CVSS: 7.6EPSS: 0%CPEs: 35EXPL: 0CVE-2024-2608 – Mozilla: Integer overflow could have led to out of bounds write
https://notcve.org/view.php?id=CVE-2024-2608
19 Mar 2024 — `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` y `AppendEncodedCharacters()` podrían haber experimentado desbordamientos de enteros, lo que provocó una asignación insuficiente de un bú... • https://bugzilla.mozilla.org/show_bug.cgi?id=1880692 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0CVE-2024-2496 – Libvirt: null pointer dereference in udevconnectlistallinterfaces()
https://notcve.org/view.php?id=CVE-2024-2496
18 Mar 2024 — A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash. Se encontró una falla de desreferencia de puntero NULL en la función udevConnectListAllInterfaces() en libvirt. Este problema puede ocurrir al desconectar una int... • https://access.redhat.com/errata/RHSA-2024:2236 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-2002 – Libdwarf: crashes randomly on fuzzed object
https://notcve.org/view.php?id=CVE-2024-2002
18 Mar 2024 — A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results. Se encontró una vulnerabilidad de doble liberación en libdwarf. En un objeto DWARF multicorrupto, libdwarf puede intentar desasignar (liberar) una asignación dos veces, lo que podría provocar resultados diversos e impredecibles. • https://access.redhat.com/security/cve/CVE-2024-2002 • CWE-415: Double Free •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-7250 – Iperf3: possible denial of service
https://notcve.org/view.php?id=CVE-2023-7250
18 Mar 2024 — A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service. Se encontró una falla en iperf, una utilidad para probar el rendimiento de la red mediante TCP, UDP y SCTP. Un cliente... • https://access.redhat.com/errata/RHSA-2024:4241 • CWE-183: Permissive List of Allowed Inputs •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-1013 – Unixodbc: out of bounds stack write due to pointer-to-integer types conversion
https://notcve.org/view.php?id=CVE-2024-1013
18 Mar 2024 — An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken. Se encontró una falla de escritura de pila fuera de los límites en unixODBC en arquitecturas de 64 bits donde la persona que llama tiene 4 bytes y la persona que llama escribe 8 bytes. Este problema puede pasar desapercibido en las arquitecturas little-endian, mientras ... • https://access.redhat.com/security/cve/CVE-2024-1013 • CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-39368 – kernel: Possible Denial of Service on Intel(R) Processors
https://notcve.org/view.php?id=CVE-2023-39368
14 Mar 2024 — Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access. La falla del mecanismo de protección del regulador de bloqueo del bus para algunos procesadores Intel(R) puede permitir que un usuario no autenticado habilite potencialmente la denegación de servicio a través del acceso a la red. A vulnerability was found in the bus lock regulator mechanism for some Intel processors models. This issue m... • https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html • CWE-693: Protection Mechanism Failure •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2023-38575 – kernel: Local information disclosure in some Intel(R) processors
https://notcve.org/view.php?id=CVE-2023-38575
14 Mar 2024 — Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. El intercambio no transparente de objetivos de predicción de retorno entre contextos en algunos procesadores Intel(R) puede permitir que un usuario autorizado habilite potencialmente la divulgación de información a través del acceso local. A vulnerability was found in some Intel processors that may allow a malicious actor... • https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html • CWE-1303: Non-Transparent Sharing of Microarchitectural Resources •
CVSS: 5.7EPSS: 0%CPEs: 14EXPL: 2CVE-2024-2193 – Speculative Race Condition impacts modern CPU architectures that support speculative execution, also known as GhostRace.
https://notcve.org/view.php?id=CVE-2024-2193
13 Mar 2024 — A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths. Se ha revelado una vulnerabilidad de condición de ejecución especulativa (SRC) que afecta a las arquitecturas de CPU modernas que admiten la ejecución especulativa (relacionada c... • https://github.com/vusec/ghostrace • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 1CVE-2024-1441 – Libvirt: off-by-one error in udevlistinterfacesbystatus()
https://notcve.org/view.php?id=CVE-2024-1441
11 Mar 2024 — An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash. Se encontró una falla de error uno por uno en la función udevListInterfacesByStatus() en libvirt cuando el número de interfaces excede el tamaño de la matri... • https://github.com/almkuznetsov/CVE-2024-1441 • CWE-193: Off-by-one Error •
CVSS: 2.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2314 – bcc: unprivileged users can force loading of compromised linux headers
https://notcve.org/view.php?id=CVE-2024-2314
10 Mar 2024 — If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. Si es necesario extraer los encabezados del kernel, bcc intentará cargarlos desde un directorio temporal. Un atacante sin privilegios podría usar esto para obligar a bcc a cargar encabezados de Linux comprometidos. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314 • CWE-284: Improper Access Control •