Total
3257 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5914 | 2 Libarchive, Redhat | 14 Libarchive, Confidential Compute Attestation, Enterprise Linux and 11 more | 2025-09-15 | 7.3 High |
| A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition. | ||||
| CVE-2025-54895 | 1 Microsoft | 5 Windows, Windows 10, Windows 11 and 2 more | 2025-09-15 | 7.8 High |
| Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54091 | 1 Microsoft | 6 Hyper-v, Windows, Windows 10 and 3 more | 2025-09-15 | 7.8 High |
| Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2023-38560 | 2 Artifex, Redhat | 2 Ghostscript, Enterprise Linux | 2025-09-12 | 5.5 Medium |
| An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format. | ||||
| CVE-2025-6035 | 2 Gimp, Redhat | 2 Gimp, Enterprise Linux | 2025-09-12 | 6.6 Medium |
| A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios. | ||||
| CVE-2025-54259 | 1 Adobe | 1 Substance 3d Modeler | 2025-09-12 | 7.8 High |
| Substance3D - Modeler versions 1.22.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is unchanged. | ||||
| CVE-2025-54110 | 2025-09-12 | 8.8 High | ||
| Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-54106 | 2025-09-12 | 8.8 High | ||
| Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-6021 | 1 Redhat | 11 Discovery, Enterprise Linux, Insights Proxy and 8 more | 2025-09-11 | 7.5 High |
| A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. | ||||
| CVE-2025-47712 | 2 Nbdkit Project, Redhat | 4 Nbdkit, Advanced Virtualization, Enterprise Linux and 1 more | 2025-09-10 | 4.3 Medium |
| A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service. | ||||
| CVE-2023-5869 | 2 Postgresql, Redhat | 27 Postgresql, Advanced Cluster Security, Codeready Linux Builder Eus and 24 more | 2025-09-10 | 8.8 High |
| A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory. | ||||
| CVE-2025-50166 | 1 Microsoft | 18 Distributed Transaction Coordinator, Windows 10 1507, Windows 10 1607 and 15 more | 2025-09-09 | 6.5 Medium |
| Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-21338 | 1 Microsoft | 16 Office, Windows 10 1507, Windows 10 1607 and 13 more | 2025-09-09 | 7.8 High |
| GDI+ Remote Code Execution Vulnerability | ||||
| CVE-2025-21172 | 4 Apple, Linux, Microsoft and 1 more | 9 Macos, Linux Kernel, .net and 6 more | 2025-09-09 | 7.5 High |
| .NET and Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2025-21382 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-09-09 | 7.8 High |
| Windows Graphics Component Elevation of Privilege Vulnerability | ||||
| CVE-2025-21244 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-09 | 8.8 High |
| Windows Telephony Service Remote Code Execution Vulnerability | ||||
| CVE-2025-21243 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-09 | 8.8 High |
| Windows Telephony Service Remote Code Execution Vulnerability | ||||
| CVE-2025-7709 | 1 Sqlite | 1 Sqlite | 2025-09-09 | N/A |
| An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds. | ||||
| CVE-2025-36853 | 1 Microsoft | 1 .net | 2025-09-09 | 7.5 High |
| A vulnerability (CVE-2025-21172) exists in msdia140.dll due to integer overflow and heap-based overflow. Per CWE-122: Heap-based Buffer Overflow, a heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). Per CWE-190: Integer Overflow or Wraparound, is when a product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry. | ||||
| CVE-2025-40906 | 2025-09-09 | 9.8 Critical | ||
| BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. BSON-XS was the official Perl XS implementation of MongoDB's BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported. | ||||