CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27769
https://notcve.org/view.php?id=CVE-2020-27769
14 May 2021 — In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c. En ImageMagick versiones anteriores a 7.0.9-0, están fuera del rango de valores representables de tipo "float" en el archivo MagickCore/quantize.c • https://bugzilla.redhat.com/show_bug.cgi?id=1894690 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22137 – elasticsearch: Document disclosure flaw when Document or Field Level Security is used
https://notcve.org/view.php?id=CVE-2021-22137
13 May 2021 — Issues addressed include denial of service, information leakage, integer overflow, and resource exhaustion vulnerabilities. • https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-281: Improper Preservation of Permissions •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22135 – elasticsearch: Document disclosure flaw in the Elasticsearch suggester
https://notcve.org/view.php?id=CVE-2021-22135
13 May 2021 — Issues addressed include denial of service, information leakage, integer overflow, and privilege escalation vulnerabilities. • https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-35198
https://notcve.org/view.php?id=CVE-2020-35198
12 May 2021 — The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). • https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-35198 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3491 – Linux kernel io_uring PROVIDE_BUFFERS MAX_RW_COUNT bypass
https://notcve.org/view.php?id=CVE-2021-3491
12 May 2021 — The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before accessing memory. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1f82808877bb10d3deee7cf3374a4eb3fb582db • CWE-131: Incorrect Calculation of Buffer Size CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 2%CPEs: 13EXPL: 0CVE-2021-31178 – Microsoft Office Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-31178
11 May 2021 — Microsoft Office Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información de Microsoft Office • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31178 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20312 – Ubuntu Security Notice USN-5736-1
https://notcve.org/view.php?id=CVE-2021-20312
11 May 2021 — A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. • https://bugzilla.redhat.com/show_bug.cgi?id=1946742 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-32489
https://notcve.org/view.php?id=CVE-2021-32489
10 May 2021 — The function does not correctly validate the embedded length field of an authenticated message received from the device because response_msg.st.len=8 can be accepted but triggers an integer overflow, which causes CRYPTO_cbc128_decrypt (in OpenSSL) to encounter an undersized buffer and experience a segmentation fault. • https://blog.inhq.net/posts/yubico-libyubihsm-vuln2/#second-attack-variant-cve-pending • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.0EPSS: 0%CPEs: 19EXPL: 2CVE-2021-32399 – kernel: race condition for removal of the HCI controller
https://notcve.org/view.php?id=CVE-2021-32399
10 May 2021 — Issues addressed include code execution, cross site scripting, denial of service, integer overflow, and null pointer vulnerabilities. • https://github.com/nanopathi/linux-4.19.72_CVE-2021-32399 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2021-25849
https://notcve.org/view.php?id=CVE-2021-25849
10 May 2021 — An integer underflow was discovered in userdisk/vport_lldpd in Moxa Camera VPort 06EC-2V Series, version 1.1, improper validation of the PortID TLV leads to Denial of Service via a crafted lldp packet. • https://www.moxa.com/en • CWE-191: Integer Underflow (Wrap or Wraparound) •