CVSS: 5.9EPSS: 3%CPEs: 8EXPL: 3CVE-2024-31497 – Gentoo Linux Security Advisory 202407-11
https://notcve.org/view.php?id=CVE-2024-31497
15 Apr 2024 — In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forw... • https://github.com/sh1k4ku/CVE-2024-31497 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 7.8EPSS: 88%CPEs: 5EXPL: 2CVE-2024-27316 – Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames
https://notcve.org/view.php?id=CVE-2024-27316
04 Apr 2024 — HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion. Los encabezados entrantes HTTP/2 que exceden el límite se almacenan temporalmente en nghttp2 para generar una respuesta HTTP 413 informativa. Si un cliente no deja de enviar encabezados, esto provoca que se agote la memoria. A vulnerability was found in how Apache httpd implements the HTTP/2 protocol... • https://github.com/lockness-Ko/CVE-2024-27316 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-2631 – Debian Security Advisory 5648-1
https://notcve.org/view.php?id=CVE-2024-2631
20 Mar 2024 — Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) La implementación inapropiada en iOS en Google Chrome anterior a 123.0.6312.58 permitió a un atacante remoto realizar una suplantación de interfaz de usuario a través de una página HTML manipulada. (Severidad de seguridad de Chrome: baja) Security issues were discovered in Chromium, which could result in the execution of arbit... • https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2024-2630 – Debian Security Advisory 5648-1
https://notcve.org/view.php?id=CVE-2024-2630
20 Mar 2024 — Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) La implementación inadecuada en iOS en Google Chrome anterior a 123.0.6312.58 permitió a un atacante remoto filtrar datos de orígenes cruzados a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media) Security issues were discovered in Chromium, which could result in the execution of arbitrary c... • https://github.com/Roud-Roud-Agency/CVE-2024-26304-RCE-exploits • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-2629 – Debian Security Advisory 5648-1
https://notcve.org/view.php?id=CVE-2024-2629
20 Mar 2024 — Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) La interfaz de usuario de seguridad incorrecta en iOS en Google Chrome anterior a 123.0.6312.58 permitió a un atacante remoto realizar una suplantación de la interfaz de usuario a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media) Security issues were discovered in Chromium, which could result in the... • https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-2628 – Debian Security Advisory 5648-1
https://notcve.org/view.php?id=CVE-2024-2628
20 Mar 2024 — Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium) La implementación inapropiada en Descargas en Google Chrome anterior a 123.0.6312.58 permitió a un atacante remoto realizar una suplantación de interfaz de usuario a través de una URL manipulada. (Severidad de seguridad de Chromium: media) Security issues were discovered in Chromium, which could result in the execution of a... • https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html • CWE-474: Use of Function with Inconsistent Implementations •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-2627 – Debian Security Advisory 5648-1
https://notcve.org/view.php?id=CVE-2024-2627
20 Mar 2024 — Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) El uso gratuito en Canvas en Google Chrome anterior a 123.0.6312.58 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media) Security issues were discovered in Chromium, which could result in the execution of arbit... • https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-2626 – Debian Security Advisory 5648-1
https://notcve.org/view.php?id=CVE-2024-2626
20 Mar 2024 — Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) La lectura fuera de los límites en Swiftshader en Google Chrome anterior a 123.0.6312.58 permitía a un atacante remoto realizar acceso a memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media) Security issues were discovered in Chromium, which could resu... • https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2024-2625 – Debian Security Advisory 5648-1
https://notcve.org/view.php?id=CVE-2024-2625
20 Mar 2024 — Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) El problema del ciclo de vida de los objetos en V8 en Google Chrome anterior a 123.0.6312.58 permitía a un atacante remoto explotar potencialmente la corrupción de objetos a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Security issues were discovered in Chromium, which could result... • https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2024-24246 – Ubuntu Security Notice USN-6713-1
https://notcve.org/view.php?id=CVE-2024-24246
29 Feb 2024 — Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h. La vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en qpdf 11.9.0 permite a los atacantes bloquear la aplicación a través de la función std::__shared_count() en /bits/shared_ptr_base.h. It was discovered that QPDF incorrectly handled certain memory operations when decoding JSON files. If a user or automated system were tricked int... • https://github.com/qpdf/qpdf/issues/1123 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •