Total
2826 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-45555 | 1 Qualcomm | 82 Msm8996au, Msm8996au Firmware, Qam8255p and 79 more | 2025-01-13 | N/A | 8.4 HIGH |
| Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image. | |||||
| CVE-2024-56451 | 1 Huawei | 1 Harmonyos | 2025-01-13 | N/A | 7.3 HIGH |
| Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-42384 | 1 Cesanta | 1 Mongoose | 2025-01-13 | N/A | 7.5 HIGH |
| Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application. | |||||
| CVE-2024-10917 | 1 Eclipse | 1 Openj9 | 2025-01-09 | N/A | 3.7 LOW |
| In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters. | |||||
| CVE-2024-40765 | 2025-01-09 | N/A | 9.8 CRITICAL | ||
| An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload. | |||||
| CVE-2024-26171 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-08 | N/A | 6.7 MEDIUM |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-55656 | 2025-01-08 | N/A | 8.8 HIGH | ||
| RedisBloom adds a set of probabilistic data structures to Redis. There is an integer overflow vulnerability in RedisBloom, which is a module used in Redis. The integer overflow vulnerability allows an attacker (a redis client which knows the password) to allocate memory in the heap lesser than the required memory due to wraparound. Then read and write can be performed beyond this allocated memory, leading to info leak and OOB write. The integer overflow is in CMS.INITBYDIM command, which initialize a Count-Min Sketch to dimensions specified by user. It accepts two values (width and depth) and uses them to allocate memory in NewCMSketch(). This vulnerability is fixed in 2.2.19, 2.4.12, 2.6.14, and 2.8.2. | |||||
| CVE-2024-51737 | 2025-01-08 | N/A | 7.0 HIGH | ||
| RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an integer overflow, leading to heap overflow and potential remote code execution. This vulnerability is fixed in 2.6.24, 2.8.21, and 2.10.10. Avoid setting value of -1 or large values for configuration parameters MAXSEARCHRESULTS and MAXAGGREGATERESULTS, to avoid exploiting large LIMIT arguments. | |||||
| CVE-2024-51480 | 2025-01-08 | N/A | 7.0 HIGH | ||
| RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This vulnerability is fixed in 1.6.20, 1.8.15, 1.10.15, and 1.12.3. | |||||
| CVE-2024-30021 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-01-08 | N/A | 6.8 MEDIUM |
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-30012 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-01-08 | N/A | 6.8 MEDIUM |
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-49078 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-01-08 | N/A | 6.8 MEDIUM |
| Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-49089 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-08 | N/A | 7.2 HIGH |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||
| CVE-2024-49085 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-01-08 | N/A | 8.8 HIGH |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||
| CVE-2024-3757 | 1 Openatom | 1 Openharmony | 2025-01-02 | N/A | 3.3 LOW |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow. | |||||
| CVE-2024-7025 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
| Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-9123 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
| Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-35644 | 1 Microsoft | 8 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 5 more | 2025-01-01 | N/A | 7.8 HIGH |
| Windows Sysmain Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-35905 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-12-30 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflowing its signed int representation. This should not actually happen, as there are other protections along the way, but we should protect against it anyway. One code path was missing such protections (fixed in the previous patch in the series), causing out-of-bounds array accesses in check_stack_range_initialized(). This patch causes the verification of a program with such a non-sensical access size to fail. This check used to exist in a more indirect way, but was inadvertendly removed in a833a17aeac7. | |||||
| CVE-2024-50944 | 2024-12-28 | N/A | 9.8 CRITICAL | ||
| Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method. | |||||