CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-40779 – webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking
https://notcve.org/view.php?id=CVE-2024-40779
Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service. • https://support.apple.com/en-us/HT214121 https://support.apple.com/en-us/HT214117 https://support.apple.com/en-us/HT214116 https://support.apple.com/en-us/HT214124 https://support.apple.com/en-us/HT214119 https://support.apple.com/en-us/HT214123 https://support.apple.com/en-us/HT214122 http://seclists.org/fulldisclosure/2024/Jul/16 http://seclists.org/fulldisclosure/2024/Jul/15 http://seclists.org/fulldisclosure/2024/Jul/23 http://seclists.org/fulldisclosure/202 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41818 – ReDOS at currency parsing fast-xml-parser
https://notcve.org/view.php?id=CVE-2024-41818
A regular expression denial of service (ReDoS) flaw was found in fast-xml-parser in the currency.js script. By sending a specially crafted regex input, a remote attacker could cause a denial of service condition. • https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-mpg4-rc92-vx8v https://github.com/NaturalIntelligence/fast-xml-parser/commit/ba5f35e7680468acd7906eaabb2f69e28ed8b2aa https://github.com/NaturalIntelligence/fast-xml-parser/commit/d0bfe8a3a2813a185f39591bbef222212d856164 https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/src/v5/valueParsers/currency.js#L10 https://access.redhat.com/security/cve/CVE-2024-41818 https://bugzilla.redhat.com/show_bug.cgi?id=2300499 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41091 – tun: add missing verification for short frame
https://notcve.org/view.php?id=CVE-2024-41091
Once transmitted, this could either cause out-of-bound access beyond the actual length, or confuse the underlayer with incorrect or inconsistent header length in the skb metadata. In the alternative path, tun_get_user() already prohibits short frame which has the length less than Ethernet header size from being transmitted for IFF_TAP. This is to drop any frame shorter than the Ethernet header size just like how tun_get_user() does. CVE: CVE-2024-41091 A denial of service (DoS) attack was found in the mlx5 driver in the Linux kernel. • https://git.kernel.org/stable/c/043d222f93ab8c76b56a3b315cd8692e35affb6c https://git.kernel.org/stable/c/32b0aaba5dbc85816898167d9b5d45a22eae82e9 https://git.kernel.org/stable/c/6100e0237204890269e3f934acfc50d35fd6f319 https://git.kernel.org/stable/c/589382f50b4a5d90d16d8bc9dcbc0e927a3e39b2 https://git.kernel.org/stable/c/ad6b3f622ccfb4bfedfa53b6ebd91c3d1d04f146 https://git.kernel.org/stable/c/d5ad89b7d01ed4e66fd04734fc63d6e78536692a https://git.kernel.org/stable/c/a9d1c27e2ee3b0ea5d40c105d6e728fc114470bb https://git.kernel.org/stable/c/8418f55302fa1d2eeb73e16e345167e54 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41090 – tap: add missing verification for short frame
https://notcve.org/view.php?id=CVE-2024-41090
Once transmitted, this could either cause out-of-bound access beyond the actual length, or confuse the underlayer with incorrect or inconsistent header length in the skb metadata. In the alternative path, tap_get_user() already prohibits short frame which has the length less than Ethernet header size from being transmitted. This is to drop any frame shorter than the Ethernet header size just like how tap_get_user() does. CVE: CVE-2024-41090 A denial of service (DoS) attack was found in the mlx5 driver in the Linux kernel. • https://git.kernel.org/stable/c/0efac27791ee068075d80f07c55a229b1335ce12 https://git.kernel.org/stable/c/8be915fc5ff9a5e296f6538be12ea75a1a93bdea https://git.kernel.org/stable/c/7431144b406ae82807eb87d8c98e518475b0450f https://git.kernel.org/stable/c/e5e5e63c506b93b89b01f522b6a7343585f784e6 https://git.kernel.org/stable/c/ee93e6da30377cf2a75e16cd32bb9fcd86a61c46 https://git.kernel.org/stable/c/aa6a5704cab861c9b2ae9f475076e1881e87f5aa https://git.kernel.org/stable/c/73d462a38d5f782b7c872fe9ae8393d9ef5483da https://git.kernel.org/stable/c/e1a786b9bbb767fd1c922d424aaa8078c • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-7235 – AVG AntiVirus Free Link Following Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-7235
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG Service. By creating a symbolic link, an attacker can abuse the service to create a folder. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. •