CVSS: 6.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-29195 – Azure C SDK Integer Wraparound Vulnerability
https://notcve.org/view.php?id=CVE-2024-29195
An attacker can cause an integer wraparound or under-allocation or heap buffer overflow due to vulnerabilities in parameter checking mechanism, by exploiting the buffer length parameter in Azure C SDK, which may lead to remote code execution. • https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2 https://github.com/Azure/azure-c-shared-utility/security/advisories/GHSA-m8wp-hc7w-x4xg • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-28231 – Manipulated DATA Submessage causes a heap-buffer-overflow error
https://notcve.org/view.php?id=CVE-2024-28231
When a negative number, such as -1, is input into this variable, it results in an Integer Overflow (for example, -1 gets converted to 0xFFFFFFFF). • https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-2608 – Mozilla: Integer overflow could have led to out of bounds write
https://notcve.org/view.php?id=CVE-2024-2608
`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. ... The Mozilla Foundation Security Advisory describes this flaw as: `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. • https://bugzilla.mozilla.org/show_bug.cgi?id=1880692 https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html https://www.mozilla.org/security/advisories/mfsa2024-12 https://www.mozilla.org/security/advisories/mfsa2024-13 https://www.mozilla.org/security/advisories/mfsa2024-14 https://access.redhat.com/security/cve/CVE-2024-2608 https://bugzilla.redhat.com/show_bug.cgi?id=2270661 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-1917
https://notcve.org/view.php?id=CVE-2024-1917
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet. • https://jvn.jp/vu/JVNVU99690199 https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-1916
https://notcve.org/view.php?id=CVE-2024-1916
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet. • https://jvn.jp/vu/JVNVU99690199 https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf • CWE-190: Integer Overflow or Wraparound •