Skip to main content

Integer Overflow

2762 CVEs technique

Monthly

CVE-2020-15986 MEDIUM This Month

Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow Chrome Fedora +2
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-15975 HIGH This Week

Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow Chrome Fedora +2
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-15974 HIGH This Week

Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow Chrome Backports Sle +2
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2020-9875 HIGH This Week

An integer overflow was addressed through improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Microsoft Integer Overflow Icloud +6
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-26682 HIGH POC This Week

In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Libass
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-0408 HIGH This Week

In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Integer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-16124 CRITICAL PATCH Act Now

Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Ros Comm
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-24397 HIGH This Week

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Zoho RCE Integer Overflow Manageengine Desktop Central
NVD
CVSS 3.1
7.2
EPSS
27.8%
CVE-2020-14378 LOW PATCH Monitor

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Integer Overflow Data Plane Development Kit Ubuntu Linux Leap
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2020-24213 HIGH POC This Week

An integer overflow was discovered in YGOPro ygocore v13.51. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Ygocore
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-6569 MEDIUM POC PATCH This Month

Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Buffer Overflow Integer Overflow Chrome Backports Sle +3
NVD
CVSS 3.1
6.3
EPSS
1.3%
CVE-2020-0309 MEDIUM This Month

In the Bluetooth server, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Integer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2020-0369 HIGH This Week

In libavb, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Integer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0346 HIGH This Week

In Mediaserver, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Integer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0264 HIGH This Week

In libstagefright, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Integer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-0432 HIGH PATCH This Week

In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Buffer Overflow Privilege Escalation Integer Overflow Android +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0381 HIGH PATCH This Week

In Parse_wave of eas_mdls.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow Information Disclosure Integer Overflow Android
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-6113 HIGH POC THREAT This Week

An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Integer Overflow Nitro Pro
NVD
CVSS 3.1
7.8
EPSS
68.6%
CVE-2020-14362 HIGH PATCH This Week

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Integer Overflow X Server Ubuntu Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-14361 HIGH PATCH This Week

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Integer Overflow X Server Ubuntu Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-14346 HIGH PATCH This Week

A flaw was found in xorg-x11-server before 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Integer Overflow X Server Ubuntu Linux Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-25574 Cargo HIGH POC PATCH This Week

An issue was discovered in the http crate before 0.1.20 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow Http
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-14363 HIGH POC This Week

An integer overflow vulnerability leading to a double-free was found in libX11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Integer Overflow Libx11 Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-6327 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Integer Overflow 3D Visual Enterprise Viewer
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2020-3634 CRITICAL Act Now

u'Multiple Read overflows issue due to improper length check while decoding Generic NAS transport/EMM info' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow Apq8053 Firmware Apq8096Au Firmware +48
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2020-3675 CRITICAL Act Now

u'Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Integer Overflow Ipq5018 Firmware Ipq6018 Firmware +17
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-3624 HIGH This Week

u'A potential buffer overflow exists due to integer overflow when parsing handler options due to wrong data type usage in operation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow Apq8009 Firmware Apq8017 Firmware +59
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-3620 MEDIUM This Month

u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport can lead to corruption and potential information leak' in Snapdragon. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Integer Overflow Apq8009 Firmware Apq8053 Firmware +61
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-12829 LOW PATCH Monitor

In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Denial Of Service Integer Overflow Qemu Ubuntu Linux Debian Linux
NVD
CVSS 3.1
3.8
EPSS
0.4%
CVE-2020-17396 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Parallels Desktop
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-17395 HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Integer Overflow Parallels Desktop
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2020-9095 MEDIUM This Month

HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160(C00E160R2P8) has an integer overflow vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Huawei Integer Overflow P30 Pro Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-24370 MEDIUM POC PATCH This Month

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Lua Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
3.8%
CVE-2020-15137 MEDIUM This Month

All versions of HoRNDIS are affected by an integer overflow in the RNDIS packet parsing routines. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Horndis
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2020-0240 HIGH This Week

In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE Integer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2020-14344 MEDIUM PATCH This Month

An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Red Hat Integer Overflow Libx11 Fedora +2
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2020-14309 MEDIUM This Month

There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Grub2 Leap
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2020-14308 MEDIUM This Month

In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. Rated medium severity (CVSS 6.4). No vendor patch available.

Buffer Overflow Integer Overflow Grub2 Leap
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2020-15588 CRITICAL Act Now

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zoho RCE Integer Overflow Manageengine Desktop Central
NVD
CVSS 3.1
9.8
EPSS
12.7%
CVE-2020-6098 HIGH POC This Week

An exploitable denial of service vulnerability exists in the freeDiameter functionality of freeDiameter 1.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Integer Overflow Freediameter
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-15900 CRITICAL PATCH Act Now

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Ghostscript Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
5.2%
CVE-2020-6523 HIGH This Week

Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow Chrome Debian Linux +3
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2020-14699 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.5). No vendor patch available.

Information Disclosure Oracle Integer Overflow Vm Virtualbox Leap
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-1400 HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Integer Overflow Windows 10 Windows 7 +6
NVD
CVSS 3.1
7.8
EPSS
23.8%
CVE-2020-2031 MEDIUM This Month

An integer underflow vulnerability in the dnsproxyd component of the PAN-OS management interface allows authenticated administrators to issue a command from the command line interface that causes the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Integer Overflow Pan Os
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2020-7689 npm HIGH PATCH This Week

Data is truncated wrong when its length is greater than 255 bytes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Integer Overflow Node Bcrypt Js
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-12887 HIGH PATCH This Week

Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Integer Overflow Mbed Coap
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-14401 MEDIUM PATCH This Month

An issue was discovered in LibVNCServer before 0.9.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Libvncserver Debian Linux Leap +6
NVD GitHub
CVSS 3.1
6.5
EPSS
2.4%
CVE-2020-11909 MEDIUM POC This Month

The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Tcp Ip
NVD
CVSS 3.1
5.3
EPSS
3.6%
CVE-2020-11906 MEDIUM POC This Month

The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Tcp Ip
NVD
CVSS 3.1
6.3
EPSS
2.0%
CVE-2020-11904 HIGH POC This Week

The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Tcp Ip
NVD
CVSS 3.1
7.3
EPSS
3.2%
CVE-2020-14147 HIGH PATCH This Week

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Redis Integer Overflow Communications Operations Monitor +2
NVD GitHub
CVSS 3.1
7.7
EPSS
3.1%
CVE-2020-14155 MEDIUM PATCH This Month

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Pcre macOS Gitlab +12
NVD
CVSS 3.1
5.3
EPSS
4.2%
CVE-2020-13999 MEDIUM This Month

ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Libemf Fedora
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-0545 MEDIUM This Month

Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Integer Overflow Converged Security Management Engine Firmware Server Platform Services +1
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2020-0216 HIGH PATCH This Week

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Buffer Overflow Privilege Escalation Integer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0198 HIGH PATCH This Week

In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Integer Overflow Android Libexif +3
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2020-0194 HIGH PATCH This Week

In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow RCE Integer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-0181 HIGH PATCH This Week

In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Integer Overflow Android Libexif +1
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-0136 HIGH PATCH This Week

In multiple locations of Parcel.cpp, there is a possible out-of-bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Buffer Overflow Privilege Escalation Integer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-0117 CRITICAL PATCH Act Now

In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow RCE Integer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-1281 HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

RCE Microsoft Integer Overflow Windows 10 Windows 7 +6
NVD
CVSS 3.1
8.8
EPSS
14.5%
CVE-2020-9852 HIGH This Week

An integer overflow was addressed through improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Integer Overflow Ipados Iphone Os +3
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-9841 HIGH This Week

An integer overflow was addressed through improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Integer Overflow Mac Os X
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2020-13974 HIGH POC PATCH This Week

An issue was discovered in the Linux kernel 4.4 through 5.7.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Integer Overflow Linux Kernel Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-10063 HIGH PATCH This Week

A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Zephyr
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-10878 HIGH PATCH This Week

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Perl Fedora Leap +14
NVD GitHub
CVSS 3.1
8.6
EPSS
4.9%
CVE-2020-10543 HIGH PATCH This Week

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Perl Fedora Leap +12
NVD GitHub
CVSS 3.1
8.2
EPSS
11.3%
CVE-2020-13822 npm HIGH POC PATCH This Week

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Node.js Canonical Buffer Overflow Integer Overflow Elliptic
NVD GitHub
CVSS 3.1
7.7
EPSS
2.6%
CVE-2020-3641 CRITICAL Act Now

Integer overflow may occur if atom size is less than atom offset as there is improper validation of atom size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow Apq8009 Firmware Apq8053 Firmware +36
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2020-11039 MEDIUM This Month

