Page 10 of 1562 results (0.005 seconds)

CVSS: 5.6EPSS: 0%CPEs: 15EXPL: 0

16 Sep 2024 — Improper finite state machines (FSMs) in hardware logic in some Intel(R) Processors may allow an privileged user to potentially enable a denial of service via local access. A flaw was found in intel Processors. Improper finite state machines (FSMs) in hardware logic in some Intel(R) Processors may allow an privileged user to enable a denial of service via local access. Avraham Shalev and Nagaraju N Kodalapura discovered that some Intel Xeon processors did not properly restrict access to the memory controlle... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01097.html • CWE-1245: Improper Finite State Machines (FSMs) in Hardware Logic •

CVSS: 3.4EPSS: 0%CPEs: 9EXPL: 0

10 Sep 2024 — A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution. Se encontró una vulnerabilidad de desbordamiento de búfer en el montón en el controlador OpenPGP de libopensc. Un dispositivo USB o una tarjeta inteligente creados con respuestas maliciosas a las APDU durante... • https://access.redhat.com/security/cve/CVE-2024-8443 • CWE-122: Heap-based Buffer Overflow •

CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0

06 Sep 2024 — When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2. A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. Multiple vulnerabilities have been discovered in Spidermonkey,... • https://bugzilla.mozilla.org/show_bug.cgi?id=1895737 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

04 Sep 2024 — An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. A flaw was found in Python's Django urlize() and urlizetrunc() functions. Excessive input with a specific sequence of characters may lead to denial of service. It was discovered that Django incorrectly handled certain inputs. • https://docs.djangoproject.com/en/dev/releases/security • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

04 Sep 2024 — An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing). It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. It was discovered that Django... • https://docs.djangoproject.com/en/dev/releases/security • CWE-203: Observable Discrepancy •

CVSS: 3.9EPSS: 0%CPEs: 8EXPL: 0

03 Sep 2024 — A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. • https://access.redhat.com/security/cve/CVE-2024-45620 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 0

03 Sep 2024 — A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. • https://access.redhat.com/security/cve/CVE-2024-45619 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 3.9EPSS: 0%CPEs: 8EXPL: 0

03 Sep 2024 — A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. • https://access.redhat.com/security/cve/CVE-2024-45618 • CWE-457: Use of Uninitialized Variable •

CVSS: 3.9EPSS: 0%CPEs: 8EXPL: 0

03 Sep 2024 — A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a s... • https://access.redhat.com/security/cve/CVE-2024-45617 • CWE-457: Use of Uninitialized Variable •

CVSS: 3.9EPSS: 0%CPEs: 8EXPL: 0

03 Sep 2024 — A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a s... • https://access.redhat.com/security/cve/CVE-2024-45616 • CWE-457: Use of Uninitialized Variable •