| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Integer overflow or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. (Chromium security severity: High) |
| Integer overflow or wraparound in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. |
| CAI Content Credentials is affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. |
| CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. |
| GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the html_quote_string() function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted HTML attribute with a large number of characters requiring entity encoding. A server-supplied HTML attribute causes a signed integer counter to overflow during output size accumulation, resulting in an undersized heap allocation and subsequent heap buffer overflow during the copy phase. |
| GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parse_content_range() function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigger undefined behavior and download desynchronization in the affected client. |
| Integer overflow or wraparound in Windows Remote Access Service Infrastructure allows an authorized attacker to elevate privileges over a network. |
| Integer overflow or wraparound in Windows NTFS allows an authorized attacker to elevate privileges locally. |
| Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability |
| Heap-based buffer overflow in Windows Data dll allows an unauthorized attacker to execute code locally. |
| Use after free in Windows TCP/IP allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| Numeric truncation error in Microsoft Office Word allows an unauthorized attacker to disclose information locally. |
| Integer overflow or wraparound in Windows Storage Spaces Direct allows an unauthorized attacker to elevate privileges with a physical attack. |
| Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges over a network. |
| Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcp_rx_state_machine() function (net/tcp.c) that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payload_len to become negative. When the TCP_SYN_SENT handler calls tcp_rx_user_data() without invoking tcp_seg_in_wnd() validation, the negative payload_len is implicitly converted to a large unsigned integer (e.g., 0xFFFFFFD8) and passed to memcpy() in store_block(), causing an immediate crash that prevents device boot and may enable memory corruption when CONFIG_LMB is disabled. |
| Integer underflow (wrap or wraparound) in Microsoft Defender allows an unauthorized attacker to execute code locally. |