-2023-28248 | 1 Microsoft | 10 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 7 more | 2025-01-23 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2023-28237 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-23 | 7.8 High |
| Windows Kernel Remote Code Execution Vulnerability | ||||
| CVE-2024-51540 | 1 Dell | 1 Elastic Cloud Storage | 2025-01-21 | 8.1 High |
| Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges could potentially exploit this vulnerability to bypass retention policies and delete objects. | ||||
| CVE-2023-23298 | 1 Garmin | 1 Connect-iq | 2025-01-21 | 9.8 Critical |
| The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware. | ||||
| CVE-2023-0754 | 3 Ge, Ptc, Rockwellautomation | 9 Digital Industrial Gateway Server, Kepware Server, Kepware Serverex and 6 more | 2025-01-16 | 9.8 Critical |
| The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. | ||||
| CVE-2022-48480 | 1 Huawei | 1 Emui | 2025-01-15 | 7.5 High |
| Integer overflow vulnerability in some phones. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-21454 | 1 Qualcomm | 8 Auto 4g Modem, Auto 4g Modem Firmware, Auto 5g Modem-rf and 5 more | 2025-01-13 | 7.5 High |
| Transient DOS while decoding the ToBeSignedMessage in Automotive Telematics. | ||||
| CVE-2024-21470 | 1 Qualcomm | 66 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 63 more | 2025-01-13 | 8.4 High |
| Memory corruption while allocating memory for graphics. | ||||
| CVE-2024-56451 | 1 Huawei | 1 Harmonyos | 2025-01-13 | 7.3 High |
| Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-10917 | 1 Eclipse | 1 Openj9 | 2025-01-09 | 3.7 Low |
| In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters. | ||||
| CVE-2024-3757 | 1 Openatom | 1 Openharmony | 2025-01-02 | 3.3 Low |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow. | ||||
| CVE-2024-7025 | 1 Google | 1 Chrome | 2025-01-02 | 8.8 High |
| Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-35644 | 1 Microsoft | 14 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 11 more | 2025-01-01 | 7.8 High |
| Windows Sysmain Service Elevation of Privilege Vulnerability | ||||
| CVE-2023-35632 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-01 | 7.8 High |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | ||||
| CVE-2023-35381 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-01-01 | 8.8 High |
| Windows Fax Service Remote Code Execution Vulnerability | ||||
| CVE-2023-36900 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2025-01-01 | 7.8 High |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||||