| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability. |
| An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability. |
| The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. |
| An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data. |
| Windows MapUrlToZone Denial of Service Vulnerability |
| Windows Graphics Component Elevation of Privilege Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft Digest Authentication Remote Code Execution Vulnerability |
| Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. |
| Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. |
| Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network. |
| Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally. |
| Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally. |
| Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally. |
| Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally. |
| Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose information over an adjacent network. |
| Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally. |
| Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network. |
| A signed integer overflow in docopt.cpp v0.6.2 (LeafPattern::match in docopt_private.h) when merging occurrence counters (e.g., default LONG_MAX + first user "-v/--verbose") can cause counter wrap (negative/unbounded semantics) and lead to logic/policy bypass in applications that rely on occurrence-based limits, rate-gating, or safety toggles. In hardened builds (e.g., UBSan or -ftrapv), the overflow may also result in process abort (DoS). |
