CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 1CVE-2022-41903 – Integer overflow in `git archive`, `git log --format` leading to RCE in git
https://notcve.org/view.php?id=CVE-2022-41903
17 Jan 2023 — When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. ... This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. ... This issue occurs due to an integer overflow in `pretty.c::format_and_pad_commit()`, where a `size_t` is stored improperly as an `int`, and then added as a... • https://github.com/sondermc/git-cveissues • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37436 – Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting
https://notcve.org/view.php?id=CVE-2022-37436
17 Jan 2023 — Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities. • https://httpd.apache.org/security/vulnerabilities_24.html • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') CWE-436: Interpretation Conflict •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 0CVE-2022-36760 – Apache HTTP Server: mod_proxy_ajp Possible request smuggling
https://notcve.org/view.php?id=CVE-2022-36760
17 Jan 2023 — Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities. • https://httpd.apache.org/security/vulnerabilities_24.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1812 – Integer Overflow or Wraparound in publify/publify
https://notcve.org/view.php?id=CVE-2022-1812
14 Jan 2023 — Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10. Desbordamiento de enteros o Wraparound en el repositorio de GitHub publify/publify antes de 9.2.10. • https://github.com/publify/publify/commit/29a5837c29620e33857d7a5afce01384e3f8e41a • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-23559 – Ubuntu Security Notice USN-5924-1
https://notcve.org/view.php?id=CVE-2023-23559
13 Jan 2023 — In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b870e73a56c4cccbec33224233eaf295839f228c • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40983
https://notcve.org/view.php?id=CVE-2022-40983
12 Jan 2023 — An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1617 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2022-4139 – kernel: i915: Incorrect GPU TLB flush can lead to random memory access
https://notcve.org/view.php?id=CVE-2022-4139
12 Jan 2023 — Issues addressed include code execution and integer overflow vulnerabilities. • https://bugzilla.redhat.com/show_bug.cgi?id=2147572 • CWE-281: Improper Preservation of Permissions CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 208EXPL: 0CVE-2021-26346
https://notcve.org/view.php?id=CVE-2021-26346
10 Jan 2023 — Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1031 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2022-4338 – openvswitch: Integer Underflow in Organization Specific TLV
https://notcve.org/view.php?id=CVE-2022-4338
10 Jan 2023 — An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. ... If LLDP processing is enabled for a specific port, crafted LLDP packets could cause a data underflow. • https://github.com/openvswitch/ovs/pull/405 • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2023-21765 – Windows Print Spooler Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2023-21765
10 Jan 2023 — Windows Print Spooler Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios en la cola de impresión de Windows • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21765 • CWE-190: Integer Overflow or Wraparound •