CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2024-21886 – Xorg-x11-server: heap buffer overflow in disabledevice
https://notcve.org/view.php?id=CVE-2024-21886
17 Jan 2024 — A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments. Se encontró una falla de desbordamiento de búfer de almacenamiento dinámico en la función DisableDevice en el servidor X.Org. Este problema puede provocar un bloqueo de la aplicación o, en algunas circunstancias, la ejecución remota de código en entornos de reenvío SSH X11. This vulnerability ... • https://access.redhat.com/errata/RHSA-2024:0320 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.8EPSS: 0%CPEs: 42EXPL: 0CVE-2023-5388 – nss: timing attack against RSA decryption
https://notcve.org/view.php?id=CVE-2023-5388
10 Jan 2024 — NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. NSS era susceptible a un ataque de canal lateral de sincronización al realizar el descifrado RSA. Este ataque podría permitir potencialmente que un atacante recupere los datos privados. • https://bugzilla.mozilla.org/show_bug.cgi?id=1780432 • CWE-208: Observable Timing Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-51775 – jose4j: denial of service via specially crafted JWE
https://notcve.org/view.php?id=CVE-2023-51775
25 Dec 2023 — The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. El componente jose4j anterior a 0.9.4 para Java permite a los atacantes provocar una denegación de servicio (consumo de CPU) mediante un valor grande de p2c (también conocido como PBES2 Count). A flaw was found in the jose.4.j (jose4j) library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parame... • https://bitbucket.org/b_c/jose4j/issues/212 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.0EPSS: 0%CPEs: 35EXPL: 0CVE-2023-51779 – kernel: bluetooth: bt_sock_ioctl race condition leads to use-after-free in bt_sock_recvmsg
https://notcve.org/view.php?id=CVE-2023-51779
25 Dec 2023 — bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition. bt_sock_recvmsg en net/bluetooth/af_bluetooth.c en el kernel de Linux hasta 6.6.8 tiene un use-after-free debido a una condición de ejecución bt_sock_ioctl. A flaw was found in the Bluetooth subsystem of the Linux kernel. A race condition between the bt_sock_recvmsg() and bt_sock_ioctl() functions could lead to a use-after-free on a socket buffer ("skb"). This fla... • https://github.com/torvalds/linux/commit/2e07e8348ea454615e268222ae3fc240421be768 • CWE-416: Use After Free •
CVSS: 6.2EPSS: 0%CPEs: 14EXPL: 0CVE-2023-39804
https://notcve.org/view.php?id=CVE-2023-39804
11 Dec 2023 — In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. En GNU tar anterior a 1.35, los atributos de extensión mal manejados en un archivo PAX pueden provocar un bloqueo de la aplicación en xheader.c. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079 •
CVSS: 10.0EPSS: 0%CPEs: 23EXPL: 0CVE-2023-44429 – GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44429
15 Nov 2023 — GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying ... • https://gstreamer.freedesktop.org/security/sa-2023-0009.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 39EXPL: 0CVE-2023-44446 – GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44446
15 Nov 2023 — GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • https://gstreamer.freedesktop.org/security/sa-2023-0010.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2023-4134 – Kernel: cyttsp4_core: use-after-free in cyttsp4_watchdog_work()
https://notcve.org/view.php?id=CVE-2023-4134
13 Nov 2023 — A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system, causing a denial of service. Se encontró una vulnerabilidad de use-after-free en el controlador cyttsp4_core del kernel de Linux. Este problema se produce en la rutina de limpieza del dispositivo debido a un posible rearme del watchdog_timer desde la cola... • https://access.redhat.com/security/cve/CVE-2023-4134 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2023-40474 – GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40474
27 Sep 2023 — GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before al... • https://gstreamer.freedesktop.org/security/sa-2023-0006.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0CVE-2023-40475 – GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40475
27 Sep 2023 — GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before al... • https://gstreamer.freedesktop.org/security/sa-2023-0007.html • CWE-190: Integer Overflow or Wraparound •