CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2024-0232 – Sqlite: use-after-free bug in jsonparseaddnodearray
https://notcve.org/view.php?id=CVE-2024-0232
A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service. Se identificó un problema de uso después de la liberación del montón en SQLite en la función jsonParseAddNodeArray() en sqlite3.c. Este fallo permite que un atacante local aproveche a una víctima para que pase entradas maliciosas especialmente manipuladas a la aplicación, lo que podría provocar un fallo y provocar una denegación de servicio. • https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7 https://security.netapp.com/advisory/ntap-20240315-0007 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2024-0553 – Gnutls: incomplete fix for cve-2023-5981
https://notcve.org/view.php?id=CVE-2024-0553
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981. Se encontró una vulnerabilidad en GnuTLS. • http://www.openwall.com/lists/oss-security/2024/01/19/3 https://access.redhat.com/errata/RHSA-2024:0533 https://access.redhat.com/errata/RHSA-2024:0627 https://access.redhat.com/errata/RHSA-2024:0796 https://access.redhat.com/errata/RHSA-2024:1082 https://access.redhat.com/errata/RHSA-2024:1108 https://access.redhat.com/errata/RHSA-2024:1383 https://access.redhat.com/errata/RHSA-2024:2094 https://access.redhat.com/security/cve/CVE-2024-0553 https://bugzilla.red • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-0562 – Kernel: use-after-free after removing device in wb_inode_writeback_end in mm/page-writeback.c
https://notcve.org/view.php?id=CVE-2024-0562
A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_writeback. Se encontró un fallo de use after free en el kernel de Linux. Cuando se elimina un disco, se llama a bdi_unregister para detener la reescritura adicional y espera a que se complete el trabajo retrasado asociado. • https://access.redhat.com/errata/RHSA-2024:0412 https://access.redhat.com/security/cve/CVE-2024-0562 https://bugzilla.redhat.com/show_bug.cgi?id=2258475 https://patchwork.kernel.org/project/linux-mm/patch/20220801155034.3772543-1-khazhy@google.com • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4001 – Grub2: bypass the grub password protection feature
https://notcve.org/view.php?id=CVE-2023-4001
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package. Se encontró un fallo de omisión de autenticación en GRUB debido a la forma en que GRUB usa el UUID de un dispositivo para buscar el archivo de configuración que contiene el hash de contraseña para la función de protección de contraseña de GRUB. Un atacante capaz de conectar una unidad externa, como una memoria USB que contenga un sistema de archivos con un UUID duplicado (el mismo que en el sistema de archivos "/boot/") puede omitir la función de protección con contraseña GRUB en los sistemas UEFI, que enumeran unidades extraíbles. antes que los no removibles. • http://www.openwall.com/lists/oss-security/2024/01/15/3 https://access.redhat.com/errata/RHSA-2024:0437 https://access.redhat.com/errata/RHSA-2024:0456 https://access.redhat.com/errata/RHSA-2024:0468 https://access.redhat.com/security/cve/CVE-2023-4001 https://bugzilla.redhat.com/show_bug.cgi?id=2224951 https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject& • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6915 – Kernel: null pointer dereference vulnerability in ida_free in lib/idr.c
https://notcve.org/view.php?id=CVE-2023-6915
A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return. Se encontró un problema de desreferencia de puntero null en ida_free en lib/idr.c en el kernel de Linux. Este problema puede permitir que un atacante que utilice esta librería cause un problema de denegación de servicio debido a una verificación faltante en el retorno de una función. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2023-6915 https://bugzilla.redhat.com/show_bug.cgi?id=2254982 https://github.com/torvalds/linux/commit/af73483f4e8b6f5c68c9aa63257bdd929a9c194a https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html • CWE-476: NULL Pointer Dereference •