Total
247 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0185 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2024-09-04 | 7.2 HIGH | 8.4 HIGH |
| A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system. | |||||
| CVE-2023-38427 | 1 Linux | 1 Linux Kernel | 2024-08-27 | N/A | 9.8 CRITICAL |
| An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts. | |||||
| CVE-2024-38063 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-08-16 | N/A | 9.8 CRITICAL |
| Windows TCP/IP Remote Code Execution Vulnerability | |||||
| CVE-2024-24474 | 2024-08-15 | N/A | 8.8 HIGH | ||
| QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len. | |||||
| CVE-2021-31956 | 1 Microsoft | 17 Windows 10, Windows 10 1507, Windows 10 1607 and 14 more | 2024-07-29 | 9.3 HIGH | 7.8 HIGH |
| Windows NTFS Elevation of Privilege Vulnerability | |||||
| CVE-2024-37981 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-07-16 | N/A | 8.0 HIGH |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-37974 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-07-16 | N/A | 8.0 HIGH |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-37975 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-07-16 | N/A | 8.0 HIGH |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-37986 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-07-12 | N/A | 8.0 HIGH |
| Secure Boot Security Feature Bypass Vulnerability | |||||
| CVE-2024-38074 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-07-12 | N/A | 9.8 CRITICAL |
| Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | |||||
| CVE-2024-38050 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-07-11 | N/A | 7.8 HIGH |
| Windows Workstation Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-38517 | 2024-07-11 | N/A | 7.8 HIGH | ||
| Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege. | |||||
| CVE-2024-21466 | 1 Qualcomm | 128 Fastconnect 7800, Fastconnect 7800 Firmware, Immersive Home 3210 Platform and 125 more | 2024-07-02 | N/A | 7.5 HIGH |
| Information disclosure while parsing sub-IE length during new IE generation. | |||||
| CVE-2024-6285 | 1 Renesas | 1 Rcar Gen3 | 2024-06-26 | N/A | 6.7 MEDIUM |
| Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware. An integer underflow in image range check calculations could lead to bypassing address restrictions and loading of images to unallowed addresses. | |||||
| CVE-2024-30070 | 1 Microsoft | 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 | 2024-06-24 | N/A | 7.5 HIGH |
| DHCP Server Service Denial of Service Vulnerability | |||||
| CVE-2024-32975 | 1 Envoyproxy | 1 Envoy | 2024-06-12 | N/A | 7.5 HIGH |
| Envoy is a cloud-native, open source edge and service proxy. There is a crash at `QuicheDataReader::PeekVarInt62Length()`. It is caused by integer underflow in the `QuicStreamSequencerBuffer::PeekRegion()` implementation. | |||||
| CVE-2024-32040 | 2024-06-10 | N/A | 8.1 HIGH | ||
| FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`). | |||||
| CVE-2023-24911 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 8 more | 2024-05-29 | N/A | 4.3 MEDIUM |
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | |||||
| CVE-2023-24864 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-05-29 | N/A | 8.8 HIGH |
| Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability | |||||
| CVE-2023-21708 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-05-29 | N/A | 9.8 CRITICAL |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | |||||