Total
317 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-32975 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | N/A | 5.9 MEDIUM |
| Envoy is a cloud-native, open source edge and service proxy. There is a crash at `QuicheDataReader::PeekVarInt62Length()`. It is caused by integer underflow in the `QuicStreamSequencerBuffer::PeekRegion()` implementation. | |||||
| CVE-2024-30070 | 1 Microsoft | 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 | 2024-11-21 | N/A | 7.5 HIGH |
| DHCP Server Service Denial of Service Vulnerability | |||||
| CVE-2024-26913 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue [why] odm calculation is missing for pipe split policy determination and cause Underflow/Corruption issue. [how] Add the odm calculation. | |||||
| CVE-2024-24474 | 2024-11-21 | N/A | 8.8 HIGH | ||
| QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len. | |||||
| CVE-2024-21466 | 1 Qualcomm | 128 Fastconnect 7800, Fastconnect 7800 Firmware, Immersive Home 3210 Platform and 125 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Information disclosure while parsing sub-IE length during new IE generation. | |||||
| CVE-2024-21309 | 1 Microsoft | 4 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-0565 | 2 Linux, Netapp | 2 Linux Kernel, Ontap Tools | 2024-11-21 | N/A | 6.8 MEDIUM |
| An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service. | |||||
| CVE-2023-48298 | 1 Clickhouse | 2 Clickhouse, Clickhouse Cloud | 2024-11-21 | N/A | 5.9 MEDIUM |
| ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited. | |||||
| CVE-2023-47360 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | N/A | 7.5 HIGH |
| Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. | |||||
| CVE-2023-44378 | 1 Consensys | 1 Gnark | 2024-11-21 | N/A | 7.1 HIGH |
| gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of `a`, for small values there exists a second decomposition for `a+r` (where `r` is the modulus the values are being reduced by). The second decomposition was possible due to overflowing the field where the values are defined. Upgrading to version 0.9.0 should fix the issue without needing to change the calls to value comparison methods. | |||||
| CVE-2023-43628 | 1 Gpsd Project | 1 Gpsd | 2024-11-21 | N/A | 5.9 MEDIUM |
| An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2023-40181 | 3 Debian, Fedoraproject, Freerdp | 3 Debian Linux, Fedora, Freerdp | 2024-11-21 | N/A | 5.3 MEDIUM |
| FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-39414 | 1 Tonybybell | 1 Gtkwave | 2024-11-21 | N/A | 7.0 HIGH |
| Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer underflow when performing the right shift operation. | |||||
| CVE-2023-39413 | 1 Tonybybell | 1 Gtkwave | 2024-11-21 | N/A | 7.0 HIGH |
| Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer underflow when performing the left shift operation. | |||||
| CVE-2023-38162 | 1 Microsoft | 4 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| DHCP Server Service Denial of Service Vulnerability | |||||
| CVE-2023-36796 | 1 Microsoft | 16 .net, .net Framework, Visual Studio 2017 and 13 more | 2024-11-21 | N/A | 7.8 HIGH |
| Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2023-36794 | 1 Microsoft | 16 .net, .net Framework, Visual Studio 2017 and 13 more | 2024-11-21 | N/A | 7.8 HIGH |
| Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2023-36785 | 1 Microsoft | 2 Odbc Driver For Sql Server, Sql Server | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2023-35790 | 1 Libjxl Project | 1 Libjxl | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop. | |||||
| CVE-2023-35387 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-11-21 | N/A | 8.8 HIGH |
| Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability | |||||