Total
228 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28858 | 1 Redis | 1 Redis-py | 2025-02-20 | 3.7 Low |
| redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT, and 4.3.6, 4.4.3, and 4.5.3 were released (changing the behavior for pipeline operations); however, please see CVE-2023-28859 about addressing data leakage across AsyncIO connections in general. | ||||
| CVE-2023-4260 | 1 Zephyrproject | 1 Zephyr | 2025-02-13 | 6.3 Medium |
| Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system. | ||||
| CVE-2023-28709 | 4 Apache, Debian, Netapp and 1 more | 5 Tomcat, Debian Linux, 7-mode Transition Tool and 2 more | 2025-02-13 | 7.5 High |
| The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur. | ||||
| CVE-2023-4259 | 1 Zephyrproject | 1 Zephyr | 2025-02-13 | 7.1 High |
| Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code. | ||||
| CVE-2023-30546 | 1 Contiki-ng | 1 Contiki-ng | 2025-01-30 | 9.8 Critical |
| Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System (CFS) backend for the storage of data (file os/storage/antelope/storage-cfs.c). In the functions `storage_get_index` and `storage_put_index`, a buffer for merging two strings is allocated with one byte less than the maximum size of the merged strings, causing subsequent function calls to the cfs_open function to read from memory beyond the buffer size. The vulnerability has been patched in the "develop" branch of Contiki-NG, and is expected to be included in the next release. As a workaround, the problem can be fixed by applying the patch in Contiki-NG pull request #2425. | ||||
| CVE-2024-48854 | 1 Blackberry | 1 Qnx Software Development Platform | 2025-01-21 | 5.3 Medium |
| Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec. | ||||
| CVE-2023-38429 | 1 Linux | 1 Linux Kernel | 2025-01-03 | 9.8 Critical |
| An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access. | ||||
| CVE-2022-30155 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-01-02 | 5.5 Medium |
| Windows Kernel Denial of Service Vulnerability | ||||
| CVE-2024-51554 | 2024-12-05 | 9.1 Critical | ||
| Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||||
| CVE-2024-32668 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 8.2 High |
| An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. | ||||
| CVE-2023-46853 | 1 Memcached | 1 Memcached | 2024-11-21 | 9.8 Critical |
| In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n. | ||||
| CVE-2023-46247 | 1 Vyperlang | 1 Vyper | 2024-11-21 | 7.5 High |
| Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used `math.ceil(type_.size_in_bytes / 32)`. The intermediate floating point step can produce a rounding error if there are enough bits set in the IEEE-754 mantissa. Roughly speaking, if `type_.size_in_bytes` is large (> 2**46), and slightly less than a power of 2, the calculation can overestimate how many slots are needed by 1. If `type_.size_in_bytes` is slightly more than a power of 2, the calculation can underestimate how many slots are needed by 1. This issue is patched in version 0.3.8. | ||||
| CVE-2023-41880 | 1 Bytecodealliance | 1 Wasmtime | 2024-11-21 | 2.2 Low |
| Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly `i64x2.shr_s` instruction on x86_64 platforms when the shift amount is a constant value that is larger than 32. Only x86_64 is affected so all other targets are not affected by this. The miscompilation results in the instruction producing an incorrect result, namely the low 32-bits of the second lane of the vector are derived from the low 32-bits of the second lane of the input vector instead of the high 32-bits. The primary impact of this issue is that any WebAssembly program using the `i64x2.shr_s` with a constant shift amount larger than 32 may produce an incorrect result. This issue is not an escape from the WebAssembly sandbox. Execution of WebAssembly guest programs will still behave correctly with respect to memory sandboxing and isolation from the host. Wasmtime considers non-spec-compliant behavior as a security issue nonetheless. This issue was discovered through fuzzing of Wasmtime's code generator Cranelift. Wasmtime versions 10.0.2, 11.0.2, and 12.0.2 are all patched to no longer have this miscompilation. This issue only affects x86_64 hosts and the only workaround is to either scan for this pattern in wasm modules which is nontrivial or to disable the SIMD proposal for WebAssembly. Users prior to 10.0.0 are unaffected by this vulnerability. | ||||
| CVE-2022-34970 | 1 Crowcpp | 1 Crow | 2024-11-21 | 9.8 Critical |
| Crow before 1.0+4 has a heap-based buffer overflow via the function qs_parse in query_string.h. On successful exploitation this vulnerability allows attackers to remotely execute arbitrary code in the context of the vulnerable service. | ||||
| CVE-2022-33064 | 1 Libsndfile Project | 1 Libsndfile | 2024-11-21 | 7.8 High |
| An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts. | ||||
| CVE-2022-25051 | 1 Rtl 433 Project | 1 Rtl 433 | 2024-11-21 | 5.5 Medium |
| An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file. | ||||
| CVE-2022-24988 | 1 Galois 2p8 Project | 1 Galois 2p8 | 2024-11-21 | 9.8 Critical |
| In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-by-one buffer overflow for a vector. | ||||
| CVE-2021-4070 | 1 V2fly | 1 V2ray-core | 2024-11-21 | 9.1 Critical |
| Off-by-one Error in GitHub repository v2fly/v2ray-core prior to 4.44.0. | ||||
| CVE-2021-44007 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | 5.5 Medium |
| A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an off-by-one error in the heap while parsing specially crafted TIFF files. This could allow an attacker to cause a denial-of-service condition. | ||||
| CVE-2021-3930 | 3 Debian, Qemu, Redhat | 11 Debian Linux, Qemu, Advanced Virtualization and 8 more | 2024-11-21 | 6.5 Medium |
| An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition. | ||||