Search
Total
1941 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-21089 | 2 Google, Mediatek | 3 Android, Mt6755, Mt6757 | 2020-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.x) (MT6755/MT6757 Mediatek models) software. Bootloader has an integer overflow that leads to arbitrary code execution via the download offset control. The Samsung ID is SVE-2017-10732 (January 2018). | |||||
| CVE-2017-18651 | 1 Google | 1 Android | 2020-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. There is an Integer Overflow in process_M_SetTokenTUIPasswd during handling of a trusted application, leading to memory corruption. The Samsung IDs are SVE-2017-9008 and SVE-2017-9009 (October 2017). | |||||
| CVE-2017-9831 | 1 Libmtp Project | 1 Libmtp | 2020-04-05 | 4.6 MEDIUM | 6.8 MEDIUM |
| An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable. | |||||
| CVE-2017-9832 | 1 Libmtp Project | 1 Libmtp | 2020-04-05 | 4.6 MEDIUM | 6.8 MEDIUM |
| An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function) of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable. | |||||
| CVE-2017-7982 | 1 Libimobiledevice | 1 Libplist | 2020-04-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file. | |||||
| CVE-2019-20561 | 1 Google | 1 Android | 2020-03-27 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. The bootloader has an integer signedness error. The Samsung ID is SVE-2019-15230 (October 2019). | |||||
| CVE-2020-8874 | 1 Parallels | 1 Parallels Desktop | 2020-03-25 | 4.6 MEDIUM | 6.7 MEDIUM |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-10032. | |||||
| CVE-2018-14343 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer. | |||||
| CVE-2018-14341 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow. | |||||
| CVE-2019-13203 | 1 Kyocera | 2 Ecosys M5526cdw, Ecosys M5526cdw Firmware | 2020-03-18 | 9.0 HIGH | 8.8 HIGH |
| Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by an integer overflow vulnerability in the arg3 parameter of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. | |||||
| CVE-2019-9098 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2020-03-17 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An Integer overflow in the built-in web server allows remote attackers to initiate DoS. | |||||
| CVE-2019-14086 | 1 Qualcomm | 36 Apq8098, Apq8098 Firmware, Mdm9607 and 33 more | 2020-03-06 | 10.0 HIGH | 9.8 CRITICAL |
| Possible integer overflow while checking the length of frame which is a 32 bit integer and is added to another 32 bit integer which can lead to unexpected result during the check in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, MDM9607, MSM8998, QCA6584, QCN7605, QCS605, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130 | |||||
| CVE-2018-13328 | 1 Pfg Project | 1 Pfg | 2020-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| The transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow. | |||||
| CVE-2018-13071 | 1 Ccindextoken Project | 1 Ccindextoken | 2020-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2016-9445 | 1 Gstreamer Project | 1 Gstreamer | 2020-02-24 | 5.0 MEDIUM | 7.5 HIGH |
| Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow. | |||||
| CVE-2018-11574 | 1 Point-to-point Protocol Project | 1 Point-to-point Protocol | 2020-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffected. | |||||
| CVE-2018-13082 | 1 Moditokenerc20 Project | 1 Moditokenerc20 | 2020-02-20 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for MODI Token (MODI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13081 | 1 Gzstoken Project | 1 Gzstoken | 2020-02-20 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for GZS Token (GZS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13083 | 1 Plazatoken Project | 1 Plazatoken | 2020-02-20 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Plaza Token (PLAZA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13084 | 1 Goodtimecoin Project | 1 Goodtimecoin | 2020-02-20 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Good Time Coin (GTY), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13087 | 1 Coinstar Myadvancedtoken Project | 1 Coinstar Myadvancedtoken | 2020-02-20 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Coinstar (CSTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13088 | 1 Tokenerc20 Project | 1 Tokenerc20 | 2020-02-20 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for Futures Pease (FP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2010-1449 | 1 Python | 1 Python | 2020-02-18 | 7.5 HIGH | N/A |
| Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12. | |||||
| CVE-2018-14086 | 1 Mytoken Project | 1 Mytoken | 2020-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token. The contract has an integer overflow. If the owner sets the value of sellPrice to a large number in setPrices() then the "amount * sellPrice" will cause an integer overflow in sell(). | |||||
| CVE-2018-14084 | 1 Myadvancedtoken Project | 1 Myadvancedtoken | 2020-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. If the owner sets the value of sellPrice to a large number in setPrices() then the "amount * sellPrice" will cause an integer overflow in sell(). | |||||
