CVSS: 9.0EPSS: 0%CPEs: 19EXPL: 0CVE-2024-24474
https://notcve.org/view.php?id=CVE-2024-24474
20 Feb 2024 — QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len. QEMU anterior a 8.2.0 tiene un desbordamiento de número entero y un desbordamiento de búfer resultante, a través de un comando TI cuando una longitud de transferencia esperada que no es DMA es menor que la longitud de los datos FIFO disponibles... • https://gist.github.com/1047524396/5ce07b9d387095c276b1cd234ae5615e • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-26327 – QEMU: SR-IOV: improper validation of NumVFs leads to buffer overflow
https://notcve.org/view.php?id=CVE-2024-26327
19 Feb 2024 — An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations. Se descubrió un problema en QEMU 7.1.0 a 8.2.1. Register_vfs en hw/pci/pcie_sriov.c maneja mal la situación en la que un invitado escribe NumVF mayores que TotalVF, lo que provoca un desbordamiento del búfer en las implementaciones de VF. A flaw was found in the SR/IOV emulation support of QEMU... • https://lore.kernel.org/all/20240214-reuse-v4-5-89ad093a07f4%40daynix.com • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 6.0EPSS: 0%CPEs: 12EXPL: 0CVE-2024-26328
https://notcve.org/view.php?id=CVE-2024-26328
19 Feb 2024 — An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled. Se descubrió un problema en QEMU 7.1.0 a 8.2.1. Register_vfs en hw/pci/pcie_sriov.c no configura NumVFs en PCI_SRIOV_TOTAL_VF y, por lo tanto, la interacción con hw/nvme/ctrl.c no se maneja correctamente. • https://lore.kernel.org/all/20240213055345-mutt-send-email-mst%40kernel.org •
CVSS: 7.8EPSS: 0%CPEs: 39EXPL: 1CVE-2023-50868 – bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources
https://notcve.org/view.php?id=CVE-2023-50868
13 Feb 2024 — The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations. El aspecto Closest Encloser Proof del protocolo DNS (en RFC 5155 cuando se omite la guía RFC 9276) permite a a... • https://github.com/Goethe-Universitat-Cybersecurity/NSEC3-Encloser-Attack • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2023-45935
https://notcve.org/view.php?id=CVE-2023-45935
29 Jan 2024 — Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server. Se descubrió que Qt 6 a 6.6 contenía una desreferencia de puntero NULL mediante la función QXcbConnection::initializeAllAtoms(). NOTA: esto está en disputa porque no se espera que una aplicación X continúe ejecutándose cuando hay ... • http://seclists.org/fulldisclosure/2024/Jan/61 • CWE-476: NULL Pointer Dereference •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2023-45922
https://notcve.org/view.php?id=CVE-2023-45922
29 Jan 2024 — glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. Se descubrió que glx_pbuffer.c en Mesa 23.0.4 contenía una infracción de segmentación al llamar a __glXGetDrawableAttribute(). NOTA: esto está en disputa porque no hay situaciones comunes en las que los usuarios requieran una operación ininterru... • http://seclists.org/fulldisclosure/2024/Jan/50 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2023-45919
https://notcve.org/view.php?id=CVE-2023-45919
29 Jan 2024 — Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. Se descubrió que Mesa 23.0.4 contenía un búfer sobreleído en glXQueryServerString(). NOTA: esto está en disputa porque no hay situaciones comunes en las que los usuarios requieran una operación ininterrumpida con un servidor controlador de atacante. • http://seclists.org/fulldisclosure/2024/Jan/47 • CWE-126: Buffer Over-read •
CVSS: 6.2EPSS: 0%CPEs: 9EXPL: 0CVE-2023-45913
https://notcve.org/view.php?id=CVE-2023-45913
29 Jan 2024 — Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated. Se descubrió que Mesa v23.0.4 contenía una desreferencia de puntero NULL mediante la función dri2GetGlxDrawableFromXDrawableId(). Esta vulnerabilidad se ac... • http://seclists.org/fulldisclosure/2024/Jan/28 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 40EXPL: 0CVE-2024-20919 – OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
https://notcve.org/view.php?id=CVE-2024-20919
24 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, O... • https://www.oracle.com/security-alerts/cpujan2024.html • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 36EXPL: 0CVE-2024-20921 – OpenJDK: range check loop optimization issue (8314307)
https://notcve.org/view.php?id=CVE-2024-20921
24 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, O... • https://www.oracle.com/security-alerts/cpujan2024.html • CWE-20: Improper Input Validation CWE-276: Incorrect Default Permissions •