CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-36593 – Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-36593
10 Oct 2023 — Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Vulnerabilidad de ejecución remota de código en Microsoft Message Queuing • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36593 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2023-36478 – HTTP/2 HPACK integer overflow and buffer allocation
https://notcve.org/view.php?id=CVE-2023-36478
10 Oct 2023 — In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. ... In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. • http://www.openwall.com/lists/oss-security/2023/10/18/4 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44378 – gnark vulnerable to unsoundness in variable comparison/non-unique binary decomposition
https://notcve.org/view.php?id=CVE-2023-44378
09 Oct 2023 — gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of `a`, for small values there exists a second decomposition for `a+r` (where `r` is the modulus the values are being reduced by). The second decomposition was possible due to overflowing the field where the values are defined. Upgrading to version 0.9.0 should fix the issue wit... • https://github.com/Consensys/gnark/commit/59a4087261a6c73f13e80d695c17b398c3d0934f • CWE-191: Integer Underflow (Wrap or Wraparound) CWE-697: Incorrect Comparison •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 1CVE-2023-5441 – NULL Pointer Dereference in vim/vim
https://notcve.org/view.php?id=CVE-2023-5441
05 Oct 2023 — It was discovered that Vim contained an arithmetic overflow. • https://github.com/vim/vim/commit/20d161ace307e28690229b68584f2d84556f8960 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-41175 – Libtiff: potential integer overflow in raw2tiff.c
https://notcve.org/view.php?id=CVE-2023-41175
05 Oct 2023 — A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. • https://access.redhat.com/errata/RHSA-2024:2289 • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-40745 – Libtiff: integer overflow in tiffcp.c
https://notcve.org/view.php?id=CVE-2023-40745
05 Oct 2023 — LibTIFF is vulnerable to an integer overflow. • https://access.redhat.com/errata/RHSA-2024:2289 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-43787 – Libx11: integer overflow in xcreateimage() leading to a heap overflow
https://notcve.org/view.php?id=CVE-2023-43787
04 Oct 2023 — A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. • http://www.openwall.com/lists/oss-security/2024/01/24/9 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 6.7EPSS: 0%CPEs: 20EXPL: 0CVE-2023-32829
https://notcve.org/view.php?id=CVE-2023-32829
02 Oct 2023 — In apusys, there is a possible out of bounds write due to an integer overflow. • https://corp.mediatek.com/product-security-bulletin/October-2023 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.7EPSS: 0%CPEs: 17EXPL: 0CVE-2023-32828
https://notcve.org/view.php?id=CVE-2023-32828
02 Oct 2023 — In vpu, there is a possible out of bounds write due to an integer overflow. • https://corp.mediatek.com/product-security-bulletin/October-2023 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.7EPSS: 0%CPEs: 32EXPL: 0CVE-2023-32823
https://notcve.org/view.php?id=CVE-2023-32823
02 Oct 2023 — In rpmb , there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALPS07912966. En rpmb, existe una posible corrupción de la memoria debido a una verificación de límites faltantes. • https://corp.mediatek.com/product-security-bulletin/October-2023 • CWE-190: Integer Overflow or Wraparound •