CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24021 – modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass
https://notcve.org/view.php?id=CVE-2023-24021
20 Jan 2023 — Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities. • https://github.com/SpiderLabs/ModSecurity/pull/2857 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48279 – mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass
https://notcve.org/view.php?id=CVE-2022-48279
20 Jan 2023 — Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities. • https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves • CWE-436: Interpretation Conflict CWE-1389: Incorrect Parsing of Numbers with Different Radices •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 18CVE-2023-22809 – sudo 1.8.0 to 1.9.12p1 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-22809
18 Jan 2023 — Issues addressed include code execution and integer overflow vulnerabilities. • https://packetstorm.news/files/id/172509 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-21579 – Adobe Acrobat Reader DC Font Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21579
18 Jan 2023 — Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. ... The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. • https://helpx.adobe.com/security/products/acrobat/apsb23-01.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 2%CPEs: 10EXPL: 0CVE-2022-23521 – gitattributes parsing integer overflow in git
https://notcve.org/view.php?id=CVE-2022-23521
17 Jan 2023 — When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. ... This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. ... When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path pat... • https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 1CVE-2022-41903 – Integer overflow in `git archive`, `git log --format` leading to RCE in git
https://notcve.org/view.php?id=CVE-2022-41903
17 Jan 2023 — When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. ... This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. ... This issue occurs due to an integer overflow in `pretty.c::format_and_pad_commit()`, where a `size_t` is stored improperly as an `int`, and then added as a... • https://github.com/sondermc/git-cveissues • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37436 – Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting
https://notcve.org/view.php?id=CVE-2022-37436
17 Jan 2023 — Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities. • https://httpd.apache.org/security/vulnerabilities_24.html • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') CWE-436: Interpretation Conflict •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 0CVE-2022-36760 – Apache HTTP Server: mod_proxy_ajp Possible request smuggling
https://notcve.org/view.php?id=CVE-2022-36760
17 Jan 2023 — Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities. • https://httpd.apache.org/security/vulnerabilities_24.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1812 – Integer Overflow or Wraparound in publify/publify
https://notcve.org/view.php?id=CVE-2022-1812
14 Jan 2023 — Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10. Desbordamiento de enteros o Wraparound en el repositorio de GitHub publify/publify antes de 9.2.10. • https://github.com/publify/publify/commit/29a5837c29620e33857d7a5afce01384e3f8e41a • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-23559 – Ubuntu Security Notice USN-5924-1
https://notcve.org/view.php?id=CVE-2023-23559
13 Jan 2023 — In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b870e73a56c4cccbec33224233eaf295839f228c • CWE-190: Integer Overflow or Wraparound •