Total
2006 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-3933 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2023-02-03 | 4.3 MEDIUM | 5.5 MEDIUM |
An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 bits. This could cause an invalid bytesPerLine and maxBytesPerLine value, which could lead to problems with application stability or lead to other attack paths. | |||||
CVE-2017-12081 | 2 Blender, Debian | 2 Blender, Debian Linux | 2023-02-03 | 6.8 MEDIUM | 7.8 HIGH |
An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. | |||||
CVE-2022-22976 | 3 Netapp, Oracle, Vmware | 3 Active Iq Unified Manager, Financial Services Crime And Compliance Management Studio, Spring Security | 2023-02-02 | 4.3 MEDIUM | 5.3 MEDIUM |
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE. | |||||
CVE-2017-12101 | 2 Blender, Debian | 2 Blender, Debian Linux | 2023-02-02 | 6.8 MEDIUM | 7.8 HIGH |
An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. | |||||
CVE-2017-12102 | 2 Blender, Debian | 2 Blender, Debian Linux | 2023-02-02 | 6.8 MEDIUM | 7.8 HIGH |
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. | |||||
CVE-2017-12100 | 2 Blender, Debian | 2 Blender, Debian Linux | 2023-02-02 | 6.8 MEDIUM | 7.8 HIGH |
An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. | |||||
CVE-2017-12082 | 2 Blender, Debian | 2 Blender, Debian Linux | 2023-02-02 | 6.8 MEDIUM | 7.8 HIGH |
An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability. | |||||
CVE-2017-12086 | 2 Blender, Debian | 2 Blender, Debian Linux | 2023-02-02 | 6.8 MEDIUM | 7.8 HIGH |
An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability. | |||||
CVE-2017-12099 | 2 Blender, Debian | 2 Blender, Debian Linux | 2023-02-02 | 6.8 MEDIUM | 7.8 HIGH |
An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. | |||||
CVE-2017-12105 | 2 Blender, Debian | 2 Blender, Debian Linux | 2023-02-02 | 6.8 MEDIUM | 7.8 HIGH |
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. | |||||
CVE-2017-12104 | 2 Blender, Debian | 2 Blender, Debian Linux | 2023-02-02 | 6.8 MEDIUM | 7.8 HIGH |
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. | |||||
CVE-2017-12103 | 2 Blender, Debian | 2 Blender, Debian Linux | 2023-02-02 | 6.8 MEDIUM | 7.8 HIGH |
An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability. | |||||
CVE-2019-13110 | 4 Canonical, Debian, Exiv2 and 1 more | 4 Ubuntu Linux, Debian Linux, Exiv2 and 1 more | 2023-02-02 | 4.3 MEDIUM | 6.5 MEDIUM |
A CiffDirectory::readDirectory integer overflow and out-of-bounds read in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted CRW image file. | |||||
CVE-2021-3476 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2023-02-02 | 5.0 MEDIUM | 5.3 MEDIUM |
A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to OpenEXR could trigger shift overflows, potentially affecting application availability. | |||||
CVE-2022-35977 | 1 Redis | 1 Redis | 2023-02-02 | N/A | 5.5 MEDIUM |
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2023-22458 | 1 Redis | 1 Redis | 2023-02-02 | N/A | 5.5 MEDIUM |
Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2019-19746 | 2 Fedoraproject, Fig2dev Project | 2 Fedora, Fig2dev | 2023-02-01 | 4.3 MEDIUM | 5.5 MEDIUM |
make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. | |||||
CVE-2019-19911 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-02-01 | 5.0 MEDIUM | 7.5 HIGH |
There is a DoS vulnerability in Pillow before 6.2.2 caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. On Windows running 32-bit Python, this results in an OverflowError or MemoryError due to the 2 GB limit. However, on Linux running 64-bit Python this results in the process being terminated by the OOM killer. | |||||
CVE-2022-4202 | 1 Gpac | 1 Gpac | 2023-02-01 | N/A | 8.8 HIGH |
A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. It is recommended to apply a patch to fix this issue. VDB-214518 is the identifier assigned to this vulnerability. | |||||
CVE-2022-4172 | 2 Fedoraproject, Qemu | 2 Fedora, Qemu | 2023-02-01 | N/A | 6.5 MEDIUM |
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest could use these flaws to crash the QEMU process on the host. |