Total
2650 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46333 | 2025-04-29 | N/A | N/A | ||
| z2d is a pure Zig 2D graphics library. Versions of z2d after `0.5.1` and up to and including `0.6.0`, when writing from one surface to another using `z2d.compositor.StrideCompositor.run`, and higher-level operations when the anti-aliasing mode is set to `.default` (such as `Context.fill`, `Context.stroke`, `painter.fill`, and `painter.stroke`), the source surface can be completely out-of-bounds on the x-axis, but not on the y-axis, by way of a negative offset. This results in an overflow of the value controlling the length of the stride. In non-safe optimization modes (consumers compiling with `ReleaseFast` or `ReleaseSmall`), this could potentially lead to invalid memory accesses or corruption. This issue is patched in version `0.6.1`. Users on an untagged version after `v0.5.1` and before `v0.6.1` are advised to update to address the vulnerability. Those still on Zig `0.13.0` are recommended to downgrade to `v0.5.1`. | |||||
| CVE-2022-40303 | 3 Apple, Netapp, Xmlsoft | 22 Ipados, Iphone Os, Macos and 19 more | 2025-04-29 | N/A | 7.5 HIGH |
| An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. | |||||
| CVE-2018-5733 | 4 Canonical, Debian, Isc and 1 more | 8 Ubuntu Linux, Debian Linux, Dhcp and 5 more | 2025-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0. | |||||
| CVE-2023-2603 | 4 Debian, Fedoraproject, Libcap Project and 1 more | 4 Debian Linux, Fedora, Libcap and 1 more | 2025-04-24 | N/A | 7.8 HIGH |
| A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB. | |||||
| CVE-2025-23016 | 2025-04-24 | N/A | 9.3 CRITICAL | ||
| FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. | |||||
| CVE-2022-42767 | 2 Google, Unisoc | 14 Android, S8012, Sc7731e and 11 more | 2025-04-23 | N/A | 3.3 LOW |
| In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | |||||
| CVE-2022-42765 | 2 Google, Unisoc | 15 Android, S8000, S8010 and 12 more | 2025-04-23 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | |||||
| CVE-2022-41325 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2025-04-23 | N/A | 7.8 HIGH |
| An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions. | |||||
| CVE-2022-42764 | 2 Google, Unisoc | 14 Android, S8009, Sc7731e and 11 more | 2025-04-23 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | |||||
| CVE-2022-42763 | 2 Google, Unisoc | 14 Android, S8008, Sc7731e and 11 more | 2025-04-23 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services. | |||||
| CVE-2019-16905 | 3 Netapp, Openbsd, Siemens | 7 Cloud Backup, Steelstore Cloud Integrated Storage, Openssh and 4 more | 2025-04-23 | 4.4 MEDIUM | 7.8 HIGH |
| OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH. | |||||
| CVE-2024-20046 | 2 Google, Mediatek | 22 Android, Mt6761, Mt6765 and 19 more | 2025-04-23 | N/A | 6.6 MEDIUM |
| In battery, there is a possible escalation of privilege due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08485622; Issue ID: ALPS08485622. | |||||
| CVE-2024-20047 | 2 Google, Mediatek | 19 Android, Mt6739, Mt6768 and 16 more | 2025-04-23 | N/A | 5.4 MEDIUM |
| In battery, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587865; Issue ID: ALPS08486807. | |||||
| CVE-2024-20025 | 2 Google, Mediatek | 42 Android, Mt6739, Mt6757 and 39 more | 2025-04-22 | N/A | 6.7 MEDIUM |
| In da, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541686; Issue ID: ALPS08541686. | |||||
| CVE-2022-25748 | 1 Qualcomm | 546 Apq8009, Apq8009 Firmware, Apq8017 and 543 more | 2025-04-22 | N/A | 9.8 CRITICAL |
| Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2025-20653 | 2 Google, Mediatek | 15 Android, Mt6781, Mt6789 and 12 more | 2025-04-22 | N/A | 6.5 MEDIUM |
| In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291064; Issue ID: MSV-2046. | |||||
| CVE-2022-42805 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-21 | N/A | 7.8 HIGH |
| An integer overflow was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2016-1889 | 1 Freebsd | 1 Freebsd | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor. | |||||
| CVE-2015-8982 | 1 Gnu | 1 Glibc | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. | |||||
| CVE-2016-2347 | 3 Debian, Lhasa Project, Opensuse | 4 Debian Linux, Lhasa, Leap and 1 more | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. | |||||