| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges locally. |
| Numeric truncation error in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally. |
| Numeric truncation error in Windows Resilient File System (ReFS) allows an authorized attacker to execute code locally. |
| Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| Numeric truncation error in Microsoft Office Word allows an unauthorized attacker to disclose information locally. |
| Numeric truncation error in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This affects builds using DTLS 1.3 and wolfSSL version 5.9.0 and earlier. A fix was added to the 5.9.1 release. |
| LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose point count exceeded the 16-bit range was written past the end of the buffer. In fixed versions such oversized polylines are rejected. |
| Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability |
| Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability |
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options ('nsid', 'answer-cookie', 'pad-responses' (default)) need to be enabled for the vulnerability to be exploited. An adversary who can query Unbound can exploit the vulnerability by attaching multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options to the query. A flaw in the size calculation of the EDNS field truncates the correct value which allows the encoder to overflow the available space when writing. Those two combined lead to a heap overflow write of Unbound controlled data and eventually a crash. Unbound 1.25.1 contains a patch with a fix to de-duplicate the EDNS options and a fix to prevent truncation of the EDNS field size calculation. |
| uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes. |
| Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack. |
| In uriparser before 1.0.2, there is pointer difference truncation to int in various places. |
| There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. |
| Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in 1.4.0. |
| Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally. |
| Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally. |
| DHCP Server Service Remote Code Execution Vulnerability |