CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3651 – Denial of Service via Quadratic Complexity in kjd/idna
https://notcve.org/view.php?id=CVE-2024-3651
The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. ... A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service. • https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52779 – fs: Pass AT_GETATTR_NOSEC flag to getattr interface function
https://notcve.org/view.php?id=CVE-2023-52779
En overlayfs y ecryptfs use este indicador para determinar cuál de las dos funciones llamar. • https://git.kernel.org/stable/c/db1d1e8b9867aae5c3e61ad7859abfcc4a6fd6c7 https://git.kernel.org/stable/c/3fb0fa08641903304b9d81d52a379ff031dc41d4 https://git.kernel.org/stable/c/8a924db2d7b5eb69ba08b1a0af46e9f1359a9bdf •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52761 – riscv: VMAP_STACK overflow detection thread-safe
https://notcve.org/view.php?id=CVE-2023-52761
Si dos CPU/harts están corriendo y terminan en una pila de kernel desbordada, uno o ambos terminarán corrompiendo el estado del otro porque `shadow_stack` no es por CPU. • https://git.kernel.org/stable/c/1493baaf09e3c1899959c8a107cd1207e16d1788 https://git.kernel.org/stable/c/eff53aea3855f71992c043cebb1c00988c17ee20 https://git.kernel.org/stable/c/be97d0db5f44c0674480cb79ac6f5b0529b84c76 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52754 – media: imon: fix access to invalid resource for the second interface
https://notcve.org/view.php?id=CVE-2023-52754
El controlador imon prueba dos interfaces USB y, en la prueba de la segunda interfaz, el controlador asume ciegamente que la primera interfaz obtuvo atado con el mismo conductor imon. • https://git.kernel.org/stable/c/0f5068519f89d928d6c51100e4b274479123829f https://git.kernel.org/stable/c/5e0b788fb96be36d1baf1a5c88d09c7c82a0452a https://git.kernel.org/stable/c/b083aaf5db2eeca9e362723258e5d8698f7dd84e https://git.kernel.org/stable/c/10ec5a97f8f5a772a1a42b4eb27196b447cd3aa9 https://git.kernel.org/stable/c/2a493a34bd6e496c55fabedd82b957193ace178f https://git.kernel.org/stable/c/a1766a4fd83befa0b34d932d532e7ebb7fab1fa7 •
CVSS: 4.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52740 – powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch
https://notcve.org/view.php?id=CVE-2023-52740
Si la condición cambia entre estas dos pruebas, el estado de la máscara suave MSR e irq se dañará, lo que generará advertencias y posibles fallas. • https://git.kernel.org/stable/c/13799748b957bc5659f97c036224b0f4b42172e2 https://git.kernel.org/stable/c/86f7e423933608d536015a0f2eb9e0338c1227e0 https://git.kernel.org/stable/c/6f097c24815e67909a1fcc2c605586d02babd673 https://git.kernel.org/stable/c/2ea31e2e62bbc4d11c411eeb36f1b02841dbcab1 https://access.redhat.com/security/cve/CVE-2023-52740 https://bugzilla.redhat.com/show_bug.cgi?id=2282741 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •