Total
185 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-3156 | 9 Beyondtrust, Debian, Fedoraproject and 6 more | 38 Privilege Management For Mac, Privilege Management For Unix\/linux, Debian Linux and 35 more | 2024-09-19 | 7.8 High |
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. | ||||
CVE-2023-44444 | 2 Gimp, Redhat | 6 Gimp, Enterprise Linux, Rhel Aus and 3 more | 2024-09-18 | 7.8 High |
GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. Crafted data in a PSP file can trigger an off-by-one error when calculating a location to write within a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-22097. | ||||
CVE-2017-1000416 | 1 Axtls Project | 1 Axtls | 2024-09-17 | N/A |
axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year (19)50 of UTCTime being misinterpreted as 2050. | ||||
CVE-2021-21938 | 1 Accusoft | 1 Imagegear | 2024-09-17 | 9.8 Critical |
A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
CVE-2022-36354 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2024-09-17 | 5.3 Medium |
A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicious file to trigger this vulnerability. | ||||
CVE-2019-8268 | 2 Siemens, Uvnc | 4 Sinumerik Access Mymachine\/p2p, Sinumerik Pcu Base Win10 Software\/ipc, Sinumerik Pcu Base Win7 Software\/ipc and 1 more | 2024-09-17 | 9.8 Critical |
UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207. | ||||
CVE-2018-5380 | 4 Canonical, Debian, Quagga and 1 more | 5 Ubuntu Linux, Debian Linux, Quagga and 2 more | 2024-09-17 | N/A |
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. | ||||
CVE-2020-10062 | 1 Zephyrproject | 1 Zephyr | 2024-09-17 | 9 Critical |
An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. | ||||
CVE-2013-4487 | 2 Gnu, Opensuse | 2 Gnutls, Opensuse | 2024-09-16 | N/A |
Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466. | ||||
CVE-2020-14510 | 1 Secomea | 2 Gatemanager 8250, Gatemanager 8250 Firmware | 2024-09-16 | 9.8 Critical |
GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root. | ||||
CVE-2022-23400 | 1 Accusoft | 1 Imagegear | 2024-09-16 | 7.1 High |
A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information leak. An attacker can provide a malicious file to trigger this vulnerability. | ||||
CVE-2019-8272 | 2 Siemens, Uvnc | 4 Sinumerik Access Mymachine\/p2p, Sinumerik Pcu Base Win10 Software\/ipc, Sinumerik Pcu Base Win7 Software\/ipc and 1 more | 2024-09-16 | 9.8 Critical |
UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212. | ||||
CVE-2020-14508 | 1 Secomea | 2 Gatemanager 8250, Gatemanager 8250 Firmware | 2024-09-16 | 8.1 High |
GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition. | ||||
CVE-2017-14230 | 1 Cyrus | 1 Imap | 2024-09-16 | N/A |
In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command. | ||||
CVE-2019-3813 | 4 Canonical, Debian, Redhat and 1 more | 10 Ubuntu Linux, Debian Linux, Enterprise Linux and 7 more | 2024-09-16 | 7.5 High |
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. | ||||
CVE-2024-43852 | 1 Linux | 1 Linux Kernel | 2024-09-15 | 7.8 High |
In the Linux kernel, the following vulnerability has been resolved: hwmon: (ltc2991) re-order conditions to fix off by one bug LTC2991_T_INT_CH_NR is 4. The st->temp_en[] array has LTC2991_MAX_CHANNEL (4) elements. Thus if "channel" is equal to LTC2991_T_INT_CH_NR then we have read one element beyond the end of the array. Flip the conditions around so that we check if "channel" is valid before using it as an array index. | ||||
CVE-2024-1441 | 1 Redhat | 2 Advanced Virtualization, Enterprise Linux | 2024-09-14 | 5.5 Medium |
An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash. | ||||
CVE-2022-48732 | 1 Linux | 1 Linux Kernel | 2024-09-11 | 7.8 High |
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts embedded in the BIOS reject access to the last byte. This causes driver initialization to fail on Apple eMac's with GeForce 2 MX GPUs, leaving the system with no working console. This is probably only seen on OpenFirmware machines like PowerPC Macs because the BIOS image provided by OF is only the used parts of the ROM, not a power-of-two blocks read from PCI directly so PCs always have empty bytes at the end that are never accessed. | ||||
CVE-2022-30155 | 1 Microsoft | 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more | 2024-09-10 | 5.5 Medium |
Windows Kernel Denial of Service Vulnerability | ||||
CVE-2023-46853 | 1 Memcached | 1 Memcached | 2024-09-09 | 9.8 Critical |
In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n. |