CVSS: 8.4EPSS: 0%CPEs: -EXPL: 0CVE-2023-52168
https://notcve.org/view.php?id=CVE-2023-52168
El controlador NTFS NtfsHandler.cpp en 7-Zip anterior a 24.01 (para 7zz) contiene un desbordamiento de búfer basado en montón que permite a un atacante sobrescribir dos bytes en múltiples desplazamientos más allá del tamaño de búfer asignado: búfer+512*i-2, para i =9, yo=10, yo=11, etc. • http://www.openwall.com/lists/oss-security/2024/07/03/10 https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3 https://sourceforge.net/p/sevenzip/bugs/2402 https://www.openwall.com/lists/oss-security/2024/07/03/10 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6453 – itsourcecode Farm Management System sql injection
https://notcve.org/view.php?id=CVE-2024-6453
NOTA: La presentación original solo mencionaba el parámetro pigno, pero el equipo de análisis de datos de VulDB determinó que dos parámetros adicionales también se verían afectados. • https://github.com/7u7777/cve/issues/3 https://vuldb.com/?ctiid.270241 https://vuldb.com/?id.270241 https://vuldb.com/?submit.367626 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24791 – Denial of service due to improper 100-continue handling in net/http
https://notcve.org/view.php?id=CVE-2024-24791
An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. ... This issue may render a connection invalid and cause a denial of service. • https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://pkg.go.dev/vuln/GO-2024-2963 https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39316 – Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
https://notcve.org/view.php?id=CVE-2024-39316
Starting in version 3.1.0 and prior to version 3.1.5, Regular Expression Denial of Service (ReDoS) vulnerability exists in the `Rack::Request::Helpers` module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted `Accept-Encoding` or `Accept-Language` headers, causing the server to spend excessive time processing the request and leading to a Denial of Service (DoS). The fix for CVE-2024-26146 was not applied to the main branch and thus while the issue was fixed for the Rack v3.0 release series, it was not fixed in the v3.1 release series until v3.1.5. • https://github.com/rack/rack/commit/412c980450ca729ee37f90a2661f166a9665e058 https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f https://github.com/rack/rack/security/advisories/GHSA-cj83-2ww7-mvq7 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-4467 – Qemu-kvm: 'qemu-img info' leads to host file read/write
https://notcve.org/view.php?id=CVE-2024-4467
A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file. • http://www.openwall.com/lists/oss-security/2024/07/23/2 https://access.redhat.com/errata/RHSA-2024:4276 https://access.redhat.com/errata/RHSA-2024:4277 https://access.redhat.com/errata/RHSA-2024:4278 https://access.redhat.com/errata/RHSA-2024:4372 https://access.redhat.com/errata/RHSA-2024:4373 https://access.redhat.com/errata/RHSA-2024:4374 https://access.redhat.com/errata/RHSA-2024:4420 https://access.redhat.com/errata/RHSA-2024:4724 https://access.redhat.com& • CWE-400: Uncontrolled Resource Consumption •