CVSS: 10.0EPSS: 5%CPEs: 15EXPL: 1CVE-2022-37454 – XKCP: buffer overflow in the SHA-3 reference implementation
https://notcve.org/view.php?id=CVE-2022-37454
21 Oct 2022 — The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. • https://csrc.nist.gov/projects/hash-functions/sha-3-project • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 546EXPL: 0CVE-2022-25748
https://notcve.org/view.php?id=CVE-2022-25748
19 Oct 2022 — Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. • https://www.qualcomm.com/company/product-security/bulletins/october-2022-bulletin • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-39425 – Oracle VirtualBox VRDP Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-39425
18 Oct 2022 — The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. • https://github.com/bob11vrdp/CVE-2022-39425 • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 2CVE-2022-3515 – GnuPG libksba CRL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-3515
17 Oct 2022 — A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. ... Issues addressed include bypass, code execution, integer overflow, memory leak, and use-after-free vulnerabilities. • https://access.redhat.com/security/cve/CVE-2022-3515 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3165 – QEMU: VNC: integer underflow in vnc_client_cut_text_ext leads to CPU exhaustion
https://notcve.org/view.php?id=CVE-2022-3165
17 Oct 2022 — An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. ... Un cliente malicioso podría usar este fallo para hacer que QEMU no responda mediante el envío de un mensaje de carga útil especialmente diseñado, resultando en una denegación de servicio An integer underflow issue was found in the QEMU built-in VNC server while processing ClientCutText messages in the extended format. • https://gitlab.com/qemu-project/qemu/-/commit/d307040b18 • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2022-39105
https://notcve.org/view.php?id=CVE-2022-39105
14 Oct 2022 — In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. En sensor driver, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una denegación de servicio local en el kernel • https://www.unisoc.com/en_us/secy/announcementDetail/1575654905820020738 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39293 – Azure RTOS USBX Host PIMA vulnerable to read integer underflow with buffer overflow
https://notcve.org/view.php?id=CVE-2022-39293
13 Oct 2022 — Azure RTOS USBX is a high-performance USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. The case is, in [_ux_host_class_pima_read](https://github.com/azure-rtos/usbx/blob/master/common/usbx_host_classes/src/ux_host_class_pima_read.c), there is data length from device response, returned in the very first packet, and read by [L165 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_cla... • https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 4.9EPSS: 0%CPEs: 134EXPL: 0CVE-2022-22078
https://notcve.org/view.php?id=CVE-2022-22078
12 Oct 2022 — Denial of service in BOOT when partition size for a particular partition is requested due to integer overflow when blocks are calculated in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables Una denegación de servicio en BOOT cuando es solicitado el tamaño de una partición particular debido a un desbordamiento de enteros cuando son calculados los bloques en Snapdragon Auto, Snapdragon Compute... • https://www.qualcomm.com/company/product-security/bulletins/october-2022-bulletin • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20423
https://notcve.org/view.php?id=CVE-2022-20423
11 Oct 2022 — In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. • https://source.android.com/security/bulletin/2022-10-01 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35289
https://notcve.org/view.php?id=CVE-2022-35289
11 Oct 2022 — A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. • https://github.com/facebook/hermes/commit/5b6255ae049fa4641791e47fad994e8e8c4da374 • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •