CVSS: 5.3EPSS: 0%CPEs: 13EXPL: 0CVE-2023-6681 – Jwcrypto: denail of service via specifically crafted jwe
https://notcve.org/view.php?id=CVE-2023-6681
12 Feb 2024 — A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack. Se encontró una vulnerabilidad en JWCrypto. Esta falla permite que un atacante provoque un ataque de denegación de servicio (DoS) y posibles ataques de fuerza bruta y diccionario de contraseñas que consuman m... • https://access.redhat.com/errata/RHSA-2024:3267 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 23EXPL: 0CVE-2024-25744 – kernel: untrusted VMM can trigger int80 syscall handling
https://notcve.org/view.php?id=CVE-2024-25744
12 Feb 2024 — In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. En el kernel de Linux anterior a 6.6.7, un VMM que no es de confianza puede activar el manejo de llamadas al sistema int80 en cualquier punto dado. Esto está relacionado con arch/x86/coco/tdx/tdx.c y arch/x86/mm/mem_encrypt_amd.c. A flaw was found in the Linux kernel. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.7 •
CVSS: 5.5EPSS: 0%CPEs: 29EXPL: 0CVE-2024-1151 – Kernel: stack overflow problem in open vswitch kernel module leading to dos
https://notcve.org/view.php?id=CVE-2024-1151
11 Feb 2024 — A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues. Se informó una vulnerabilidad en el subcomponente Open vSwitch del kernel de Linux. • https://access.redhat.com/errata/RHSA-2024:4823 • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0444 – GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-0444
29 Jan 2024 — GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f368d63ecd89e01fd2cf0b1c4def5fc782b2c390 • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 40EXPL: 0CVE-2024-20919 – OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
https://notcve.org/view.php?id=CVE-2024-20919
24 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, O... • https://www.oracle.com/security-alerts/cpujan2024.html • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 36EXPL: 0CVE-2024-20921 – OpenJDK: range check loop optimization issue (8314307)
https://notcve.org/view.php?id=CVE-2024-20921
24 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, O... • https://www.oracle.com/security-alerts/cpujan2024.html • CWE-20: Improper Input Validation CWE-276: Incorrect Default Permissions •
CVSS: 5.1EPSS: 0%CPEs: 36EXPL: 0CVE-2024-20945 – OpenJDK: logging of digital signature private keys (8316976)
https://notcve.org/view.php?id=CVE-2024-20945
24 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Ente... • https://www.oracle.com/security-alerts/cpujan2024.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0CVE-2024-0229 – Xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
https://notcve.org/view.php?id=CVE-2024-0229
17 Jan 2024 — An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments. Se encontró una falla de acceso a la memoria fuera de los límites en el servidor X.Org. Este problema puede desencadenarse cuando un dispositivo congelado po... • https://access.redhat.com/errata/RHSA-2024:0320 • CWE-787: Out-of-bounds Write CWE-788: Access of Memory Location After End of Buffer •
CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0CVE-2024-21885 – Xorg-x11-server: heap buffer overflow in xisenddevicehierarchyevent
https://notcve.org/view.php?id=CVE-2024-21885
17 Jan 2024 — A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments. Se encontró una falla en el servidor X.Org. En la función XISendDeviceHierarchyEvent, es posible exceder la longitud de la matriz asignada cuando se agregan cier... • https://access.redhat.com/errata/RHSA-2024:0320 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2024-21886 – Xorg-x11-server: heap buffer overflow in disabledevice
https://notcve.org/view.php?id=CVE-2024-21886
17 Jan 2024 — A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments. Se encontró una falla de desbordamiento de búfer de almacenamiento dinámico en la función DisableDevice en el servidor X.Org. Este problema puede provocar un bloqueo de la aplicación o, en algunas circunstancias, la ejecución remota de código en entornos de reenvío SSH X11. This vulnerability ... • https://access.redhat.com/errata/RHSA-2024:0320 • CWE-122: Heap-based Buffer Overflow •