Vulnerabilities > Numeric Errors

DATE CVE VULNERABILITY TITLE RISK
2019-08-14 CVE-2014-10375 Numeric Errors vulnerability in GNU Exosip 3.5.0/4.0.0/4.1.0
handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header.
network
low complexity
gnu CWE-189
7.5
2019-07-15 CVE-2019-1010294 Numeric Errors vulnerability in Linaro Op-Tee
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error.
network
low complexity
linaro CWE-189
7.5
2019-05-09 CVE-2019-11837 Numeric Errors vulnerability in F5 NJS
njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c.
network
low complexity
f5 CWE-189
7.5
2019-02-19 CVE-2019-5755 Numeric Errors vulnerability in multiple products
Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.
network
low complexity
google debian redhat fedoraproject CWE-189
8.1
2019-02-01 CVE-2019-7308 Numeric Errors vulnerability in multiple products
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.
local
high complexity
linux canonical opensuse CWE-189
5.6
2018-04-18 CVE-2016-10490 Numeric Errors vulnerability in Qualcomm products
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, if a negative value is passed as argument "max" to qurt_qdi_state_local_new_handle_from_obj, an buffer overflow occurs, due to typecasting the signed integer to unsigned.
network
low complexity
qualcomm CWE-189
critical
9.8
2018-02-27 CVE-2016-10714 Numeric Errors vulnerability in multiple products
In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.
network
low complexity
zsh canonical CWE-189
critical
9.8
2017-10-06 CVE-2015-2158 Numeric Errors vulnerability in Pngcrush Project Pngcrush
Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file.
local
low complexity
pngcrush-project CWE-189
7.8
2017-06-06 CVE-2016-9961 Numeric Errors vulnerability in multiple products
game-music-emu before 0.6.1 mishandles unspecified integer values.
9.8
2017-06-06 CVE-2014-9924 Numeric Errors vulnerability in Google Android
In 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error could potentially occur.
local
low complexity
google CWE-189
7.8