CWE:
 

Topic
Date
Author
Med.
MiniUPnP MiniUPnPc < 2.0 Remote Denial of Service
12.01.2018
tintinweb
Med.
Windows Kernel win32k.sys Integer Overflow (MS13-101)
12.12.2013
CORE
High
Apache 1.3.41 mod_proxy Integer overflow (code execution)
29.01.2010
Adam Zabrocki
Med.
Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability
11.12.2009
ZDI


CVEMAP Search Results

CVE
Details
Description
2018-01-03
Medium
CVE-2017-1000470

Vendor: Embedthis
Software: Goahead web ...
 

 
EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service.

 
2018-01-02
Medium
CVE-2017-1000422

Vendor: Gnome
Software: Gdk-pixbuf
 

 
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution

 
Medium
CVE-2017-1000450

Vendor: Opencv
Software: Opencv
 

 
In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.

 
2017-12-27
Medium
CVE-2017-17863

Vendor: Debian
Software: Debian linux
 

 
kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact.

 
Medium
CVE-2017-17854

Vendor: Debian
Software: Debian linux
 

 
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.

 
2017-12-21
High
CVE-2017-17409

Updating...
 

 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x10A in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5102.

 
High
CVE-2017-17408

Vendor: Bitdefender
Software: Internet sec...
 

 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5101.

 
2017-12-05
High
CVE-2017-11043

Vendor: Google
Software: Android
 

 
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a WiFI driver function, an integer overflow leading to heap buffer overflow may potentially occur.

 
Medium
CVE-2017-17426

Vendor: GNU
Software: Glibc
 

 
The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.

 
2017-12-04
Medium
CVE-2017-17122

Vendor: GNU
Software: Binutils
 

 
The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top