Total
2006 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5294 | 2 Debian, Libming | 2 Debian Linux, Libming | 2019-04-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file. | |||||
| CVE-2018-11822 | 1 Qualcomm | 8 Sd 835, Sd 835 Firmware, Sd 845 and 5 more | 2019-04-25 | 7.2 HIGH | 7.8 HIGH |
| A possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660 | |||||
| CVE-2018-11821 | 1 Qualcomm | 42 Ipq8074, Ipq8074 Firmware, Mdm9206 and 39 more | 2019-04-25 | 7.2 HIGH | 7.8 HIGH |
| Possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016 | |||||
| CVE-2018-20820 | 1 Dropbox | 1 Lepton | 2019-04-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to cause a denial-of-service (application runtime crash because of an integer overflow) via a crafted file. | |||||
| CVE-2019-11072 | 1 Lighttpd | 1 Lighttpd | 2019-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit." | |||||
| CVE-2018-13053 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-04-23 | 2.1 LOW | 3.3 LOW |
| The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. | |||||
| CVE-2018-14618 | 4 Canonical, Debian, Haxx and 1 more | 4 Ubuntu Linux, Debian Linux, Libcurl and 1 more | 2019-04-22 | 10.0 HIGH | 9.8 CRITICAL |
| curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.) | |||||
| CVE-2016-5766 | 6 Debian, Fedoraproject, Freebsd and 3 more | 7 Debian Linux, Fedora, Freebsd and 4 more | 2019-04-22 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image. | |||||
| CVE-2018-11894 | 1 Google | 1 Android | 2019-04-18 | 7.2 HIGH | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing preferred network offload scan results integer overflow may lead to buffer overflow when large frame length is received from FW. | |||||
| CVE-2019-0689 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-04-09 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0682, CVE-2019-0692, CVE-2019-0693, CVE-2019-0694. | |||||
| CVE-2019-0693 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-04-09 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0682, CVE-2019-0689, CVE-2019-0692, CVE-2019-0694. | |||||
| CVE-2019-0692 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-04-09 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0682, CVE-2019-0689, CVE-2019-0693, CVE-2019-0694. | |||||
| CVE-2019-0694 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-04-09 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0682, CVE-2019-0689, CVE-2019-0692, CVE-2019-0693. | |||||
| CVE-2019-0682 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-04-09 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0689, CVE-2019-0692, CVE-2019-0693, CVE-2019-0694. | |||||
| CVE-2018-13226 | 1 Ylctoken Project | 1 Ylctoken | 2019-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| The sell function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | |||||
| CVE-2018-10244 | 1 Suricata-ids | 1 Suricata | 2019-04-06 | 7.5 HIGH | 9.8 CRITICAL |
| Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check. | |||||
| CVE-2019-6250 | 2 Debian, Zeromq | 2 Debian Linux, Libzmq | 2019-04-03 | 9.0 HIGH | 8.8 HIGH |
| A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer (i.e., it is not necessary to use a typical buffer-overflow exploitation technique that changes the flow of control). | |||||
| CVE-2018-12896 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-04-03 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls. | |||||
| CVE-2018-11879 | 1 Qualcomm | 2 Sd 845, Sd 845 Firmware | 2019-04-03 | 7.2 HIGH | 7.8 HIGH |
| When the buffer length passed is very large, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in version SD 845 | |||||
| CVE-2016-9082 | 1 Cairographics | 1 Cairo | 2019-04-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file. | |||||