Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4412 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-3076 | 1 Python | 1 Pillow | 2025-04-20 | N/A |
| Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file. | ||||
| CVE-2016-10239 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a buffer overflow could potentially occur and a buffer over-read vulnerability could potentially occur. | ||||
| CVE-2016-3091 | 1 Cloud Foundry | 1 Diego | 2025-04-20 | N/A |
| Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service. | ||||
| CVE-2016-10249 | 2 Jasper Project, Redhat | 2 Jasper, Enterprise Linux | 2025-04-20 | N/A |
| Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow. | ||||
| CVE-2016-7540 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
| coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to cause a denial of service (assertion failure) by converting an image to rgf format. | ||||
| CVE-2016-10251 | 2 Jasper Project, Redhat | 2 Jasper, Enterprise Linux | 2025-04-20 | N/A |
| Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value. | ||||
| CVE-2022-20516 | 1 Google | 1 Android | 2025-04-18 | 7.5 High |
| In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224002331 | ||||
| CVE-2022-20597 | 1 Google | 1 Android | 2025-04-18 | 7.8 High |
| In ppmpu_set of ppmpu.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243480506References: N/A | ||||
| CVE-2022-20598 | 1 Google | 1 Android | 2025-04-18 | 7.8 High |
| In sec_media_protect of media.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege of secure mode MFC Core with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242357514References: N/A | ||||
| CVE-2022-47517 | 1 Drachtio | 1 Drachtio-server | 2025-04-17 | 7.5 High |
| An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.19. It allows remote attackers to cause a denial of service (daemon crash) via a crafted UDP message that causes a url_canonize2 heap-based buffer over-read because of an off-by-one error. | ||||
| CVE-2021-32996 | 1 Fanuc | 18 R-30ia, R-30ia Firmware, R-30ia Mate and 15 more | 2025-04-17 | 7.5 High |
| The FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which cause the device to crash. A restart is required. | ||||
| CVE-2022-47629 | 3 Debian, Gnupg, Redhat | 9 Debian Linux, Libksba, Enterprise Linux and 6 more | 2025-04-16 | 9.8 Critical |
| Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. | ||||
| CVE-2021-27427 | 1 Riot-os | 1 Riot | 2025-04-16 | 7.3 High |
| RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | ||||
| CVE-2021-27417 | 1 Ecoscentric | 1 Ecospro | 2025-04-16 | 4.6 Medium |
| eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow. | ||||
| CVE-2021-27411 | 1 Silabs | 1 Micrium Os | 2025-04-16 | 6.5 Medium |
| Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as very small blocks of memory being allocated instead of very large ones. | ||||
| CVE-2021-27419 | 1 Uclibc-ng Project | 1 Uclibc-ng | 2025-04-16 | 7.3 High |
| uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | ||||
| CVE-2021-27425 | 1 Cesanta | 1 Mongoose Os | 2025-04-16 | 7.3 High |
| Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | ||||
| CVE-2021-27435 | 1 Arm | 1 Mbed | 2025-04-16 | 7.3 High |
| ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | ||||
| CVE-2021-27431 | 1 Arm | 1 Cmsis-rtos | 2025-04-16 | 7.3 High |
| ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution. | ||||
| CVE-2021-27421 | 1 Nxp | 1 Mcuxpresso Software Development Kit | 2025-04-16 | 7.3 High |
| NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to unexpected behavior such segmentation fault when assigning a particular block of memory from the heap via malloc. | ||||