Vulnerabilities > Numeric Errors
|2019-08-14||CVE-2014-10375|| Numeric Errors vulnerability in GNU Exosip 3.5.0/4.0.0/4.1.0 |
handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header.
| 5.0 |
|2019-08-07||CVE-2019-14763|| Numeric Errors vulnerability in Linux Kernel |
In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid.
| 4.9 |
|2019-07-15||CVE-2019-1010294|| Numeric Errors vulnerability in Linaro Op-Tee |
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error.
| 5.0 |
|2019-05-09||CVE-2019-11837|| Numeric Errors vulnerability in Nginx NJS |
njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c.
| 5.0 |
|2019-02-19||CVE-2019-5755|| Numeric Errors vulnerability in Google Chrome |
Incorrect handling of negative zero in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.
| 5.8 |
|2019-02-01||CVE-2019-7308|| Numeric Errors vulnerability in Linux Kernel |
kernel/bpf/verifier.c in the Linux kernel before 4.20.6 performs undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks.
| 4.7 |
|2018-04-18||CVE-2016-10490|| Numeric Errors vulnerability in Qualcomm products |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, if a negative value is passed as argument "max" to qurt_qdi_state_local_new_handle_from_obj, an buffer overflow occurs, due to typecasting the signed integer to unsigned.
| 10.0 |
|2018-02-27||CVE-2016-10714|| Numeric Errors vulnerability in multiple products |
In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.
| 7.5 |
|2017-10-06||CVE-2015-2158|| Numeric Errors vulnerability in Pngcrush Project Pngcrush |
Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file.
| 6.8 |
|2017-06-06||CVE-2016-9961|| Numeric Errors vulnerability in multiple products |
game-music-emu before 0.6.1 mishandles unspecified integer values.
| 10.0 |