| CVE-2018-14087 | 1 Encryptedtoken Project | 1 Encryptedtoken | 2020-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The contract has an integer overflow. If the owner sets the value of buyPrice to a large number in setPrices() then the "msg.value * buyPrice" will cause an integer overflow in the fallback function. | |||||
| CVE-2020-8844 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2020-02-18 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG files within CovertToPDF. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9102. | |||||
| CVE-2018-13211 | 1 Mytokenshr Project | 1 Mytokenshr | 2020-02-18 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for MyToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | |||||
| CVE-2014-4607 | 1 Oberhumer | 2 Liblzo2, Lzo2 | 2020-02-14 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run. | |||||
| CVE-2019-11484 | 2 Canonical, Whoopsie Project | 2 Ubuntu Linux, Whoopsie | 2020-02-12 | 4.6 MEDIUM | 7.8 HIGH |
| Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie. | |||||
| CVE-2018-13495 | 1 Kmctoken Project | 1 Kmctoken | 2020-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for KMCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13479 | 1 Slidebitstoken Project | 1 Slidebitstoken | 2020-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for SlidebitsToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13473 | 1 Ohni Project | 1 Ohni | 2020-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13534 | 1 Speedcashtoken Project | 1 Speedcashtoken | 2020-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for SpeedCashLite (SCSL), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13543 | 1 Gemstonetoken Project | 1 Gemstonetoken | 2020-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for GemstoneToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2020-3120 | 1 Cisco | 143 Asr 9000v, Asr 9001, Asr 9006 and 140 more | 2020-02-11 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a missing check when the affected software processes Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to exhaust system memory, causing the device to reload. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | |||||
| CVE-2013-2806 | 1 Rockwellautomation | 1 Rslinx Enterprise | 2020-02-10 | 7.8 HIGH | 7.5 HIGH |
| Rockwell Automation RSLinx Enterprise Software (LogReceiver.exe) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 does not handle input correctly and results in a logic error if it calculates an incorrect value for the “End of Current Record” field. By sending a datagram to the service over Port 4444/UDP with the “Record Data Size” field modified to a specifically oversized value, the service will calculate an undersized value for the “Total Record Size.” Then the service will calculate an incorrect value for the “End of Current Record” field causing access violations that lead to a service crash. The service can be recovered with a manual reboot. The patches and details pertaining to these vulnerabilities can be found at the following Rockwell Automation security advisory link (login is required): https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599 | |||||
| CVE-2017-18187 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2020-02-10 | 7.5 HIGH | 9.8 CRITICAL |
| In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c. | |||||
| CVE-2019-14051 | 1 Qualcomm | 4 Mdm9206, Mdm9206 Firmware, Mdm9607 and 1 more | 2020-02-10 | 7.2 HIGH | 7.8 HIGH |
| Subsequent additions performed during Module loading while allocating the memory would lead to integer overflow and then to buffer overflow in Snapdragon Industrial IOT in MDM9206, MDM9607 | |||||
| CVE-2014-4860 | 1 Tianocore | 1 Edk2 | 2020-02-07 | 7.2 HIGH | 6.8 MEDIUM |
| Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase. | |||||
| CVE-2018-13041 | 1 Linktoken Project | 1 Linktoken | 2020-02-06 | 5.0 MEDIUM | 7.5 HIGH |
| The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2018-13474 | 1 Fanschaintoken Project | 1 Fanschaintoken | 2020-02-06 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for FansChainToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2014-4859 | 1 Tianocore | 1 Edk2 | 2020-02-06 | 7.2 HIGH | 6.8 MEDIUM |
| Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data. | |||||
| CVE-2015-4042 | 1 Gnu | 1 Coreutils | 2020-02-01 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings. | |||||
| CVE-2020-5310 | 1 Python | 1 Pillow | 2020-01-31 | 6.8 MEDIUM | 8.8 HIGH |
| libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. | |||||
| CVE-2013-3486 | 1 Irfanview | 1 Flashpix Plugin | 2020-01-30 | 9.3 HIGH | 9.6 CRITICAL |
| IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerability | |||||
| CVE-2013-3493 | 1 Xnview | 1 Xnview | 2020-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| XnView 2.03 has an integer overflow vulnerability | |||||
| CVE-2018-13718 | 1 Futurxe | 1 Futurxe | 2020-01-29 | 5.0 MEDIUM | 7.5 HIGH |
| The mintToken function of a smart contract implementation for FuturXe, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | |||||
| CVE-2012-5340 | 2 Artifex, Sumatrapdfreader | 2 Mupdf, Sumatrapdf | 2020-01-28 | 6.8 MEDIUM | 7.8 HIGH |
| SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file. | |||||
| CVE-2019-19413 | 1 Huawei | 14 Dbs3900 Tdd Lte, Dbs3900 Tdd Lte Firmware, Dp300 and 11 more | 2020-01-28 | 7.8 HIGH | 7.5 HIGH |
| There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash. | |||||