CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 1CVE-2022-38725 – Debian Security Advisory 5369-1
https://notcve.org/view.php?id=CVE-2022-38725
23 Jan 2023 — An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected. ... It was discovered that an integer overflow in the RFC3164 parser of syslog-ng, a system logging daemon, may result in denial of service via malformed syslog messages. • https://github.com/wdahlenburg/CVE-2022-38725 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31631 – PDO::quote() may return unquoted string
https://notcve.org/view.php?id=CVE-2022-31631
23 Jan 2023 — This issue occurs due to an uncaught integer overflow in PDO::quote() of PDO_SQLite returning an improperly quoted string. • https://bugs.php.net/bug.php?id=81740 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-35977 – Integer overflow in certain command arguments can drive Redis to OOM panic
https://notcve.org/view.php?id=CVE-2022-35977
20 Jan 2023 — Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. ... This flaw allows authenticated users to issue specially crafted `SETRANGE` and `SORT(_RO)` commands to trigger an integer overflow, resulting in Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. • https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22458 – Integer overflow in multiple Redis commands can lead to denial-of-service
https://notcve.org/view.php?id=CVE-2023-22458
20 Jan 2023 — Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-23144 – Debian Security Advisory 5411-1
https://notcve.org/view.php?id=CVE-2023-23144
20 Jan 2023 — Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master. • https://github.com/gpac/gpac/commit/3a2458a49b3e6399709d456d7b35e7a6f50cfb86 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24021 – modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass
https://notcve.org/view.php?id=CVE-2023-24021
20 Jan 2023 — Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities. • https://github.com/SpiderLabs/ModSecurity/pull/2857 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48279 – mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass
https://notcve.org/view.php?id=CVE-2022-48279
20 Jan 2023 — Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities. • https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves • CWE-436: Interpretation Conflict CWE-1389: Incorrect Parsing of Numbers with Different Radices •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 18CVE-2023-22809 – sudo 1.8.0 to 1.9.12p1 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-22809
18 Jan 2023 — Issues addressed include code execution and integer overflow vulnerabilities. • https://packetstorm.news/files/id/172509 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-21579 – Adobe Acrobat Reader DC Font Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21579
18 Jan 2023 — Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. ... The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. • https://helpx.adobe.com/security/products/acrobat/apsb23-01.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 2%CPEs: 10EXPL: 0CVE-2022-23521 – gitattributes parsing integer overflow in git
https://notcve.org/view.php?id=CVE-2022-23521
17 Jan 2023 — When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. ... This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. ... When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path pat... • https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76 • CWE-190: Integer Overflow or Wraparound •