Total
3465 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40765 | 2025-01-09 | 9.8 Critical | ||
| An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload. | ||||
| CVE-2024-55656 | 2025-01-08 | 8.8 High | ||
| RedisBloom adds a set of probabilistic data structures to Redis. There is an integer overflow vulnerability in RedisBloom, which is a module used in Redis. The integer overflow vulnerability allows an attacker (a redis client which knows the password) to allocate memory in the heap lesser than the required memory due to wraparound. Then read and write can be performed beyond this allocated memory, leading to info leak and OOB write. The integer overflow is in CMS.INITBYDIM command, which initialize a Count-Min Sketch to dimensions specified by user. It accepts two values (width and depth) and uses them to allocate memory in NewCMSketch(). This vulnerability is fixed in 2.2.19, 2.4.12, 2.6.14, and 2.8.2. | ||||
| CVE-2024-51737 | 2025-01-08 | 7 High | ||
| RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an integer overflow, leading to heap overflow and potential remote code execution. This vulnerability is fixed in 2.6.24, 2.8.21, and 2.10.10. Avoid setting value of -1 or large values for configuration parameters MAXSEARCHRESULTS and MAXAGGREGATERESULTS, to avoid exploiting large LIMIT arguments. | ||||
| CVE-2024-51480 | 2025-01-08 | 7 High | ||
| RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This vulnerability is fixed in 1.6.20, 1.8.15, 1.10.15, and 1.12.3. | ||||
| CVE-2024-3757 | 1 Openatom | 1 Openharmony | 2025-01-02 | 3.3 Low |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker cause service crash through integer overflow. | ||||
| CVE-2024-7025 | 1 Google | 1 Chrome | 2025-01-02 | 8.8 High |
| Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-35644 | 1 Microsoft | 14 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 11 more | 2025-01-01 | 7.8 High |
| Windows Sysmain Service Elevation of Privilege Vulnerability | ||||
| CVE-2023-35632 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-01 | 7.8 High |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | ||||
| CVE-2023-35381 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-01-01 | 8.8 High |
| Windows Fax Service Remote Code Execution Vulnerability | ||||
| CVE-2023-36900 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2025-01-01 | 7.8 High |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||||
| CVE-2023-35364 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 8 more | 2025-01-01 | 8.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2023-35315 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 8 more | 2025-01-01 | 8.8 High |
| Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability | ||||
| CVE-2023-32051 | 1 Microsoft | 5 Raw Image Extension, Windows 10 21h2, Windows 10 22h2 and 2 more | 2025-01-01 | 7.8 High |
| Raw Image Extension Remote Code Execution Vulnerability | ||||
| CVE-2023-29369 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 2 more | 2025-01-01 | 6.5 Medium |
| Remote Procedure Call Runtime Denial of Service Vulnerability | ||||
| CVE-2023-24871 | 1 Microsoft | 11 Windows 10 20h2, Windows 10 20h2, Windows 10 21h2 and 8 more | 2025-01-01 | 8.8 High |
| Windows Bluetooth Service Remote Code Execution Vulnerability | ||||
| CVE-2023-24869 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2025-01-01 | 8.1 High |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | ||||
| CVE-2023-24908 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2025-01-01 | 8.1 High |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | ||||
| CVE-2023-23417 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 12 more | 2025-01-01 | 7.8 High |
| Windows Partition Management Driver Elevation of Privilege Vulnerability | ||||
| CVE-2023-23410 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2025-01-01 | 7.8 High |
| Windows HTTP.sys Elevation of Privilege Vulnerability | ||||
| CVE-2023-23405 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2025-01-01 | 8.1 High |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | ||||