Total
3123 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-42562 | 1 Samsung | 1 Android | 2024-11-21 | 6.7 Medium |
| Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow. | ||||
| CVE-2023-42298 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c. | ||||
| CVE-2023-42295 | 1 Openimageio | 1 Openimageio | 2024-11-21 | 8.8 High |
| An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c | ||||
| CVE-2023-42118 | 1 Exim | 1 Libspf2 | 2024-11-21 | 7.5 High |
| Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-17578. | ||||
| CVE-2023-41185 | 2024-11-21 | N/A | ||
| Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of client certificates. When parsing the certificate length field, the process does not properly validate user-supplied data, which can result in an integer overflow. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20353. | ||||
| CVE-2023-40353 | 1 Samsung | 4 Exynos 2100, Exynos 2100 Firmware, Exynos 980 and 1 more | 2024-11-21 | 2 Low |
| An issue was discovered in Exynos Mobile Processor 980 and 2100. An integer overflow at a buffer index can prevent the execution of requested services via a crafted application. | ||||
| CVE-2023-40218 | 1 Samsung | 12 Exynos 1280, Exynos 1280 Firmware, Exynos 1380 and 9 more | 2024-11-21 | 2 Low |
| An issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. An integer overflow can bypass detection of error cases via a crafted application. | ||||
| CVE-2023-40022 | 1 Rizin | 1 Rizin | 2024-11-21 | 7.8 High |
| Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in `consume_count` of `src/gnu_v2/cplus-dem.c`. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block as unreachable code since the prior statement is multiplication by 10 and fails to consider overflow assuming the count will always be a multiple of 10. Rizin version 0.6.1 contains a fix for the issue. A temporary workaround would be disabling C++ demangling using the configuration option `bin.demangle=false`. | ||||
| CVE-2023-3487 | 1 Silabs | 1 Gecko Bootloader | 2024-11-21 | 7.7 High |
| An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. | ||||
| CVE-2023-39125 | 1 Ntsc-crt Project | 1 Ntsc-crt | 2024-11-21 | 7.5 High |
| NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in loadBMP in bmp_rw.c because a file's width, height, and BPP are not validated. NOTE: the vendor's perspective is "this main application was not intended to be a well tested program, it's just something to demonstrate it works and for the user to see how to integrate it into their own programs." | ||||
| CVE-2023-38698 | 1 Ens.domains | 1 Ethereum Name Service | 2024-11-21 | 4.9 Medium |
| Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled controller may be able to reduce the expiration time of existing domains due to an integer overflow in the renew function. The vulnerability resides `@ensdomains/ens-contracts` prior to version 0.0.22. If successfully exploited, this vulnerability would enable attackers to force the expiration of any ENS record, ultimately allowing them to claim the affected domains for themselves. Currently, it would require a malicious DAO to exploit it. Nevertheless, any vulnerability present in the controllers could potentially render this issue exploitable in the future. An additional concern is the possibility of renewal discounts. Should ENS decide to implement a system that offers unlimited .eth domains for a fixed fee in the future, the vulnerability could become exploitable by any user due to the reduced attack cost. Version 0.0.22 contains a patch for this issue. As long as registration cost remains linear or superlinear based on registration duration, or limited to a reasonable maximum (eg, 1 million years), this vulnerability could only be exploited by a malicious DAO. The interim workaround is thus to take no action. | ||||
| CVE-2023-38127 | 1 Justsystems | 19 Easy Postcard Max, Ichitaro 2021, Ichitaro 2022 and 16 more | 2024-11-21 | 7.8 High |
| An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2023-36328 | 2 Fedoraproject, Libtom | 2 Fedora, Libtommath | 2024-11-21 | 9.8 Critical |
| Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). | ||||
| CVE-2023-36327 | 1 Relic Project | 1 Relic | 2024-11-21 | 9.8 Critical |
| Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allows attackers to execute arbitrary code and cause a denial of service in pos argument in bn_get_prime function. | ||||
| CVE-2023-36326 | 1 Relic Project | 1 Relic | 2024-11-21 | 9.8 Critical |
| Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bn_grow function. | ||||
| CVE-2023-35968 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2024-11-21 | 9.8 Critical |
| Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function. | ||||
| CVE-2023-35967 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2024-11-21 | 9.8 Critical |
| Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function. | ||||
| CVE-2023-35966 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2024-11-21 | 9.8 Critical |
| Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function. | ||||
| CVE-2023-35965 | 1 Yifanwireless | 2 Yf325, Yf325 Firmware | 2024-11-21 | 9.8 Critical |
| Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function. | ||||
| CVE-2023-35681 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||