CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2022-38044 – Windows CD-ROM File System Driver Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-38044
11 Oct 2022 — The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38044 •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 2CVE-2022-36063 – USBX Host CDC ECM integer underflow with buffer overflow
https://notcve.org/view.php?id=CVE-2022-36063
10 Oct 2022 — Azure RTOS USBX implementation of host support for USB CDC ECM includes an integer underflow and a buffer overflow in the `_ux_host_class_cdc_ecm_mac_address_get` function which may be potentially exploited to achieve remote code execution or denial of service. Setting mac address string descriptor length to a `0` or `1` allows an attacker to introduce an integer underflow followed (string_length) by a buffer overflow of the `cdc_ecm -> ux_host_class_cdc_ecm_node_id` array. • https://github.com/azure-rtos/usbx/blob/master/common/usbx_host_classes/src/ux_host_class_cdc_ecm_mac_address_get.c#L264 • CWE-121: Stack-based Buffer Overflow CWE-191: Integer Underflow (Wrap or Wraparound) CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 6.5EPSS: 0%CPEs: 34EXPL: 0CVE-2022-2928 – An option refcount overflow exists in dhcpd
https://notcve.org/view.php?id=CVE-2022-2928
06 Oct 2022 — Cada respuesta de consulta de arrendamiento llama a esta función para varias opciones, por lo que eventualmente, los contadores de referencia podrían desbordarse y causar a el servidor abortar An integer overflow vulnerability was found in the DHCP server. • https://kb.isc.org/docs/cve-2022-2928 • CWE-190: Integer Overflow or Wraparound CWE-476: NULL Pointer Dereference •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41318 – squid: buffer-over-read in SSPI and SMB authentication
https://notcve.org/view.php?id=CVE-2022-41318
27 Sep 2022 — Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. ... An incorrect integer overflow protection in the Squid SSPI and SMB authentication helpers is vulnerable to a buffer overflow attack, resulting in information disclosure. • http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch • CWE-126: Buffer Over-read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-27492
https://notcve.org/view.php?id=CVE-2022-27492
23 Sep 2022 — An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file. • https://www.whatsapp.com/security/advisories/2022 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2566 – Heap-memory write in FFMPEG
https://notcve.org/view.php?id=CVE-2022-2566
23 Sep 2022 — This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. • https://github.com/FFmpeg/FFmpeg/commit/c953baa084607dd1d84c3bfcce3cf6a87c3e6e05 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 0CVE-2022-35951 – Redis subject to Integer Overflow leading to Remote Code Execution via Heap Overflow
https://notcve.org/view.php?id=CVE-2022-35951
23 Sep 2022 — Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. • https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36934
https://notcve.org/view.php?id=CVE-2022-36934
22 Sep 2022 — An integer overflow in WhatsApp could result in remote code execution in an established video call. • https://www.whatsapp.com/security/advisories/2022 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 0CVE-2022-38178 – Memory leaks in EdDSA DNSSEC verification code
https://notcve.org/view.php?id=CVE-2022-38178
21 Sep 2022 — Issues addressed include bypass, code execution, integer overflow, memory leak, and use-after-free vulnerabilities. • http://www.openwall.com/lists/oss-security/2022/09/21/3 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 34EXPL: 0CVE-2022-38177 – Memory leak in ECDSA DNSSEC verification code
https://notcve.org/view.php?id=CVE-2022-38177
21 Sep 2022 — Issues addressed include bypass, code execution, integer overflow, memory leak, and use-after-free vulnerabilities. • http://www.openwall.com/lists/oss-security/2022/09/21/3 • CWE-401: Missing Release of Memory after Effective Lifetime •