CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26929 – scsi: qla2xxx: Fix double free of fcport
https://notcve.org/view.php?id=CVE-2024-26929
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: scsi: qla2xxx: Corrección doble liberación de fcport El servidor fallaba después de LOGO porque fcport se liberaba dos veces. -----------[ cortar aquí ]----------- ¡ERROR del kernel en mm/slub.c:371! • https://git.kernel.org/stable/c/b03e626bd6d3f0684f56ee1890d70fc9ca991c04 https://git.kernel.org/stable/c/282877633b25d67021a34169c5b5519b1d4ef65e https://git.kernel.org/stable/c/f85af9f1aa5e2f53694a6cbe72010f754b5ff862 https://git.kernel.org/stable/c/9b43d2884b54d415caab48878b526dfe2ae9921b https://git.kernel.org/stable/c/846fb9f112f618ec6ae181d8dae7961652574774 https://git.kernel.org/stable/c/82f522ae0d97119a43da53e0f729275691b9c525 https://access.redhat.com/security/cve/CVE-2024-26929 https://bugzilla.redhat.com/show_bug.cgi?id=2278250 • CWE-415: Double Free •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-33431
https://notcve.org/view.php?id=CVE-2024-33431
An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a denial of service via a crafted .wav file. • https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.assets/image-20240420004701828.png https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.md https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/poc/I0I72U~G https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1 https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1/poc https://github.com&#x • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-25355
https://notcve.org/view.php?id=CVE-2024-25355
s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component. s3-url-parser 1.0.3 es vulnerable a la denegación de servicio a través del componente de expresiones regulares. • https://gist.github.com/6en6ar/a4977866c59cbcfc716f0f2717b812bf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32970 – Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
https://notcve.org/view.php?id=CVE-2024-32970
Desde las dos últimas vulnerabilidades https://github.com/phlex-ruby/phlex/security/advisories/GHSA-242p-4v39-2v8g y https://github.com/phlex-ruby/phlex/security/advisories/GHSA -g7xq-xv8c-h98c, hemos invertido en pruebas exhaustivas del navegador. • https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#unsafe-inline https://github.com/payloadbox/xss-payload-list https://github.com/phlex-ruby/phlex/commit/da8f94342a84cff9d78c98bcc3b3604ee2e577d2 https://github.com/phlex-ruby/phlex/security/advisories/GHSA-9p57-h987-4vgx https://rubygems.org/gems/phlex • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-4340 – Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.
https://notcve.org/view.php?id=CVE-2024-4340
Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError. ... This issue occurs in a heavily nested list in sqlparse.parse(), where a recursion error may be triggered, which can lead to a denial of service. • https://github.com/advisories/GHSA-2m57-hf25-phgg https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0b42a2cf03 https://research.jfrog.com/vulnerabilities/sqlparse-stack-exhaustion-dos-jfsa-2024-001031292 https://access.redhat.com/security/cve/CVE-2024-4340 https://bugzilla.redhat.com/show_bug.cgi? • CWE-674: Uncontrolled Recursion •