CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 1CVE-2022-40304 – libxml2: dict corruption caused by entity reference cycles
https://notcve.org/view.php?id=CVE-2022-40304
01 Nov 2022 — Issues addressed include buffer over-read, buffer overflow, bypass, code execution, denial of service, double free, integer overflow, out of bounds read, and use-after-free vulnerabilities. • https://packetstorm.news/files/id/169824 • CWE-415: Double Free •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 1CVE-2022-32221 – curl: POST following PUT confusion
https://notcve.org/view.php?id=CVE-2022-32221
27 Oct 2022 — Issues addressed include buffer over-read, buffer overflow, bypass, code execution, denial of service, double free, integer overflow, out of bounds read, and use-after-free vulnerabilities. • http://seclists.org/fulldisclosure/2023/Jan/19 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-440: Expected Behavior Violation CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.1EPSS: 1%CPEs: 18EXPL: 0CVE-2022-42915 – curl: HTTP proxy double-free
https://notcve.org/view.php?id=CVE-2022-42915
27 Oct 2022 — Issues addressed include buffer over-read, buffer overflow, bypass, code execution, denial of service, double free, integer overflow, out of bounds read, and use-after-free vulnerabilities. • http://seclists.org/fulldisclosure/2023/Jan/19 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-42916 – curl: HSTS bypass via IDN
https://notcve.org/view.php?id=CVE-2022-42916
27 Oct 2022 — Issues addressed include buffer over-read, buffer overflow, bypass, code execution, denial of service, double free, integer overflow, out of bounds read, and use-after-free vulnerabilities. • http://seclists.org/fulldisclosure/2023/Jan/19 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 9CVE-2022-41974 – device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket
https://notcve.org/view.php?id=CVE-2022-41974
26 Oct 2022 — Issues addressed include bypass, code execution, integer overflow, memory leak, and use-after-free vulnerabilities. • https://packetstorm.news/files/id/170176 • CWE-269: Improper Privilege Management CWE-285: Improper Authorization •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 1CVE-2022-32775
https://notcve.org/view.php?id=CVE-2022-32775
25 Oct 2022 — An integer overflow vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1564 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-3626 – libtiff: out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c
https://notcve.org/view.php?id=CVE-2022-3626
21 Oct 2022 — Issues addressed include buffer overflow, integer overflow, out of bounds read, and out of bounds write vulnerabilities. • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3626.json • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 5%CPEs: 15EXPL: 1CVE-2022-37454 – XKCP: buffer overflow in the SHA-3 reference implementation
https://notcve.org/view.php?id=CVE-2022-37454
21 Oct 2022 — The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. • https://csrc.nist.gov/projects/hash-functions/sha-3-project • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 546EXPL: 0CVE-2022-25748
https://notcve.org/view.php?id=CVE-2022-25748
19 Oct 2022 — Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. • https://www.qualcomm.com/company/product-security/bulletins/october-2022-bulletin • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-39425 – Oracle VirtualBox VRDP Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-39425
18 Oct 2022 — The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. • https://github.com/bob11vrdp/CVE-2022-39425 • CWE-306: Missing Authentication for Critical Function •