Total
195 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20393 | 1 Google | 1 Android | 2024-02-04 | N/A | 5.5 MEDIUM |
| In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-233735886 | |||||
| CVE-2022-2869 | 3 Debian, Fedoraproject, Libtiff | 3 Debian Linux, Fedora, Libtiff | 2024-02-04 | N/A | 5.5 MEDIUM |
| libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation. | |||||
| CVE-2022-2335 | 1 Softing | 6 Edgeaggregator, Edgeconnector, Opc and 3 more | 2024-02-04 | N/A | 7.5 HIGH |
| A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. | |||||
| CVE-2022-39343 | 1 Microsoft | 1 Azure Rtos Filex | 2024-02-04 | N/A | 7.8 HIGH |
| Azure RTOS FileX is a FAT-compatible file system that’s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a valid log file with correct ID and checksum is detected by the `_fx_fault_tolerant_enable` function an attempt to recover the previous failed write operation is taken by call of `_fx_fault_tolerant_apply_logs`. This function iterates through the log entries and performs required recovery operations. When properly crafted a log including entries of type `FX_FAULT_TOLERANT_DIR_LOG_TYPE` may be utilized to introduce unexpected behavior. This issue has been patched in version 6.2.0. A workaround to fix line 218 in fx_fault_tolerant_apply_logs.c is documented in the GHSA. | |||||
| CVE-2022-2867 | 3 Debian, Fedoraproject, Libtiff | 3 Debian Linux, Fedora, Libtiff | 2024-02-04 | N/A | 5.5 MEDIUM |
| libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation. | |||||
| CVE-2022-39293 | 1 Microsoft | 1 Azure Rtos Usbx | 2024-02-04 | N/A | 9.8 CRITICAL |
| Azure RTOS USBX is a high-performance USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. The case is, in [_ux_host_class_pima_read](https://github.com/azure-rtos/usbx/blob/master/common/usbx_host_classes/src/ux_host_class_pima_read.c), there is data length from device response, returned in the very first packet, and read by [L165 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L165), as header_length. Then in [L178 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L178), there is a “if” branch, which check the expression of “(header_length - UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE) > data_length” where if header_length is smaller than UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE, calculation could overflow and then [L182 code](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L182) the calculation of data_length is also overflow, this way the later [while loop start from L192](https://github.com/azure-rtos/usbx/blob/082fd9db09a3669eca3358f10b8837a5c1635c0b/common/usbx_host_classes/src/ux_host_class_pima_read.c#L192) can move data_pointer to unexpected address and cause write buffer overflow. The fix has been included in USBX release [6.1.12](https://github.com/azure-rtos/usbx/releases/tag/v6.1.12_rel). The following can be used as a workaround: Add check of `header_length`: 1. It must be greater than `UX_HOST_CLASS_PIMA_DATA_HEADER_SIZE`. 1. It should be greater or equal to the current returned data length (`transfer_request -> ux_transfer_request_actual_length`). | |||||
| CVE-2022-3165 | 2 Fedoraproject, Qemu | 2 Fedora, Qemu | 2024-02-04 | N/A | 6.5 MEDIUM |
| An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service. | |||||
| CVE-2021-25121 | 1 Bestwebsoft | 1 Rating | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Rating by BestWebSoft WordPress plugin before 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating | |||||
| CVE-2022-1698 | 1 Organizr | 1 Organizr | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications. | |||||
| CVE-2022-0544 | 1 Blender | 1 Blender | 2024-02-04 | 2.6 LOW | 5.5 MEDIUM |
| An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1. | |||||
| CVE-2021-44489 | 2 Fisglobal, Yottadb | 2 Gt.m, Yottadb | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application. This is a "- digs" subtraction. | |||||
| CVE-2022-0185 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2024-02-04 | 7.2 HIGH | 8.4 HIGH |
| A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system. | |||||
| CVE-2022-20073 | 2 Google, Mediatek | 44 Android, Mt2601, Mt6580 and 41 more | 2024-02-04 | 4.4 MEDIUM | 6.6 MEDIUM |
| In preloader (usb), there is a possible out of bounds write due to a integer underflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160841; Issue ID: ALPS06160841. | |||||
| CVE-2022-24046 | 1 Sonos | 3 One, S1, S2 | 2024-02-04 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). Authentication is not required to exploit this vulnerability. The specific flaw exists within the anacapd daemon. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15828. | |||||
| CVE-2021-40054 | 1 Huawei | 2 Emui, Magic Ui | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of this vulnerability may affect integrity. | |||||
| CVE-2021-44509 | 1 Fisglobal | 1 Gt.m | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application. | |||||
| CVE-2021-40589 | 1 Zangband-data Project | 1 Zangband-data | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits. | |||||
| CVE-2022-30787 | 3 Debian, Fedoraproject, Tuxera | 3 Debian Linux, Fedora, Ntfs-3g | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
| An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | |||||
| CVE-2022-23034 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a mapping can be requested in two steps. The reference count for such a mapping would then mistakenly be decremented twice. Underflow of the counters gets detected, resulting in the triggering of a hypervisor bug check. | |||||
| CVE-2021-20607 | 1 Mitsubishielectric | 3 Ezsocket, Gx Works2, Melsoft Navigator | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker. | |||||