Total
3349 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-7458 | 1 Sqlite | 1 Sqlite | 2025-08-11 | 9.1 Critical |
| An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a large number of expressions in the ORDER BY clause. | ||||
| CVE-2023-33022 | 1 Qualcomm | 424 315 5g Iot Modem, 315 5g Iot Modem Firmware, Apq5053-aa and 421 more | 2025-08-11 | 8.4 High |
| Memory corruption in HLOS while invoking IOCTL calls from user-space. | ||||
| CVE-2023-33018 | 1 Qualcomm | 527 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8098 and 524 more | 2025-08-11 | 7.8 High |
| Memory corruption while using the UIM diag command to get the operators name. | ||||
| CVE-2023-22667 | 1 Qualcomm | 411 205, 205 Firmware, 215 and 408 more | 2025-08-11 | 8.4 High |
| Memory Corruption in Audio while allocating the ion buffer during the music playback. | ||||
| CVE-2023-28588 | 1 Qualcomm | 428 Apq8017, Apq8017 Firmware, Apq8064au and 425 more | 2025-08-11 | 7.5 High |
| Transient DOS in Bluetooth Host while rfc slot allocation. | ||||
| CVE-2023-43550 | 1 Qualcomm | 270 Ar8035, Ar8035 Firmware, Csra6620 and 267 more | 2025-08-11 | 7.8 High |
| Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem. | ||||
| CVE-2023-43530 | 1 Qualcomm | 316 Aqt1000, Aqt1000 Firmware, Ar8035 and 313 more | 2025-08-11 | 5.9 Medium |
| Memory corruption in HLOS while checking for the storage type. | ||||
| CVE-2024-22861 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-11 | 7.5 High |
| Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. | ||||
| CVE-2024-22862 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-11 | 9.8 Critical |
| Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. | ||||
| CVE-2024-22860 | 1 Ffmpeg | 1 Ffmpeg | 2025-08-11 | 9.8 Critical |
| Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. | ||||
| CVE-2023-41185 | 1 Unified-automation | 1 Uagateway | 2025-08-08 | 7.5 High |
| Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of client certificates. When parsing the certificate length field, the process does not properly validate user-supplied data, which can result in an integer overflow. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20353. | ||||
| CVE-2025-2023 | 1 Ashlar | 1 Cobalt | 2025-08-08 | N/A |
| Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of LI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25348. | ||||
| CVE-2025-2021 | 1 Ashlar | 1 Cobalt | 2025-08-08 | N/A |
| Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25264. | ||||
| CVE-2023-42118 | 2 Exim, Libspf2 Project | 3 Exim, Libspf2, Libspf2 | 2025-08-07 | 8.8 High |
| Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-17578. | ||||
| CVE-2023-53156 | 1 Ejmahler | 1 Transpose | 2025-08-07 | 4.5 Medium |
| The transpose crate before 0.2.3 for Rust allows an integer overflow via input_width and input_height arguments. | ||||
| CVE-2024-58263 | 1 Cosmwasm | 2 Cosmwasm, Cosmwasm-std | 2025-08-07 | 3.7 Low |
| The cosmwasm-std crate before 2.0.2 for Rust allows integer overflows that cause incorrect contract calculations. | ||||
| CVE-2025-0838 | 2 Abseil, Debian | 2 Common Libraries, Debian Linux | 2025-07-30 | 9.8 Critical |
| There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the container's backing store, and a subsequent out-of-bounds memory write. Subsequent accesses to the container might also access out-of-bounds memory. We recommend upgrading past commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1 | ||||
| CVE-2014-9192 | 1 Trihedral | 1 Vtscada | 2025-07-25 | N/A |
| Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation. | ||||
| CVE-2025-47268 | 2 Iputils Project, Redhat | 2 Iputils, Enterprise Linux | 2025-07-23 | 6.5 Medium |
| ping in iputils before 20250602 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication. | ||||
| CVE-2024-5197 | 3 Debian, Redhat, Webmproject | 3 Debian Linux, Enterprise Linux, Libvpx | 2025-07-22 | 9.1 Critical |
| There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond | ||||