Search
Total
1243 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14343 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer. | |||||
| CVE-2019-13203 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2020-03-18 | 9.0 HIGH | 8.8 HIGH |
| Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by an integer overflow vulnerability in the arg3 parameter of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. | |||||
| CVE-2019-9098 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2020-03-17 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An Integer overflow in the built-in web server allows remote attackers to initiate DoS. | |||||
| CVE-2018-13328 | 1 Pfg Project | 1 Pfg | 2020-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| The transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow. | |||||
| CVE-2018-13071 | 1 Ccindextoken Project | 1 Ccindextoken | 2020-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2016-9445 | 1 Gstreamer Project | 1 Gstreamer | 2020-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow. | |||||
| CVE-2018-13082 | 1 Moditokenerc20 Project | 1 Moditokenerc20 | 2020-02-20 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for MODI Token (MODI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13081 | 1 Gzstoken Project | 1 Gzstoken | 2020-02-20 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for GZS Token (GZS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13083 | 1 Plazatoken Project | 1 Plazatoken | 2020-02-20 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Plaza Token (PLAZA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13084 | 1 Goodtimecoin Project | 1 Goodtimecoin | 2020-02-20 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Good Time Coin (GTY), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13087 | 1 Coinstar Myadvancedtoken Project | 1 Coinstar Myadvancedtoken | 2020-02-20 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Coinstar (CSTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13088 | 1 Tokenerc20 Project | 1 Tokenerc20 | 2020-02-20 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Futures Pease (FP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2020-8844 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2020-02-18 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG files within CovertToPDF. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9102. | |||||
| CVE-2018-13211 | 1 Mytokenshr Project | 1 Mytokenshr | 2020-02-18 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for MyToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | |||||
| CVE-2014-4607 | 1 Oberhumer | 2 Liblzo2, Lzo2 | 2020-02-14 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run. | |||||
| CVE-2019-11484 | 2 Canonical, Whoopsie Project | 2 Ubuntu Linux, Whoopsie | 2020-02-12 | 4.6 MEDIUM | 7.8 HIGH |
| Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie. | |||||
| CVE-2018-13495 | 1 Kmctoken Project | 1 Kmctoken | 2020-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for KMCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13479 | 1 Slidebitstoken Project | 1 Slidebitstoken | 2020-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for SlidebitsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13473 | 1 Ohni Project | 1 Ohni | 2020-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13534 | 1 Speedcashtoken Project | 1 Speedcashtoken | 2020-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for SpeedCashLite (SCSL), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13543 | 1 Gemstonetoken Project | 1 Gemstonetoken | 2020-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for GemstoneToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2013-2806 | 1 Rockwellautomation | 1 Rslinx Enterprise | 2020-02-10 | 7.8 HIGH | 7.5 HIGH |
| Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size.” Then the service will calculate an incorrect value for the “End of Current Record” field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599 | |||||
| CVE-2019-14051 | 1 Qualcomm | 4 Mdm9206, Mdm9206 Firmware, Mdm9607 and 1 more | 2020-02-10 | 7.2 HIGH | 7.8 HIGH |
| Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607 | |||||
| CVE-2018-13041 | 1 Linktoken Project | 1 Linktoken | 2020-02-06 | 5.0 MEDIUM | 7.5 HIGH |
| The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13474 | 1 Fanschaintoken Project | 1 Fanschaintoken | 2020-02-06 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for FansChainToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2020-5310 | 1 Python | 1 Pillow | 2020-01-31 | 6.8 MEDIUM | 8.8 HIGH |
| libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. | |||||
