CVE-2019-19307

An integer overflow in parsemqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS infinite loop, or possibly cause an out-of-bounds write, by sending a crafted MQTT protocol packet...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-31346 DESCRIPTION: AMD SEV-SNP Firmware could allow a local authenticated...

CVE-2024-49514 Photoshop Desktop | Integer Underflow (Wrap or Wraparound) (CWE-191)

Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

CVE-2024-49514 Photoshop Desktop | Integer Underflow (Wrap or Wraparound) (CWE-191)

Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

CVE-2024-47425

CVE-2024-47425 refers to a vulnerability in Adobe FrameMaker (versions affected: 2020.6, 2022.4 and earlier) where an integer underflow/wraparound could enable arbitrary code execution in the context of the current user. Exploitation requires the user to open a malicious file. No exploit details ...

CVE-2024-47425 Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (CWE-191)

Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

CVE-2024-47425 Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (CWE-191)

Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

CVE-2024-41857 Illustrator | Integer Underflow (Wrap or Wraparound) (CWE-191)

Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-1847 Multiple vulnerabilities exist in file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024

Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024...

GPSd NTRIP Stream Parsing access violation vulnerability

Talos Vulnerability Report TALOS-2023-1860 GPSd NTRIP Stream Parsing access violation vulnerability December 5, 2023 CVE Number CVE-2023-43628 SUMMARY An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1dev. A specially crafted network packet can lead...

Accusoft ImageGear dcm_pixel_data_decode out-of-bounds write vulnerability

Talos Vulnerability Report TALOS-2023-1802 Accusoft ImageGear dcmpixeldatadecode out-of-bounds write vulnerability September 25, 2023 CVE Number CVE-2023-32653 SUMMARY An out-of-bounds write vulnerability exists in the dcmpixeldatadecode functionality of Accusoft ImageGear 20.1. A specially craft...

CVE-2022-37301

A CWE-191: Integer Underflow Wrap or Wraparound vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU part numbers BMXP34V3.40 and prior, Modicon M580 CPU part numbers BME...

Integer overflow

A CWE-191: Integer Underflow Wrap or Wraparound vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU part numbers BMXP34V3.40 and prior, Modicon M580 CPU part numbers BME...

CVE-2022-37301

CVE-2022-37301 is an integer underflow (wraparound) vulnerability in Schneider Electric Modicon Modbus TCP handling that can cause DoS via memory access violations. Affected: Modicon M340 CPU BMXP34* (V3.40 and prior); M580 CPU BMEP*/BMEH* (V3.22 and prior); Legacy Modicon Quantum/Premium (all ve...

CVE-2021-3323

Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions = =2.4.0 contain Integer Underflow Wrap or Wraparound CWE-191. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc...

CVE-2021-3323 Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr

Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions = =2.4.0 contain Integer Underflow Wrap or Wraparound CWE-191. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc...

Ribbonsoft dxflib DL_Dxf::handleLWPolylineData heap-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2021-1346 Ribbonsoft dxflib DLDxf::handleLWPolylineData heap-based buffer overflow vulnerability September 7, 2021 CVE Number CVE-2021-21897 SUMMARY A code execution vulnerability exists in the DLDxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0....

CUJO Smart Firewall mdnscap mDNS SRV record denial-of-service vulnerability

Summary An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the “RDLENGTH” value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An...

RHEL 7 : java-1.8.0-openjdk (RHSA-2016:0049)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0049 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An...