CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-31047
https://notcve.org/view.php?id=CVE-2024-31047
An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp. Un problema en Academy Software Foundation openexr v.3.2.3 y anteriores permite que un atacante local provoque una denegación de servicio (DoS) a través de la función de conversión de exrmultipart.cpp. • https://github.com/AcademySoftwareFoundation/openexr/issues/1680 • CWE-190: Integer Overflow or Wraparound •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-23082
https://notcve.org/view.php?id=CVE-2024-23082
ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition). • http://threeten.com https://gist.github.com/LLM4IG/d2618f5f4e5ac37eb75cff5617e58b90 https://github.com/ThreeTen/threetenbp •
CVSS: 6.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-28219 – python-pillow: buffer overflow in _imagingcms.c
https://notcve.org/view.php?id=CVE-2024-28219
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. ... The cms_transform_new function in src/_imagingcms.c does not validate the length of its parameters before copying them into fixed-size buffers, leading to a buffer overflow, resulting in a denial of service. • https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLPUT3VK4GQ6EVY525TT2QNUIXNRU5M https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html#security https://access.redhat.com/security/cve/CVE-2024-28219 https://bugzilla.redhat.com/show_bug.cgi?id=2272563 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26668 – netfilter: nft_limit: reject configurations that cause integer overflow
https://notcve.org/view.php?id=CVE-2024-26668
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: reject configurations that cause integer overflow Reject bogus configs where internal token counter wraps around. This only occurs with very very large requests, such as 17gbyte/s. Its better to reject this rather than having incorrect ratelimit. • https://git.kernel.org/stable/c/d2168e849ebf617b2b7feae44c0c0baf739cb610 https://git.kernel.org/stable/c/79d4efd75e7dbecd855a3b8a63e65f7265f466e1 https://git.kernel.org/stable/c/bc6e242bb74e2ae616bfd2b250682b738e781c9b https://git.kernel.org/stable/c/9882495d02ecc490604f747437a40626dc9160d0 https://git.kernel.org/stable/c/00c2c29aa36d1d1827c51a3720e9f893a22c7c6a https://git.kernel.org/stable/c/c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa https://access.redhat.com/security/cve/CVE-2024-26668 https://bugzilla.redhat.com/show_bug.cgi?id=2272797 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21470 – Integer Overflow to Buffer Overflow in Graphics Windows
https://notcve.org/view.php?id=CVE-2024-21470
Memory corruption while allocating memory for graphics. Corrupción de la memoria al asignar memoria para gráficos. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html • CWE-680: Integer Overflow to Buffer Overflow •