CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 1CVE-2023-40186 – IntegerOverflow leading to Out-Of-Bound Write Vulnerability in FreeRDP
https://notcve.org/view.php?id=CVE-2023-40186
31 Aug 2023 — An integer overflow vulnerability was found in the `gdi_CreateSurface` function in FreeRDP, which may result in a crash. • https://github.com/FreeRDP/FreeRDP/blob/fee2b10ba1154f952769a53eb608f044782e22f8/libfreerdp/gdi/gfx.c#L1156-L1165 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.4EPSS: 0%CPEs: 7EXPL: 1CVE-2023-40181 – Integer-Underflow leading to Out-Of-Bound Read in FreeRDP
https://notcve.org/view.php?id=CVE-2023-40181
31 Aug 2023 — Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. • https://github.com/FreeRDP/FreeRDP/blob/2252d53001d9ce8a452f0a0a5b1f5ed9db6d57f1/libfreerdp/codec/zgfx.c#L256-L261 • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2023-39350 – Incorrect offset calculation leading to denial of service in FreeRDP
https://notcve.org/view.php?id=CVE-2023-39350
31 Aug 2023 — Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. ... When an insufficient blockLen value is provided and proper length validation is not performed, an Integer Underflow can occur, leading to a Denial of Service (DOS). • https://github.com/FreeRDP/FreeRDP/commit/e204fc8be5a372626b13f66daf2abafe71dbc2dc • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41185 – Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-41185
30 Aug 2023 — Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability. ... When parsing the certificate length field, the process does not properly validate user-supplied data, which can result in an integer overflow. ... When parsing the certificate length field, the process does not properly validate user-supplied data, which can result in an integer overflow. • https://www.zerodayinitiative.com/advisories/ZDI-23-1286 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40022 – Rizin vulnerable to Integer Overflow in C++ demangler logic
https://notcve.org/view.php?id=CVE-2023-40022
24 Aug 2023 — Versions 0.6.0 and prior are vulnerable to integer overflow in `consume_count` of `src/gnu_v2/cplus-dem.c`. • https://github.com/rizinorg/rizin/pull/3753 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-31102 – 7-Zip 7Z File Parsing Integer Underflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-31102
23 Aug 2023 — Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive. 7-Zip hasta 22.01 en Linux permite un desbordamiento de números enteros y la ejecución de código a través de un archivo 7Z manipulado. ... The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. • https://ds-security.com/post/integer-overflow-in-7-zip-cve-2023-31102 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-19909
https://notcve.org/view.php?id=CVE-2020-19909
22 Aug 2023 — Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. • https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-21699
https://notcve.org/view.php?id=CVE-2020-21699
22 Aug 2023 — The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests. • https://github.com/ZxDecide/Nginx-variants/blob/master/%E9%99%84%E4%BB%B6%28Tengine%29.docx • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-2914 – Rockwell Automation ThinManager Thinserver Software Vulnerable to Input Validation Vulnerabilitiy
https://notcve.org/view.php?id=CVE-2023-2914
17 Aug 2023 — The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140471 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-39125
https://notcve.org/view.php?id=CVE-2023-39125
17 Aug 2023 — NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in loadBMP in bmp_rw.c because a file's width, height, and BPP are not validated. • https://github.com/LMP88959/NTSC-CRT/issues/32 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •