Total
2461 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41056 | 2 Fedoraproject, Redis | 2 Fedora, Redis | 2024-02-23 | N/A | 8.1 HIGH |
| Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. | |||||
| CVE-2021-43784 | 2 Debian, Linuxfoundation | 2 Debian Linux, Runc | 2024-02-19 | 6.0 MEDIUM | 5.0 MEDIUM |
| runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug. | |||||
| CVE-2017-1000121 | 1 Webkitgtk | 1 Webkitgtk\+ | 2024-02-15 | 7.5 HIGH | 9.8 CRITICAL |
| The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products. | |||||
| CVE-2013-1591 | 2 Palemoon, Redhat | 3 Pale Moon, Enterprise Linux, Enterprise Virtualization | 2024-02-15 | 10.0 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop. | |||||
| CVE-2018-10887 | 2 Debian, Libgit2 | 2 Debian Linux, Libgit2 | 2024-02-15 | 5.8 MEDIUM | 8.1 HIGH |
| A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service. | |||||
| CVE-2005-0102 | 2 Debian, Gnome | 2 Debian Linux, Evolution | 2024-02-08 | 7.2 HIGH | 9.8 CRITICAL |
| Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow. | |||||
| CVE-2005-1513 | 3 Canonical, Debian, Qmail Project | 3 Ubuntu Linux, Debian Linux, Qmail | 2024-02-08 | 5.0 MEDIUM | 9.8 CRITICAL |
| Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request. | |||||
| CVE-2010-1866 | 3 Opensuse, Php, Suse | 3 Opensuse, Php, Linux Enterprise | 2024-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder. | |||||
| CVE-2005-1141 | 1 Optical Character Recognition Project | 1 Optical Character Recognition | 2024-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when using the netpbm library, allows remote attackers to execute arbitrary code via a PNM file with large width and height values, which leads to a heap-based buffer overflow. | |||||
| CVE-2002-0639 | 1 Openbsd | 1 Openssh | 2024-02-08 | 10.0 HIGH | 9.8 CRITICAL |
| Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication. | |||||
| CVE-2004-2013 | 1 Linux | 1 Linux Kernel | 2024-02-08 | 7.2 HIGH | 7.8 HIGH |
| Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c in the Linux kernel 2.4.25 and earlier allows local users to execute arbitrary code via an optlen value of -1, which causes kmalloc to allocate 0 bytes of memory. | |||||
| CVE-2022-21668 | 2 Fedoraproject, Pypa | 2 Fedora, Pipenv | 2024-02-07 | 9.3 HIGH | 8.6 HIGH |
| pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims who use pipenv to install the requirements file to download dependencies from a package index server controlled by the attacker. By embedding malicious code in packages served from their malicious index server, the attacker can trigger arbitrary remote code execution (RCE) on the victims' systems. If an attacker is able to hide a malicious `--index-url` option in a requirements file that a victim installs with pipenv, the attacker can embed arbitrary malicious code in packages served from their malicious index server that will be executed on the victim's host during installation (remote code execution/RCE). When pip installs from a source distribution, any code in the setup.py is executed by the install process. This issue is patched in version 2022.1.8. The GitHub Security Advisory contains more information about this vulnerability. | |||||
| CVE-2022-26495 | 3 Debian, Fedoraproject, Network Block Device Project | 3 Debian Linux, Fedora, Network Block Device | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages. | |||||
| CVE-2010-2753 | 3 Mozilla, Opensuse, Suse | 7 Firefox, Seamonkey, Thunderbird and 4 more | 2024-02-03 | 9.3 HIGH | 8.8 HIGH |
| Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free. | |||||
| CVE-2022-0545 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-02-02 | 5.1 MEDIUM | 7.8 HIGH |
| An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1. | |||||
| CVE-2019-1010006 | 4 Canonical, Debian, Gnome and 1 more | 4 Ubuntu Linux, Debian Linux, Evince and 1 more | 2024-02-02 | 6.8 MEDIUM | 7.8 HIGH |
| Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer overflow protection mechanism in tiff_document_render and tiff_document_get_thumbnail. | |||||
| CVE-2023-48236 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-01-25 | N/A | 4.3 MEDIUM |
| Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-48233 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-01-25 | N/A | 4.3 MEDIUM |
| Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `ac6378773` which has been included in release version 9.0.2108. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-48235 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-01-25 | N/A | 4.3 MEDIUM |
| Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-48234 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-01-25 | N/A | 4.3 MEDIUM |
| Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `58f9befca1` which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||