CVSS: 8.8EPSS: 0%CPEs: 25EXPL: 0CVE-2024-21441 – Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-21441
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability Proveedor Microsoft WDAC OLE DB para la vulnerabilidad de ejecución remota de código de SQL Server • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21441 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27304 – pgx SQL Injection via Protocol Message Size Overflow
https://notcve.org/view.php?id=CVE-2024-27304
An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. • https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007 https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8 https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4 https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8 https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv https://access.redhat.com/security/cve/CVE-2024-27304 https://bugzilla.redhat.com/ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45591
https://notcve.org/view.php?id=CVE-2023-45591
A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “logger_generic” function of the “Ax_rtu” binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. This may result in a Denial-of-Service (DoS) condition, possibly in the execution of arbitrary code with the same privileges of the process (root), or have other unspecified impacts on the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. Una vulnerabilidad CWE-122 de “desbordamiento de búfer de almacenamiento dinámico” en la función “logger_generic” del binario “Ax_rtu” permite que un atacante remoto autenticado desencadene una corrupción de memoria en el contexto del binario. Esto puede resultar en una condición de Denegación de Servicio (DoS), posiblemente en la ejecución de código arbitrario con los mismos privilegios del proceso (raíz), o tener otros impactos no especificados en el dispositivo. • https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45591 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47098 – hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations
https://notcve.org/view.php?id=CVE-2021-47098
In the Linux kernel, the following vulnerability has been resolved: hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations Commit b50aa49638c7 ("hwmon: (lm90) Prevent integer underflows of temperature calculations") addressed a number of underflow situations when writing temperature limits. However, it missed one situation, seen when an attempt is made to set the hysteresis value to MAX_LONG and the critical temperature limit is negative. Use clamp_val() when setting the hysteresis temperature to ensure that the provided value can never overflow or underflow. • https://git.kernel.org/stable/c/b50aa49638c7e12abf4ecc483f4e928c5cccc1b0 https://git.kernel.org/stable/c/d105f30bea9104c590a9e5b495cb8a49bdfe405f https://git.kernel.org/stable/c/55840b9eae5367b5d5b29619dc2fb7e4596dba46 https://access.redhat.com/security/cve/CVE-2021-47098 https://bugzilla.redhat.com/show_bug.cgi?id=2267920 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43550 – Integer Overflow or Wraparound in Core Services
https://notcve.org/view.php?id=CVE-2023-43550
Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem. Corrupción de la memoria al procesar una solicitud QMI para asignar memoria desde un subsistema compatible con DHMS. • https://www.qualcomm.com/company/product-security/bulletins/march-2024-bulletin • CWE-190: Integer Overflow or Wraparound •