CWE:
 

Tytuł
Data
Autor
Med.
MiniUPnP MiniUPnPc < 2.0 Remote Denial of Service
12.01.2018
tintinweb
Med.
Windows Kernel win32k.sys Integer Overflow (MS13-101)
12.12.2013
CORE
High
Apache 1.3.41 mod_proxy Integer overflow (code execution)
29.01.2010
Adam Zabrocki
Med.
Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability
11.12.2009
ZDI


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-05-20
Waiting for details
CVE-2022-29203

Updating...
 

 
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer overflow is used to allocate the output tensor, hence we get a denial of service via a `CHECK`-failure (assertion failure), as in TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

 
2022-05-09
Low
CVE-2022-27114

Vendor: Htmldoc project
Software: Htmldoc
 

 
There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function.

 
2022-05-05
Low
CVE-2022-28471

Vendor: Ffjpeg project
Software: Ffjpeg
 

 
In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 38

 
Medium
CVE-2022-28705

Vendor: F5
Software: Big-ip local...
 

 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, on platforms with an ePVA and the pva.fwdaccel BigDB variable enabled, undisclosed requests to a virtual server with a FastL4 profile that has ePVA acceleration enabled can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

 
2022-05-03
Low
CVE-2022-29824

Vendor: Xmlsoft
Software: Libxml2
 

 
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

 
Medium
CVE-2021-22556

Vendor: Google
Software: Fuchsia
 

 

 
Waiting for details
CVE-2021-27439

Updating...
 

 
TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tos_mmheap_alloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

 
Waiting for details
CVE-2021-27435

Updating...
 

 
ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

 
Waiting for details
CVE-2021-27431

Updating...
 

 
ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution.

 
Waiting for details
CVE-2021-27427

Updating...
 

 
RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top