Total
2650 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22080 | 1 Linux | 1 Linux Kernel | 2025-05-06 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in hdr_first_de() The "de_off" and "used" variables come from the disk so they both need to check. The problem is that on 32bit systems if they're both greater than UINT_MAX - 16 then the check does work as intended because of an integer overflow. | |||||
| CVE-2025-22081 | 1 Linux | 1 Linux Kernel | 2025-05-06 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix a couple integer overflows on 32bit systems On 32bit systems the "off + sizeof(struct NTFS_DE)" addition can have an integer wrapping issue. Fix it by using size_add(). | |||||
| CVE-2025-21172 | 3 Apple, Linux, Microsoft | 7 Macos, Linux Kernel, .net and 4 more | 2025-05-06 | N/A | 7.5 HIGH |
| .NET and Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2025-47268 | 2025-05-06 | N/A | 6.5 MEDIUM | ||
| ping in iputils through 20240905 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication. | |||||
| CVE-2025-31203 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-05-05 | N/A | 6.5 MEDIUM |
| An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service. | |||||
| CVE-2022-25315 | 5 Debian, Fedoraproject, Libexpat Project and 2 more | 6 Debian Linux, Fedora, Libexpat and 3 more | 2025-05-05 | 7.5 HIGH | 9.8 CRITICAL |
| In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. | |||||
| CVE-2022-25314 | 5 Debian, Fedoraproject, Libexpat Project and 2 more | 6 Debian Linux, Fedora, Libexpat and 3 more | 2025-05-05 | 5.0 MEDIUM | 7.5 HIGH |
| In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. | |||||
| CVE-2022-23990 | 6 Debian, Fedoraproject, Libexpat Project and 3 more | 6 Debian Linux, Fedora, Libexpat and 3 more | 2025-05-05 | 5.0 MEDIUM | 7.5 HIGH |
| Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. | |||||
| CVE-2022-23852 | 6 Debian, Libexpat Project, Netapp and 3 more | 7 Debian Linux, Libexpat, Clustered Data Ontap and 4 more | 2025-05-05 | 7.5 HIGH | 9.8 CRITICAL |
| Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. | |||||
| CVE-2022-23568 | 1 Google | 1 Tensorflow | 2025-05-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| Tensorflow is an Open Source Machine Learning Framework. The implementation of `AddManySparseToTensorsMap` is vulnerable to an integer overflow which results in a `CHECK`-fail when building new `TensorShape` objects (so, an assert failure based denial of service). We are missing some validation on the shapes of the input tensors as well as directly constructing a large `TensorShape` with user-provided dimensions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-23567 | 1 Google | 1 Tensorflow | 2025-05-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| Tensorflow is an Open Source Machine Learning Framework. The implementations of `Sparse*Cwise*` ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or `CHECK`-fails when building new `TensorShape` objects (so, assert failures based denial of service). We are missing some validation on the shapes of the input tensors as well as directly constructing a large `TensorShape` with user-provided dimensions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-22827 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2025-05-05 | 6.8 MEDIUM | 8.8 HIGH |
| storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |||||
| CVE-2022-22826 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2025-05-05 | 6.8 MEDIUM | 8.8 HIGH |
| nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |||||
| CVE-2022-22825 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2025-05-05 | 6.8 MEDIUM | 8.8 HIGH |
| lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |||||
| CVE-2022-22824 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2025-05-05 | 7.5 HIGH | 9.8 CRITICAL |
| defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |||||
| CVE-2022-22823 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2025-05-05 | 7.5 HIGH | 9.8 CRITICAL |
| build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |||||
| CVE-2022-22822 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2025-05-05 | 7.5 HIGH | 9.8 CRITICAL |
| addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |||||
| CVE-2022-21738 | 1 Google | 1 Tensorflow | 2025-05-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-21733 | 1 Google | 1 Tensorflow | 2025-05-05 | 5.0 MEDIUM | 4.3 MEDIUM |
| Tensorflow is an Open Source Machine Learning Framework. The implementation of `StringNGrams` can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on `pad_witdh` and that result in computing a negative value for `ngram_width` which is later used to allocate parts of the output. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-21729 | 1 Google | 1 Tensorflow | 2025-05-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| Tensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||