CVSS: 10.0EPSS: 8%CPEs: 1EXPL: 0CVE-2022-24963 – Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions
https://notcve.org/view.php?id=CVE-2022-24963
31 Jan 2023 — Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0. ... • https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0512 – Divide By Zero in vim/vim
https://notcve.org/view.php?id=CVE-2023-0512
26 Jan 2023 — Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. macOS Ventura 13.3 addresses buffer overflow, bypass, code execution, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • http://seclists.org/fulldisclosure/2023/Mar/17 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2023-0469 – Ubuntu Security Notice USN-5914-1
https://notcve.org/view.php?id=CVE-2023-0469
25 Jan 2023 — A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service. Se encontró una falla de use-after-free en io_uring/filetable.c en io_install_fixed_file en el subcomponente io_uring en el kernel de Linux durante la limpieza de llamadas. Este defecto puede dar lugar a una denegación de servicio. It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not ... • https://bugzilla.redhat.com/show_bug.cgi?id=2163723 • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 3CVE-2023-0179 – kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan
https://notcve.org/view.php?id=CVE-2023-0179
24 Jan 2023 — A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. It was discov... • https://github.com/TurtleARM/CVE-2023-0179-PoC • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.9EPSS: 0%CPEs: 6EXPL: 1CVE-2023-0266 – Linux Kernel Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2023-0266
24 Jan 2023 — Issues addressed include heap overflow and integer overflow vulnerabilities. • https://github.com/SeanHeelan/claude_opus_cve_2023_0266 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 1CVE-2022-38725 – Debian Security Advisory 5369-1
https://notcve.org/view.php?id=CVE-2022-38725
23 Jan 2023 — An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected. ... It was discovered that an integer overflow in the RFC3164 parser of syslog-ng, a system logging daemon, may result in denial of service via malformed syslog messages. • https://github.com/wdahlenburg/CVE-2022-38725 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31631 – PDO::quote() may return unquoted string
https://notcve.org/view.php?id=CVE-2022-31631
23 Jan 2023 — This issue occurs due to an uncaught integer overflow in PDO::quote() of PDO_SQLite returning an improperly quoted string. • https://bugs.php.net/bug.php?id=81740 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-35977 – Integer overflow in certain command arguments can drive Redis to OOM panic
https://notcve.org/view.php?id=CVE-2022-35977
20 Jan 2023 — Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. ... This flaw allows authenticated users to issue specially crafted `SETRANGE` and `SORT(_RO)` commands to trigger an integer overflow, resulting in Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. • https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-22458 – Integer overflow in multiple Redis commands can lead to denial-of-service
https://notcve.org/view.php?id=CVE-2023-22458
20 Jan 2023 — Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-23144 – Debian Security Advisory 5411-1
https://notcve.org/view.php?id=CVE-2023-23144
20 Jan 2023 — Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master. • https://github.com/gpac/gpac/commit/3a2458a49b3e6399709d456d7b35e7a6f50cfb86 • CWE-190: Integer Overflow or Wraparound •