CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 2CVE-2022-25313 – expat: Stack exhaustion in doctype parsing
https://notcve.org/view.php?id=CVE-2022-25313
18 Feb 2022 — Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities. • https://github.com/Trinadh465/external_expat-2.1.0_CVE-2022-25313 • CWE-674: Uncontrolled Recursion CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 1CVE-2022-25235 – expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-25235
16 Feb 2022 — Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities. • https://github.com/Satheesh575555/external_expat_AOSP10_r33_CVE-2022-25235 • CWE-116: Improper Encoding or Escaping of Output CWE-838: Inappropriate Encoding for Output Context •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 2CVE-2022-25236 – expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-25236
16 Feb 2022 — Issues addressed include code execution, integer overflow, null pointer, out of bounds read, out of bounds write, and server-side request forgery vulnerabilities. • https://packetstorm.news/files/id/167238 • CWE-179: Incorrect Behavior Order: Early Validation CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-24046 – Sonos One Speaker Integer Underflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-24046
14 Feb 2022 — The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. ... The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. • https://www.zerodayinitiative.com/advisories/ZDI-22-260 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.4EPSS: 0%CPEs: 82EXPL: 0CVE-2021-35074
https://notcve.org/view.php?id=CVE-2021-35074
11 Feb 2022 — Possible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile Un Posible desbordamiento de enteros debido a un tipo de datos de fragmentos inapropiado mientras es calculado el número de fragmentos en un mensaje de petición en Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile • https://www.qualcomm.com/company/product-security/bulletins/february-2022-bulletin • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 382EXPL: 0CVE-2021-35069
https://notcve.org/view.php?id=CVE-2021-35069
11 Feb 2022 — Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking Una comprobación inapropiada de la longitud de los datos recibidos del búfer DMA puede conllevar a una corrupción de la memoria en Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer... • https://www.qualcomm.com/company/product-security/bulletins/february-2022-bulletin • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-23772 – golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
https://notcve.org/view.php?id=CVE-2022-23772
11 Feb 2022 — Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. Rat.SetString en el archivo math/big en Go versiones anteriores a 1.16.14 y versiones 1.17.x anteriores a 1.17.7, presenta un desbordamiento que puede conllevar a un Consumo de Memoria no Controlado A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. Thi... • https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3398
https://notcve.org/view.php?id=CVE-2021-3398
10 Feb 2022 — Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. • https://advisories.stormshield.eu/2021-001 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24354 – TP-Link AC1750 NetUSB Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-24354
10 Feb 2022 — The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. ... The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. • https://www.zerodayinitiative.com/advisories/ZDI-22-264 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 23EXPL: 1CVE-2022-0530 – Gentoo Linux Security Advisory 202310-17
https://notcve.org/view.php?id=CVE-2022-0530
09 Feb 2022 — Este defecto permite a un atacante introducir un archivo zip especialmente diseñado, lo que lleva a un fallo o a la ejecución de código macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • http://seclists.org/fulldisclosure/2022/May/33 •