Search Results (3474 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-29886 1 Estsoft 1 Alyac 2025-04-15 7.8 High
An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-32543 1 Estsoft 1 Alyac 2025-04-15 7.8 High
An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-32775 1 Goabode 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware 2025-04-15 8.8 High
An integer overflow vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2022-34481 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2025-04-15 8.8 High
In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
CVE-2023-36576 1 Microsoft 9 Windows 10 1507, Windows 10 1809, Windows 10 21h1 and 6 more 2025-04-14 5.5 Medium
Windows Kernel Information Disclosure Vulnerability
CVE-2023-36582 1 Microsoft 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more 2025-04-14 7.3 High
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2023-36593 1 Microsoft 12 Windows 10, Windows 10 1607, Windows 10 1809 and 9 more 2025-04-14 7.8 High
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2022-42898 4 Heimdal Project, Mit, Redhat and 1 more 10 Heimdal, Kerberos 5, Enterprise Linux and 7 more 2025-04-14 8.8 High
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."
CVE-2022-41318 2 Redhat, Squid-cache 4 Enterprise Linux, Rhel E4s, Rhel Eus and 1 more 2025-04-14 8.6 High
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.
CVE-2022-4172 3 Fedoraproject, Qemu, Redhat 3 Fedora, Qemu, Enterprise Linux 2025-04-14 6.5 Medium
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host.
CVE-2022-4398 1 Radare 1 Radare2 2025-04-14 7.8 High
Integer Overflow or Wraparound in GitHub repository radareorg/radare2 prior to 5.8.0.
CVE-2024-24478 1 Wireshark 1 Wireshark 2025-04-14 7.5 High
An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.
CVE-2015-4493 5 Canonical, Mozilla, Opensuse and 2 more 5 Ubuntu Linux, Firefox, Opensuse and 2 more 2025-04-12 N/A
Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539.
CVE-2014-0099 2 Apache, Redhat 11 Tomcat, Enterprise Linux, Jboss Bpms and 8 more 2025-04-12 N/A
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
CVE-2014-0172 2 Elfutils Project, Redhat 2 Elfutils, Enterprise Linux 2025-04-12 N/A
Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.
CVE-2014-0209 3 Canonical, Redhat, X 3 Ubuntu Linux, Enterprise Linux, Libxfont 2025-04-12 N/A
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.
CVE-2014-0222 3 Qemu, Redhat, Suse 4 Qemu, Enterprise Linux, Openstack and 1 more 2025-04-12 N/A
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.
CVE-2014-0223 3 Qemu, Redhat, Suse 4 Qemu, Enterprise Linux, Openstack and 1 more 2025-04-12 N/A
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.
CVE-2014-0250 2 Freerdp, Opensuse 2 Freerdp, Opensuse 2025-04-12 N/A
Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated.
CVE-2014-1736 4 Apple, Google, Linux and 1 more 4 Mac Os X, Chrome, Linux Kernel and 1 more 2025-04-12 N/A
Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value.