In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Freerdp Leap Debian Linux
NVD GitHub
CVSS 3.1
6.8
EPSS
1.3%
CVE-2020-13434 MEDIUM POC PATCH This Month

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Sqlite Debian Linux Fedora +12
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2020-10726 MEDIUM PATCH This Month

A vulnerability was found in DPDK versions 19.11 and above. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Data Plane Development Kit Fedora Leap +1
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2020-10724 MEDIUM PATCH This Month

A vulnerability was found in DPDK versions 18.11 and above. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Integer Overflow Data Plane Development Kit Ubuntu Linux Fedora
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2020-10723 MEDIUM PATCH This Month

A memory corruption issue was found in DPDK versions 17.05 and above. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Data Plane Development Kit Ubuntu Linux Fedora +3
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-10722 MEDIUM PATCH This Month

A vulnerability was found in DPDK versions 18.05 and above. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Data Plane Development Kit Ubuntu Linux Fedora +3
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-6092 HIGH POC THREAT This Week

An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Integer Overflow Nitro Pro
NVD
CVSS 3.1
7.8
EPSS
42.3%
CVE-2020-12651 CRITICAL POC Act Now

SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Integer Overflow Securecrt
NVD
CVSS 3.1
9.8
EPSS
6.6%
CVE-2020-11523 MEDIUM POC PATCH This Month

libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Integer Overflow Freerdp Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
6.6
EPSS
2.0%
CVE-2020-12826 MEDIUM POC PATCH This Month

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Integer Overflow Linux Kernel Ubuntu Linux +2
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2020-10067 HIGH PATCH This Week

A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE Denial Of Service Integer Overflow Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-12762 HIGH POC This Week

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Json C Fedora Debian Linux +2
NVD GitHub
CVSS 3.1
7.8
EPSS
1.9%
CVE-2020-6094 HIGH POC This Week

An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Integer Overflow Imagegear
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2020-11869 LOW PATCH Monitor

An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Integer Overflow Qemu
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2020-12135 MEDIUM POC PATCH This Month

bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Whoopsie C Driver
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-11945 CRITICAL PATCH Act Now

An issue was discovered in Squid before 5.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

RCE Integer Overflow Squid Debian Linux Leap +2
NVD GitHub
CVSS 3.1
9.8
EPSS
27.2%
CVE-2020-11939 CRITICAL POC PATCH Act Now

In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Integer Overflow Ndpi
NVD GitHub
CVSS 3.1
9.8
EPSS
3.3%
CVE-2020-7083 MEDIUM This Month

An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Fbx Software Development Kit
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-2742 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Integer Overflow Vm Virtualbox Leap
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2020-11759 MEDIUM POC This Month

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Openexr Fedora Ubuntu Linux +8
NVD GitHub
CVSS 3.1
5.5
EPSS
1.7%
EPSS 1% CVSS 6.5
MEDIUM This Month

Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow +4
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An integer overflow was addressed through improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Microsoft +8
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Libass
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation +2
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Ros Comm
NVD GitHub
EPSS 28% CVSS 7.2
HIGH This Week

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Zoho RCE +2
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Integer Overflow Data Plane Development Kit +2
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An integer overflow was discovered in YGOPro ygocore v13.51. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Ygocore
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM POC PATCH This Month

Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Buffer Overflow Integer Overflow +5
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In the Bluetooth server, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In libavb, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Mediaserver, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In libstagefright, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Buffer Overflow Privilege Escalation +3
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In Parse_wave of eas_mdls.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow Information Disclosure +2
NVD
EPSS 69% CVSS 7.8
HIGH POC THREAT This Week

An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Integer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Integer Overflow +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Integer Overflow +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A flaw was found in xorg-x11-server before 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Integer Overflow X Server +2
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in the http crate before 0.1.20 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow Http
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

An integer overflow vulnerability leading to a double-free was found in libX11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Integer Overflow Libx11 +1
NVD GitHub
EPSS 2% CVSS 4.3
MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Integer Overflow +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

u'Multiple Read overflows issue due to improper length check while decoding Generic NAS transport/EMM info' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow +50
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

u'Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Integer Overflow +19
NVD
EPSS 0% CVSS 7.8
HIGH This Week

u'A potential buffer overflow exists due to integer overflow when parsing handler options due to wrong data type usage in operation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow +61
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport can lead to corruption and potential information leak' in Snapdragon. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Integer Overflow +63
NVD
EPSS 0% CVSS 3.8
LOW PATCH Monitor

