CWE:
 

Nic nie znaleziono w bazie WLB2


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-08-17
Waiting for details
CVE-2022-2335

Updating...
 

 
A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.

 
2022-06-08
Medium
CVE-2021-40589

Vendor: Zangband-data project
Software: Zangband-data
 

 
ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits.

 
2022-04-15
Medium
CVE-2021-44489

Vendor: Fisglobal
Software: GT.M
 

 
An issue was discovered in YottaDB through r1.32 and V7.0-000. Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application. This is a "- digs" subtraction.

 
Medium
CVE-2021-44509

Vendor: Fisglobal
Software: GT.M
 

 
An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application.

 
2022-04-11
Medium
CVE-2022-20073

Updating...
 

 
In preloader (usb), there is a possible out of bounds write due to a integer underflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160841; Issue ID: ALPS06160841.

 
2022-03-10
High
CVE-2021-40054

Vendor: Huawei
Software: EMUI
 

 
There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of this vulnerability may affect integrity.

 
2022-02-24
Low
CVE-2022-0544

Vendor: Blender
Software: Blender
 

 
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.

 
2022-02-18
Waiting for details
CVE-2022-24046

Updating...
 

 
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker prior to 3.4.1 (S2 systems) and 11.2.13 build 57923290 (S1 systems). Authentication is not required to exploit this vulnerability. The specific flaw exists within the anacapd daemon. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15828.

 
2022-02-07
Medium
CVE-2022-23613

Vendor: Neutrinolabs
Software: XRDP
 

 
xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds.

 
2022-01-25
Low
CVE-2022-23034

Vendor: XEN
Software: XEN
 

 
A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a mapping can be requested in two steps. The reference count for such a mapping would then mistakenly be decremented twice. Underflow of the counters gets detected, resulting in the triggering of a hypervisor bug check.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top