Search Results (4966 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-53159 1 Linux 1 Linux Kernel 2026-07-18 8.8 High
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix DMA address corruption due to find_vma misuse fastrpc_get_args() uses find_vma() to look up the VMA for a user-provided pointer and compute a DMA address offset. When the address falls in a gap before the returned VMA, (ptr & PAGE_MASK) - vma->vm_start underflows, corrupting the DMA address sent to the DSP. Replace find_vma() with vma_lookup(), which returns NULL when the address is not contained within any VMA.
CVE-2026-34963 2 Barebox, Pengutronix 2 Barebox, Barebox 2026-07-18 8.4 High
barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section loading logic fails to validate that PointerToRawData plus copied size remains within the PE file buffer. An attacker can supply a malicious EFI PE binary via TFTP, USB, SD card, or network boot to trigger heap buffer overflow or out-of-bounds read from heap memory, potentially achieving code execution in bootloader context.
CVE-2026-55254 2026-07-17 4.8 Medium
NCalc is a fast, lightweight expression evaluator for .NET. Prior to 6.1.1, the factorial operator implementation in src/NCalc.Core/Helpers/MathHelper.cs permits specially crafted expressions with extremely large factorial operands, causing excessive CPU consumption or a non-terminating loop due to integer overflow in the factorial calculation logic when applications evaluate untrusted expressions. This issue is fixed in version 6.1.1.
CVE-2026-44251 1 Wazuh 1 Wazuh 2026-07-17 6.5 Medium
Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 3.0.0 and above, prior to 4.14.5, a size_t integer underflow in os_crypto/shared/msgs.c:389 allows any enrolled Wazuh agent to crash the wazuh-remoted process on the manager, immediately disconnecting all agents from the manager. A second code path reached by the same underflow may allow heap memory corruption. This issue has been fixed in version 4.14.5.
CVE-2026-58317 2026-07-17 N/A
Unsigned to Signed Conversion Error (CWE-196) vulnerability exists in TTSSH2 plugin of Tera Term provided by TeraTerm Project. When Tera Term attempts to establish an SSH connection to a server set up by an attacker, out-of-bounds read/write may occur. As a result, the contents of adjacent memory regions may be transmitted to the server, and Tera Term may behave unexpected or terminate abnormally.
CVE-2026-59117 1 Microsoft 1 Terminal 2026-07-17 7.5 High
Integer overflow or wraparound in Windows Terminal allows an unauthorized attacker to execute code over a network.
CVE-2026-53482 1 Dell 1 Powerprotect Data Domain 2026-07-17 7.5 High
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
CVE-2026-15108 1 Google 1 Chrome 2026-07-17 4.3 Medium
Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. (Chromium security severity: High)
CVE-2026-51536 1 Eipstackgroup 1 Opener 2026-07-17 9.1 Critical
In OpENer 2.3.0 (commit 76b95cf) when parsing incoming CIP (Common Industrial Protocol) network packets, the length parameter is inconsistently typed across the call stack. Specifically, an upstream length calculated as an int is passed to a downstream function that expects an EipInt16 (a 16-bit signed integer). If a maliciously crafted packet with specific length fields is processed, the length parameter can overflow or be truncated into a negative value. This negative length bypasses subsequent bounds checking (due to signed/unsigned comparison issues) and is ultimately used in memory operations, leading to a Stack Buffer Overflow when reading data in DecodePaddedEPath.
CVE-2026-7162 1 Winfsp 1 Winfsp 2026-07-17 7.8 High
Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software.
CVE-2026-10649 2 Clusterlabs, Redhat 7 Pacemaker, Enterprise Linux, Enterprise Linux Eus and 4 more 2026-07-17 8.6 High
A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption, leading to a denial of service (DoS) in the CIB remote listener. This can result in the affected service crashing.
CVE-2026-51540 1 Eipstackgroup 1 Opener 2026-07-16 9.8 Critical
OpENer 2.3.0 (master branch up to commit 76b95cf) is vulnerable to a severe memory corruption issue caused by an integer underflow in the processing of connected explicit messages (SendUnitData).
CVE-2026-50300 1 Microsoft 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more 2026-07-16 5.5 Medium
Integer underflow (wrap or wraparound) in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-55026 1 Microsoft 11 365 Apps, Office 2016, Office 2019 and 8 more 2026-07-16 6.2 Medium
Integer overflow or wraparound in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-58380 2 Gnome, Redhat 2 Gimp, Enterprise Linux 2026-07-16 7.3 High
A flaw was found in GIMP's PNM file format parser. When parsing a specially crafted PNM file, the pnmscanner_gettoken() function writes a null terminator one byte past the end of a stack-allocated buffer due to an off-by-one error in the loop boundary check. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.
CVE-2026-50497 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-16 6.5 Medium
Off-by-one error in Windows Remote Desktop Protocol allows an unauthorized attacker to disclose information over a network.
CVE-2026-58384 2 Gnu, Redhat 2 Gimp, Enterprise Linux 2026-07-16 7.3 High
A flaw was found in GIMP's PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap allocation for the RLE row-length table, after which subsequent per-row writes corrupt heap memory. This could lead to memory corruption, potentially resulting in denial of service or arbitrary code execution.
CVE-2026-40954 2026-07-16 N/A
CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client
CVE-2026-40955 2026-07-16 N/A
CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client.
CVE-2026-0128 1 Google 1 Android 2026-07-16 3.5 Low
In RtcpFbPacket::decodeRtcpFbPacket, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.