CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 1CVE-2024-45492 – libexpat: integer overflow
https://notcve.org/view.php?id=CVE-2024-45492
30 Aug 2024 — An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX. Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. Versions greater than or equal... • https://github.com/nidhihcl75/external_expat_2.6.2_CVE-2024-45492 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2024-44070 – Ubuntu Security Notice USN-7016-1
https://notcve.org/view.php?id=CVE-2024-44070
19 Aug 2024 — An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value. Iggy Frankovic discovered that FRR incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. It was discovered that FRR re-validated all routes in certain instances when the internal socket's buffer size overfl... • https://github.com/FRRouting/frr/pull/16497 •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2023-42667 – Ubuntu Security Notice USN-6967-1
https://notcve.org/view.php?id=CVE-2023-42667
14 Aug 2024 — Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. It was discovered that some Intel® Coreâ„¢ Ultra Processors did not properly isolate the stream cache. A local authenticated user could potentially use this to escalate their privileges. It was discovered that some Intel® Processors did not properly isolate the stream cache. A local authenticated user could potentially use t... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html • CWE-1189: Improper Isolation of Shared Resources on System-on-a-Chip (SoC) •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-49141 – Ubuntu Security Notice USN-6967-1
https://notcve.org/view.php?id=CVE-2023-49141
14 Aug 2024 — Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. It was discovered that some Intel® Coreâ„¢ Ultra Processors did not properly isolate the stream cache. A local authenticated user could potentially use this to escalate their privileges. It was discovered that some Intel® Processors did not properly isolate the stream cache. A local authenticated user could potentially use this to escala... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html • CWE-1189: Improper Isolation of Shared Resources on System-on-a-Chip (SoC) •
CVSS: 7.3EPSS: 0%CPEs: 16EXPL: 0CVE-2024-24853 – Ubuntu Security Notice USN-6967-1
https://notcve.org/view.php?id=CVE-2024-24853
14 Aug 2024 — Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. It was discovered that some Intel® Coreâ„¢ Ultra Processors did not properly isolate the stream cache. A local authenticated user could potentially use this to escalate their privileges. It was discovered that some Intel® Processors did not properly isolate the stream cache. A local authen... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html • CWE-696: Incorrect Behavior Order •
CVSS: 6.9EPSS: 0%CPEs: 15EXPL: 0CVE-2024-24980 – Ubuntu Security Notice USN-6967-1
https://notcve.org/view.php?id=CVE-2024-24980
14 Aug 2024 — Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. It was discovered that some Intel® Coreâ„¢ Ultra Processors did not properly isolate the stream cache. A local authenticated user could potentially use this to escalate their privileges. It was discovered that some Intel® Processors did not properly isolate the stream cache. A local authenticated user could potentiall... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html • CWE-693: Protection Mechanism Failure •
CVSS: 6.7EPSS: 0%CPEs: 15EXPL: 0CVE-2024-25939 – Ubuntu Security Notice USN-6967-1
https://notcve.org/view.php?id=CVE-2024-25939
14 Aug 2024 — Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. It was discovered that some Intel® Coreâ„¢ Ultra Processors did not properly isolate the stream cache. A local authenticated user could potentially use this to escalate their privileges. It was discovered that some Intel® Processors did not properly isolate the stream cache. A local authenticated user could potentially use ... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html • CWE-1251: Mirrored Regions with Different Values •
CVSS: 7.8EPSS: 1%CPEs: 24EXPL: 0CVE-2024-7006 – Libtiff: null pointer dereference in tif_dirinfo.c
https://notcve.org/view.php?id=CVE-2024-7006
08 Aug 2024 — A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service. USN-6997-1 fixed a vulnerability in LibTIFF. This update provides the corresponding updates for Ubuntu 14.04 LTS. • https://access.redhat.com/security/cve/CVE-2024-7006 • CWE-476: NULL Pointer Dereference CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 4.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43168 – Unbound: heap-buffer-overflow in unbound
https://notcve.org/view.php?id=CVE-2024-43168
08 Aug 2024 — A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system. DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NL... • https://access.redhat.com/security/cve/CVE-2024-43168 • CWE-122: Heap-based Buffer Overflow •
CVSS: 2.8EPSS: 0%CPEs: 15EXPL: 0CVE-2024-43167 – Unbound: null pointer dereference in unbound
https://notcve.org/view.php?id=CVE-2024-43167
08 Aug 2024 — A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly. DISPUTE NOTE: this issue does not pose ... • https://access.redhat.com/security/cve/CVE-2024-43167 • CWE-476: NULL Pointer Dereference •