Total
107 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0818 | 1 Gpac | 1 Gpac | 2024-02-04 | N/A | 5.5 MEDIUM |
| Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV. | |||||
| CVE-2022-36354 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-02-04 | N/A | 5.3 MEDIUM |
| A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-41916 | 2 Debian, Heimdal Project | 2 Debian Linux, Heimdal | 2024-02-04 | N/A | 7.5 HIGH |
| Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. | |||||
| CVE-2020-27793 | 1 Radare | 1 Radare2 | 2024-02-04 | N/A | 7.5 HIGH |
| An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could allow an attacker to cause a crash, and perform a denail of service attack. | |||||
| CVE-2022-3872 | 1 Qemu | 1 Qemu | 2024-02-04 | N/A | 8.6 HIGH |
| An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. | |||||
| CVE-2021-46848 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Libtasn1 | 2024-02-04 | N/A | 9.1 CRITICAL |
| GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der. | |||||
| CVE-2022-34970 | 1 Crowcpp | 1 Crow | 2024-02-04 | N/A | 9.8 CRITICAL |
| Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service. | |||||
| CVE-2021-3999 | 3 Debian, Gnu, Netapp | 15 Debian Linux, Glibc, E-series Performance Analyzer and 12 more | 2024-02-04 | N/A | 7.8 HIGH |
| A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. | |||||
| CVE-2022-39274 | 1 Semtech | 1 Loramac-node | 2024-02-04 | N/A | 9.8 CRITICAL |
| LoRaMac-node is a reference implementation and documentation of a LoRa network node. Versions of LoRaMac-node prior to 4.7.0 are vulnerable to a buffer overflow. Improper size validation of the incoming radio frames can lead to an 65280-byte out-of-bounds write. The function `ProcessRadioRxDone` implicitly expects incoming radio frames to have at least a payload of one byte or more. An empty payload leads to a 1-byte out-of-bounds read of user controlled content when the payload buffer is reused. This allows an attacker to craft a FRAME_TYPE_PROPRIETARY frame with size -1 which results in an 65280-byte out-of-bounds memcopy likely with partially controlled attacker data. Corrupting a large part if the data section is likely to cause a DoS. If the large out-of-bounds write does not immediately crash the attacker may gain control over the execution due to now controlling large parts of the data section. Users are advised to upgrade either by updating their package or by manually applying the patch commit `e851b079`. | |||||
| CVE-2021-3930 | 3 Debian, Qemu, Redhat | 10 Debian Linux, Qemu, Codeready Linux Builder and 7 more | 2024-02-04 | 2.1 LOW | 6.5 MEDIUM |
| An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition. | |||||
| CVE-2022-24988 | 1 Galois 2p8 Project | 1 Galois 2p8 | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-by-one buffer overflow for a vector. | |||||
| CVE-2022-25051 | 1 Rtl 433 Project | 1 Rtl 433 | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file. | |||||
| CVE-2022-30155 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-02-04 | 7.1 HIGH | 5.5 MEDIUM |
| Windows Kernel Denial of Service Vulnerability | |||||
| CVE-2021-4070 | 1 V2fly | 1 V2ray-core | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| Off-by-one Error in GitHub repository v2fly/v2ray-core prior to 4.44.0. | |||||
| CVE-2021-21938 | 1 Accusoft | 1 Imagegear | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-44007 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an off-by-one error in the heap while parsing specially crafted TIFF files. This could allow an attacker to cause a denial-of-service condition. | |||||
| CVE-2021-29529 | 1 Google | 1 Tensorflow | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in `tf.raw_ops.QuantizedResizeBilinear` by manipulating input values so that float rounding results in off-by-one error in accessing image elements. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/44b7f486c0143f68b56c34e2d01e146ee445134a/tensorflow/core/kernels/quantized_resize_bilinear_op.cc#L62-L66) computes two integers (representing the upper and lower bounds for interpolation) by ceiling and flooring a floating point value. For some values of `in`, `interpolation->upper[i]` might be smaller than `interpolation->lower[i]`. This is an issue if `interpolation->upper[i]` is capped at `in_size-1` as it means that `interpolation->lower[i]` points outside of the image. Then, in the interpolation code(https://github.com/tensorflow/tensorflow/blob/44b7f486c0143f68b56c34e2d01e146ee445134a/tensorflow/core/kernels/quantized_resize_bilinear_op.cc#L245-L264), this would result in heap buffer overflow. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. | |||||
| CVE-2021-23017 | 5 F5, Fedoraproject, Netapp and 2 more | 13 Nginx, Fedora, Ontap Select Deploy Administration Utility and 10 more | 2024-02-04 | 6.8 MEDIUM | 7.7 HIGH |
| A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. | |||||
| CVE-2020-35893 | 1 Simple-slab Project | 1 Simple-slab | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one error, causing memory leakage and a drop of uninitialized memory. | |||||
| CVE-2020-27171 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-02-04 | 3.6 LOW | 6.0 MEDIUM |
| An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. | |||||