Total
2006 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26945 | 1 Openexr | 1 Openexr | 2022-10-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. | |||||
| CVE-2022-24106 | 1 Glyphandcog | 1 Xpdfreader | 2022-10-18 | N/A | 7.8 HIGH |
| In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc. | |||||
| CVE-2022-24107 | 1 Glyphandcog | 1 Xpdfreader | 2022-10-18 | N/A | 7.8 HIGH |
| Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. | |||||
| CVE-2022-28195 | 1 Nvidia | 3 Jetson Agx Xavier, Jetson Linux, Jetson Xavier Nx | 2022-10-14 | 4.6 MEDIUM | 5.7 MEDIUM |
| NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components. | |||||
| CVE-2020-0198 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2022-10-13 | 5.0 MEDIUM | 7.5 HIGH |
| In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146428941 | |||||
| CVE-2020-0181 | 3 Fedoraproject, Google, Libexif Project | 3 Fedora, Android, Libexif | 2022-10-13 | 5.0 MEDIUM | 7.5 HIGH |
| In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145075076 | |||||
| CVE-2022-28197 | 1 Nvidia | 3 Jetson Agx Xavier, Jetson Linux, Jetson Xavier Nx | 2022-10-13 | 4.4 MEDIUM | 5.0 MEDIUM |
| NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult-to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. The scope of impact can extend to other components. | |||||
| CVE-2019-9278 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2022-10-13 | 6.8 MEDIUM | 8.8 HIGH |
| In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774 | |||||
| CVE-2022-41550 | 1 Gnu | 1 Osip | 2022-10-13 | N/A | 6.5 MEDIUM |
| GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header. | |||||
| CVE-2022-20423 | 1 Google | 1 Android | 2022-10-12 | N/A | 4.6 MEDIUM |
| In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239842288References: Upstream kernel | |||||
| CVE-2022-20410 | 1 Google | 1 Android | 2022-10-12 | N/A | 7.5 HIGH |
| In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-205570663 | |||||
| CVE-2021-0951 | 1 Google | 1 Android | 2022-10-12 | N/A | 7.8 HIGH |
| In DevmemIntHeapAcquire of TBD, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242345085 | |||||
| CVE-2019-6753 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2022-10-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.3.0.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Stuff method. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7561. | |||||
| CVE-2022-35289 | 1 Facebook | 1 Hermes | 2022-10-11 | N/A | 9.8 CRITICAL |
| A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2019-5806 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2022-10-11 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-5795 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2022-10-11 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. | |||||
| CVE-2019-5792 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2022-10-11 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. | |||||
| CVE-2019-5788 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2022-10-11 | 9.3 HIGH | 8.8 HIGH |
| An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2019-5789 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2022-10-11 | 9.3 HIGH | 8.8 HIGH |
| An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2019-5790 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2022-10-11 | 6.8 MEDIUM | 8.8 HIGH |
| An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||||