CVSS: 9.0EPSS: %CPEs: 10EXPL: 0CVE-2024-32614
https://notcve.org/view.php?id=CVE-2024-32614
14 May 2024 — HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c. La librería HDF5 hasta 1.14.3 tiene un SEGV en H5VM_memcpyvv en H5VM.c. • https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4 • CWE-125: Out-of-bounds Read •
CVSS: 5.7EPSS: %CPEs: 10EXPL: 0CVE-2024-32610
https://notcve.org/view.php?id=CVE-2024-32610
14 May 2024 — HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruction pointer. La librería HDF5 hasta la versión 1.14.3 tiene un SEGV en H5T_close_real en H5T.c, lo que genera un puntero de instrucción dañado. • https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4 • CWE-416: Use After Free •
CVSS: 5.7EPSS: %CPEs: 10EXPL: 0CVE-2024-29166
https://notcve.org/view.php?id=CVE-2024-29166
14 May 2024 — HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. HDF5 hasta 1.14.3 contiene un desbordamiento del búfer en H5O__linfo_decode, lo que provoca la corrupción del puntero de instrucción y provoca denegación de servicio o posible ejecución de código. • https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: %CPEs: 10EXPL: 0CVE-2024-29161
https://notcve.org/view.php?id=CVE-2024-29161
14 May 2024 — HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. HDF5 hasta 1.14.3 contiene un desbordamiento de búfer de almacenamiento dinámico en H5A__attr_release_table, lo que provoca la corrupción del puntero de instrucción y provoca denegación de servicio o posible ejecución de código. • https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.4EPSS: %CPEs: 10EXPL: 0CVE-2024-29158
https://notcve.org/view.php?id=CVE-2024-29158
14 May 2024 — HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. HDF5 hasta 1.14.3 contiene un desbordamiento de búfer en la región stack de la memoria en H5FL_arr_malloc, lo que provoca la corrupción del puntero de instrucción y provoca denegación de servicio o posible ejecución de código. • https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26306 – iperf3: vulnerable to marvin attack if the authentication option is used
https://notcve.org/view.php?id=CVE-2024-26306
13 May 2024 — iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario. iPerf3 anterior a 3.17, cuando se usa con OpenSSL anterior a 3.2.0 como servidor con autenticación RSA, permite un canal late... • https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc • CWE-203: Observable Discrepancy •
CVSS: 4.9EPSS: 0%CPEs: 25EXPL: 0CVE-2024-4317 – PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks
https://notcve.org/view.php?id=CVE-2024-4317
09 May 2024 — Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that versi... • https://www.postgresql.org/support/security/CVE-2024-4317 • CWE-862: Missing Authorization •
CVSS: 8.5EPSS: 0%CPEs: 14EXPL: 0CVE-2023-51794
https://notcve.org/view.php?id=CVE-2023-51794
26 Apr 2024 — Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69. Vulnerabilidad de desbordamiento de búfer en Ffmpeg v.N113007-g8d24a28d06 permite a un atacante local ejecutar código arbitrario a través de libavfilter/af_stereowiden.c:120:69. • https://trac.ffmpeg.org/ticket/10746 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2023-49502
https://notcve.org/view.php?id=CVE-2023-49502
19 Apr 2024 — Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. Vulnerabilidad de desbordamiento de búfer en Ffmpeg v.n6.1-3-g466799d4f5 permite a un atacante local ejecutar código arbitrario a través de la función ff_bwdif_filter_intra_c en el componente libavfilter/bwdifdsp.c:125:5. • https://github.com/FFmpeg/FFmpeg • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2023-50010
https://notcve.org/view.php?id=CVE-2023-50010
19 Apr 2024 — Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the set_encoder_id function in /fftools/ffmpeg_enc.c component. Vulnerabilidad de desbordamiento de búfer en Ffmpeg v.n6.1-3-g466799d4f5 permite a un atacante local ejecutar código arbitrario a través de la función set_encoder_id en el componente /fftools/ffmpeg_enc.c. • https://ffmpeg.org • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •