• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-190

CVE-2022-24354

February 23, 2023 by

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15835.

CVE-2022-24106

February 23, 2023 by

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the ‘interleaved’ flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.

CVE-2022-24107

February 23, 2023 by

Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.

CVE-2022-23990

February 23, 2023 by

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

CVE-2022-23852

February 23, 2023 by

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

CVE-2022-23884

February 23, 2023 by

Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound check bypass caused by PurchaseReceiptPacket::_read (packet deserializer).

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 234
  • Go to page 235
  • Go to page 236
  • Go to page 237
  • Go to page 238
  • Interim pages omitted …
  • Go to page 250
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE