CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-40476 – GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40476
This issue requires user interaction with the library and may allow a malicious user to cause an integer overflow before allocating the buffer, triggering a crash or code execution via heap manipulation, executing code in the context of the current process. • https://gstreamer.freedesktop.org/security/sa-2023-0008.html https://www.zerodayinitiative.com/advisories/ZDI-23-1458 https://access.redhat.com/security/cve/CVE-2023-40476 https://bugzilla.redhat.com/show_bug.cgi?id=2254589 • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2023-42118 – Exim libspf2 Integer Underflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-42118
Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. ... When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. ... Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. ... When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. ... When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. • https://www.zerodayinitiative.com/advisories/ZDI-23-1472 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2023-42753 – Kernel: netfilter: potential slab-out-of-bound access due to integer underflow
https://notcve.org/view.php?id=CVE-2023-42753
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. Se encontró una vulnerabilidad de indexación de matrices en el subsistema netfilter del kernel de Linux. Una macro faltante podría provocar un error de cálculo del desplazamiento de la matriz `h->nets`, proporcionando a los atacantes la primitiva de incrementar/disminuir arbitrariamente un búfer de memoria fuera de límites. • http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://access.redhat.com/errata/RHSA-2023:7370 https://access.redhat.com/errata/RHSA-2023:7379 https://access.redhat.com/errata/RHSA-2023:7382 https://access.redhat.com/errata/RHSA-2023:7389 https://access.redhat.com/errata/RHSA-2023:7411 https://access.redhat.com/errata/RHSA-2023:7418 https://access.redhat.com/errata/RHSA-2023:7539 https://access.redhat.com/errata/RHSA-2023:7558 h • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-32653
https://notcve.org/view.php?id=CVE-2023-32653
An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. Existe una vulnerabilidad de escritura fuera de límites en la funcionalidad dcm_pixel_data_decode de Accusoft ImageGear 20.1. Un archivo con formato incorrecto especialmente manipulado puede provocar la ejecución de código arbitrario. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1802 • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 47EXPL: 0CVE-2023-36792 – Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-36792
Visual Studio Remote Code Execution Vulnerability Vulnerabilidad de Ejecución Remota de Códigode Visual Studio • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792 • CWE-190: Integer Overflow or Wraparound •