Total
2491 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44981 | 1 Linux | 1 Linux Kernel | 2024-09-05 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix UBSAN 'subtraction overflow' error in shift_and_mask() UBSAN reports the following 'subtraction overflow' error when booting in a virtual machine on Android: | Internal error: UBSAN: integer subtraction overflow: 00000000f2005515 [#1] PREEMPT SMP | Modules linked in: | CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-00006-g3cbe9e5abd46-dirty #4 | Hardware name: linux,dummy-virt (DT) | pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) | pc : cancel_delayed_work+0x34/0x44 | lr : cancel_delayed_work+0x2c/0x44 | sp : ffff80008002ba60 | x29: ffff80008002ba60 x28: 0000000000000000 x27: 0000000000000000 | x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 | x23: 0000000000000000 x22: 0000000000000000 x21: ffff1f65014cd3c0 | x20: ffffc0e84c9d0da0 x19: ffffc0e84cab3558 x18: ffff800080009058 | x17: 00000000247ee1f8 x16: 00000000247ee1f8 x15: 00000000bdcb279d | x14: 0000000000000001 x13: 0000000000000075 x12: 00000a0000000000 | x11: ffff1f6501499018 x10: 00984901651fffff x9 : ffff5e7cc35af000 | x8 : 0000000000000001 x7 : 3d4d455453595342 x6 : 000000004e514553 | x5 : ffff1f6501499265 x4 : ffff1f650ff60b10 x3 : 0000000000000620 | x2 : ffff80008002ba78 x1 : 0000000000000000 x0 : 0000000000000000 | Call trace: | cancel_delayed_work+0x34/0x44 | deferred_probe_extend_timeout+0x20/0x70 | driver_register+0xa8/0x110 | __platform_driver_register+0x28/0x3c | syscon_init+0x24/0x38 | do_one_initcall+0xe4/0x338 | do_initcall_level+0xac/0x178 | do_initcalls+0x5c/0xa0 | do_basic_setup+0x20/0x30 | kernel_init_freeable+0x8c/0xf8 | kernel_init+0x28/0x1b4 | ret_from_fork+0x10/0x20 | Code: f9000fbf 97fffa2f 39400268 37100048 (d42aa2a0) | ---[ end trace 0000000000000000 ]--- | Kernel panic - not syncing: UBSAN: integer subtraction overflow: Fatal exception This is due to shift_and_mask() using a signed immediate to construct the mask and being called with a shift of 31 (WORK_OFFQ_POOL_SHIFT) so that it ends up decrementing from INT_MIN. Use an unsigned constant '1U' to generate the mask in shift_and_mask(). | |||||
| CVE-2024-28044 | 1 Openatom | 1 Openharmony | 2024-09-04 | N/A | 5.5 MEDIUM |
| in OpenHarmony v4.1.0 and prior versions allow a local attacker cause crash through integer overflow. | |||||
| CVE-2024-33035 | 2024-09-03 | N/A | 8.4 HIGH | ||
| Memory corruption while calculating total metadata size when a very high reserved size is requested by gralloc clients. | |||||
| CVE-2024-7867 | 1 Xpdfreader | 1 Xpdf | 2024-08-28 | N/A | 6.2 MEDIUM |
| In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero. | |||||
| CVE-2024-30949 | 1 Newlib Project | 1 Newlib | 2024-08-21 | N/A | 9.8 CRITICAL |
| An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function. | |||||
| CVE-2024-41851 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-08-19 | N/A | 7.8 HIGH |
| InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-38144 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-08-16 | N/A | 8.8 HIGH |
| Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-38215 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2024-08-16 | N/A | 7.8 HIGH |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-38128 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-08-16 | N/A | 8.8 HIGH |
| Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | |||||
| CVE-2024-21844 | 2024-08-14 | N/A | 4.3 MEDIUM | ||
| Integer overflow in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2020-19715 | 2024-02-04 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-13110 Reason: This candidate is a duplicate of CVE-2019-13110. Notes: All CVE users should reference CVE-2019-13110 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||