CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-24609
https://notcve.org/view.php?id=CVE-2023-24609
Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. • https://www.rambus.com/security/software-protocols/tls-toolkit https://www.telekom.com/en/company/data-privacy-and-security/news/advisories-504842 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-48298 – Integer underflow leading to stack overflow in FPC codec decompression
https://notcve.org/view.php?id=CVE-2023-48298
This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. • https://github.com/ClickHouse/ClickHouse/pull/56795 https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43826 – Apache Guacamole: Integer overflow in handling of VNC image buffers
https://notcve.org/view.php?id=CVE-2023-43826
Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. • http://www.openwall.com/lists/oss-security/2023/12/19/4 https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2023-46804 – Ivanti Avalanche WLAvalancheService Integer Underflow Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-46804
The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before reading from memory. • https://download.wavelink.com/Files/avalanche_v6.4.2_release_notes.txt • CWE-787: Out-of-bounds Write •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4320 – Satellite: arithmetic overflow in satellite
https://notcve.org/view.php?id=CVE-2023-4320
An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity. • https://access.redhat.com/errata/RHSA-2024:2010 https://access.redhat.com/security/cve/CVE-2023-4320 https://bugzilla.redhat.com/show_bug.cgi?id=2231814 • CWE-613: Insufficient Session Expiration •