In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Denial Of Service Integer Overflow Qemu +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Parallels Desktop
NVD
EPSS 0% CVSS 8.2
HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Integer Overflow Parallels Desktop
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160(C00E160R2P8) has an integer overflow vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Huawei Integer Overflow +1
NVD
EPSS 4% CVSS 5.3
MEDIUM POC PATCH This Month

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Lua +2
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

All versions of HoRNDIS are affected by an integer overflow in the RNDIS packet parsing routines. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Horndis
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Red Hat Integer Overflow +4
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Grub2 +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. Rated medium severity (CVSS 6.4). No vendor patch available.

Buffer Overflow Integer Overflow Grub2 +1
NVD
EPSS 13% CVSS 9.8
CRITICAL Act Now

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zoho RCE +2
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

An exploitable denial of service vulnerability exists in the freeDiameter functionality of freeDiameter 1.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Integer Overflow +1
NVD
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Ghostscript +2
NVD GitHub
EPSS 3% CVSS 8.8
HIGH This Week

Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow +5
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.5). No vendor patch available.

Information Disclosure Oracle Integer Overflow +2
NVD
EPSS 24% CVSS 7.8
HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Integer Overflow +8
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

An integer underflow vulnerability in the dnsproxyd component of the PAN-OS management interface allows authenticated administrators to issue a command from the command line interface that causes the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Integer Overflow +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Data is truncated wrong when its length is greater than 255 bytes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Integer Overflow Node Bcrypt Js
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Integer Overflow Mbed Coap
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in LibVNCServer before 0.9.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Libvncserver +8
NVD GitHub
EPSS 4% CVSS 5.3
MEDIUM POC This Month

The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Tcp Ip
NVD
EPSS 2% CVSS 6.3
MEDIUM POC This Month

The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Tcp Ip
NVD
EPSS 3% CVSS 7.3
HIGH POC This Week

The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Tcp Ip
NVD
EPSS 3% CVSS 7.7
HIGH PATCH This Week

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Redis +4
NVD GitHub
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Pcre +14
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Libemf +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Integer Overflow +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Buffer Overflow Privilege Escalation +2
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Integer Overflow +5
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow RCE +2
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Integer Overflow +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple locations of Parcel.cpp, there is a possible out-of-bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Buffer Overflow Privilege Escalation +2
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow RCE +2
NVD
EPSS 14% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

RCE Microsoft Integer Overflow +8
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An integer overflow was addressed through improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Integer Overflow +5
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An integer overflow was addressed through improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Integer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

An issue was discovered in the Linux kernel 4.4 through 5.7.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Integer Overflow +3
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Zephyr
NVD GitHub
EPSS 5% CVSS 8.6
HIGH PATCH This Week

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Perl +16
NVD GitHub
EPSS 11% CVSS 8.2
HIGH PATCH This Week

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Perl +14
NVD GitHub
EPSS 3% CVSS 7.7
HIGH POC PATCH This Week

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Node.js Canonical Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Integer overflow may occur if atom size is less than atom offset as there is improper validation of atom size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow +38
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Freerdp +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Sqlite +14
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

A vulnerability was found in DPDK versions 19.11 and above. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Data Plane Development Kit +3
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

A vulnerability was found in DPDK versions 18.11 and above. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Integer Overflow Data Plane Development Kit +2
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A memory corruption issue was found in DPDK versions 17.05 and above. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Data Plane Development Kit +5
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A vulnerability was found in DPDK versions 18.05 and above. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Data Plane Development Kit +5
NVD
EPSS 42% CVSS 7.8
HIGH POC THREAT This Week

An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Integer Overflow Nitro Pro
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Integer Overflow +1
NVD
EPSS 2% CVSS 6.6
MEDIUM POC PATCH This Month

libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Integer Overflow Freerdp +3
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Integer Overflow +4
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE Denial Of Service +2
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC This Week

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Json C +4
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC This Week

An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Integer Overflow +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Integer Overflow Qemu
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Whoopsie +1
NVD GitHub
EPSS 27% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Squid before 5.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

RCE Integer Overflow Squid +4
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Integer Overflow Ndpi
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Fbx Software Development Kit
NVD
EPSS 1% CVSS 8.2
HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Integer Overflow +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Openexr +10
NVD GitHub
Prev Page 18 of 31 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy