Total
3349 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2376 | 2 Redhat, Ruby-lang | 3 Enterprise Linux, Fedora 8, Ruby | 2025-04-09 | N/A |
| Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows. | ||||
| CVE-2008-2237 | 2 Openoffice, Redhat | 2 Openoffice.org, Enterprise Linux | 2025-04-09 | N/A |
| Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document. | ||||
| CVE-2009-2347 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2025-04-09 | N/A |
| Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr. | ||||
| CVE-2009-3909 | 2 Gimp, Redhat | 2 Gimp, Enterprise Linux | 2025-04-09 | N/A |
| Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow. | ||||
| CVE-2009-1882 | 2 Imagemagick, Redhat | 2 Imagemagick, Enterprise Linux | 2025-04-09 | N/A |
| Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-1687 | 2 Apple, Redhat | 2 Safari, Enterprise Linux | 2025-04-09 | N/A |
| The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer." | ||||
| CVE-2007-4769 | 3 Postgresql, Redhat, Tcl Tk | 4 Postgresql, Enterprise Linux, Rhel Application Stack and 1 more | 2025-04-09 | N/A |
| The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (backend crash) via an out-of-bounds backref number. | ||||
| CVE-2007-0221 | 1 Microsoft | 1 Exchange Server | 2025-04-09 | N/A |
| Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability." | ||||
| CVE-2022-3515 | 3 Gnupg, Gpg4win, Redhat | 10 Gnupg, Libksba, Vs-desktop and 7 more | 2025-04-08 | 9.8 Critical |
| A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment. | ||||
| CVE-2023-29364 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-04-08 | 7 High |
| Windows Authentication Elevation of Privilege Vulnerability | ||||
| CVE-2023-22895 | 1 Bzip2 Project | 1 Bzip2 | 2025-04-07 | 7.5 High |
| The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product. | ||||
| CVE-2022-1812 | 1 Publify Project | 1 Publify | 2025-04-07 | 9.8 Critical |
| Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10. | ||||
| CVE-2024-36328 | 2025-04-07 | 7.3 High | ||
| Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of integrity or availability. | ||||
| CVE-2024-36336 | 2025-04-07 | 7.9 High | ||
| Integer overflow within the AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to a loss of confidentiality, integrity, or availability. | ||||
| CVE-2024-36337 | 2025-04-07 | 7.9 High | ||
| Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of confidentiality, integrity or availability. | ||||
| CVE-2023-23144 | 1 Gpac | 1 Gpac | 2025-04-03 | 5.5 Medium |
| Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master. | ||||
| CVE-2022-38725 | 1 Oneidentity | 2 Syslog-ng, Syslog-ng Store Box | 2025-04-03 | 7.5 High |
| An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected. | ||||
| CVE-2005-2976 | 2 Gnome, Redhat | 3 Gdkpixbuf, Gtk, Enterprise Linux | 2025-04-03 | N/A |
| Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186. | ||||
| CVE-2004-0657 | 2 Hp, Ntp | 2 Tru64 Unix, Ntp | 2025-04-03 | 7.1 High |
| Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time. | ||||
| CVE-2006-4192 | 2 Modplug, Redhat | 2 Tracker, Enterprise Linux | 2025-04-03 | N/A |
| Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files. | ||||