| CVE-2018-13718 | 1 Futurxe | 1 Futurxe | 2020-01-29 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for FuturXe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2012-5340 | 2 Artifex, Sumatrapdfreader | 2 Mupdf, Sumatrapdf | 2020-01-28 | 6.8 MEDIUM | 7.8 HIGH |
| SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file. | |||||
| CVE-2019-19413 | 1 Huawei | 14 Dbs3900 Tdd Lte, Dbs3900 Tdd Lte Firmware, Dp300 and 11 more | 2020-01-28 | 7.8 HIGH | 7.5 HIGH |
| There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash. | |||||
| CVE-2019-19414 | 1 Huawei | 14 Dbs3900 Tdd Lte, Dbs3900 Tdd Lte Firmware, Dp300 and 11 more | 2020-01-28 | 7.8 HIGH | 7.5 HIGH |
| There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash. | |||||
| CVE-2019-13126 | 1 Nats | 1 Nats Server | 2020-01-28 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated. | |||||
| CVE-2015-1530 | 1 Google | 1 Android | 2020-01-28 | 6.0 MEDIUM | 7.8 HIGH |
| media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size. | |||||
| CVE-2014-4609 | 1 Libav | 1 Libav | 2020-01-21 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run. | |||||
| CVE-2014-4610 | 1 Ffmpeg | 1 Ffmpeg | 2020-01-21 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run. | |||||
| CVE-2018-5733 | 4 Canonical, Debian, Isc and 1 more | 8 Ubuntu Linux, Debian Linux, Dhcp and 5 more | 2020-01-09 | 5.0 MEDIUM | 7.5 HIGH |
| A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0. | |||||
| CVE-2019-20205 | 1 Libsixel Project | 1 Libsixel | 2020-01-06 | 6.8 MEDIUM | 8.8 HIGH |
| libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c. | |||||
| CVE-2019-18675 | 1 Linux | 1 Linux Kernel | 2020-01-03 | 7.2 HIGH | 7.8 HIGH |
| The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation. | |||||
| CVE-2018-17088 | 1 Jhead Project | 1 Jhead | 2019-12-31 | 6.8 MEDIUM | 7.8 HIGH |
| The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. This gpsinfo.c vulnerability is unrelated to the CVE-2018-16554 gpsinfo.c vulnerability. | |||||
| CVE-2016-6250 | 2 Libarchive, Oracle | 2 Libarchive, Linux | 2019-12-27 | 7.5 HIGH | 8.6 HIGH |
| Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow. | |||||
| CVE-2019-10537 | 1 Qualcomm | 30 Mdm9607, Mdm9607 Firmware, Nicobar and 27 more | 2019-12-23 | 7.2 HIGH | 7.8 HIGH |
| Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eventually will lead to buffer overwrite when event data is copied to context buffer in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2018-11561 | 1 Erc20token Project | 1 Erc20token | 2019-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow in the unprotected distributeToken function of a smart contract implementation for EETHER (EETHER), an Ethereum ERC20 token, will lead to an unauthorized increase of an attacker's digital assets. | |||||
| CVE-2019-10592 | 1 Qualcomm | 78 Apq8017, Apq8017 Firmware, Apq8053 and 75 more | 2019-12-13 | 4.6 MEDIUM | 7.8 HIGH |
| Possible integer overflow while multiplying two integers of 32 bit in QDCM API of get display modes as there is no check on the maximum mode count in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2019-10530 | 1 Qualcomm | 72 Mdm9150, Mdm9150 Firmware, Mdm9206 and 69 more | 2019-12-13 | 4.6 MEDIUM | 7.8 HIGH |
| Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 | |||||
| CVE-2011-3631 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2019-12-04 | 6.8 MEDIUM | 8.8 HIGH |
| Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges. | |||||
| CVE-2018-13760 | 1 Moneychainnettoken Project | 1 Moneychainnettoken | 2019-11-26 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-14005 | 1 Malaysiancoin Project | 1 Malaysiancoin | 2019-11-26 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user's balance. | |||||
| CVE-2018-14006 | 1 Ngtoken Project | 1 Ngtoken | 2019-11-25 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user's balance. | |||||
| CVE-2018-13781 | 1 Myylctoken Project | 1 Myylctoken | 2019-11-25 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2019-5288 | 1 Huawei | 2 P30, P30 Firmware | 2019-11-18 | 9.3 HIGH | 7.8 HIGH |
| P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this vulnerability. Successful exploit could cause the program to break down or allow for arbitrary code execution. | |||||
| CVE-2019-5287 | 1 Huawei | 2 P30, P30 Firmware | 2019-11-18 | 9.3 HIGH | 7.8 HIGH |
| P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root permission and constructs specific parameters to the camera program to exploit this vulnerability. Successful exploit could cause the program to break down or allow for arbitrary code execution. | |||||