CVSS: 3.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-21068 – OpenJDK: integer overflow in C1 compiler address generation (8322122)
https://notcve.org/view.php?id=CVE-2024-21068
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. • https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html https://security.netapp.com/advisory/ntap-20240426-0004 https://www.oracle.com/security-alerts/cpuapr2024.html https://access.redhat.com/security/cve/CVE-2024-21068 https://bugzilla.redhat.com/show_bug.cgi?id=2275003 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-3859 – Mozilla: Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
https://notcve.org/view.php?id=CVE-2024-3859
On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. ... The Mozilla Foundation Security Advisory describes this flaw as: On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. • https://bugzilla.mozilla.org/show_bug.cgi?id=1874489 https://lists.debian.org/debian-lts-announce/2024/04/msg00012.html https://lists.debian.org/debian-lts-announce/2024/04/msg00013.html https://www.mozilla.org/security/advisories/mfsa2024-18 https://www.mozilla.org/security/advisories/mfsa2024-19 https://www.mozilla.org/security/advisories/mfsa2024-20 https://access.redhat.com/security/cve/CVE-2024-3859 https://bugzilla.redhat.com/show_bug.cgi?id=2275552 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: -EPSS: 0%CPEs: 8EXPL: 1CVE-2024-26817 – amdkfd: use calloc instead of kzalloc to avoid integer overflow
https://notcve.org/view.php?id=CVE-2024-26817
In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might overflow. • https://github.com/MaherAzzouzi/CVE-2024-26817-amdkfd https://git.kernel.org/stable/c/e6721ea845fcb93a764a92bd40f1afc0d6c69751 https://git.kernel.org/stable/c/8b0564704255c6b3c6a7188e86939f754e1577c0 https://git.kernel.org/stable/c/fcbd99b3c73309107e3be71f20dff9414df64f91 https://git.kernel.org/stable/c/cbac7de1d9901521e78cdc34e15451df3611f2ad https://git.kernel.org/stable/c/e6768c6737f4c02cba193a3339f0cc2907f0b86a https://git.kernel.org/stable/c/315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7 https://git.kernel.org/stable/c/0c33d11153949310d76631d8f4a4736519eacd3a http •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-20795 – Animate has an arbitrary code execution vulnerability when parsing svg files
https://notcve.org/view.php?id=CVE-2024-20795
Animate versions 23.0.4, 24.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/animate/apsb24-26.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 0CVE-2024-28933 – Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-28933
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código del controlador ODBC de Microsoft para SQL Server • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933 • CWE-191: Integer Underflow (Wrap or Wraparound) •