CVSS: 6.1EPSS: 1%CPEs: 36EXPL: 0CVE-2024-5690 – Mozilla: External protocol handlers leaked by timing attack
https://notcve.org/view.php?id=CVE-2024-5690
11 Jun 2024 — By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Al monitorear el tiempo que toman ciertas operaciones, un atacante podría haber adivinado qué controladores de protocolos externos eran funcionales en el sistema de un usuario. Esta vulnerabilidad afecta a Firefox < 127 y Firefox ESR < 115.12. The Mozilla Foundation S... • https://bugzilla.mozilla.org/show_bug.cgi?id=1883693 • CWE-203: Observable Discrepancy CWE-385: Covert Timing Channel •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36048 – openSUSE Security Advisory - openSUSE-SU-2024:0143-1
https://notcve.org/view.php?id=CVE-2024-36048
18 May 2024 — QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values. QAbstractOAuth en Qt Network Authorization en Qt antes de 5.15.17, 6.x antes de 6.2.13, 6.3.x hasta 6.5.x antes de 6.5.6 y 6.6.x hasta 6.7.x antes de 6.7.1 usa solo el tiempo de inicialización PRNG, lo que puede dar como resultado valores adivinables. An update that fixes one vulne... • https://codereview.qt-project.org/c/qt/qtnetworkauth/+/560317 • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35313
https://notcve.org/view.php?id=CVE-2024-35313
17 May 2024 — In Tor Arti before 1.2.3, circuits sometimes incorrectly have a length of 3 (with full vanguards), aka TROVE-2024-004. En Tor Arti anterior a 1.2.3, los circuitos a veces tienen incorrectamente una longitud de 3 (con vanguardias completas), también conocido como TROVE-2024-004. • https://gitlab.torproject.org/tpo/core/arti/-/issues/1400 • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35312
https://notcve.org/view.php?id=CVE-2024-35312
17 May 2024 — In Tor Arti before 1.2.3, STUB circuits incorrectly have a length of 2 (with lite vanguards), aka TROVE-2024-003. En Tor Arti anterior a 1.2.3, los circuitos STUB tenían incorrectamente una longitud de 2 (con vanguardias ligeras), también conocido como TROVE-2024-003. • https://gitlab.torproject.org/tpo/core/arti/-/issues/1409 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 7.9EPSS: 0%CPEs: 14EXPL: 0CVE-2023-45745
https://notcve.org/view.php?id=CVE-2023-45745
16 May 2024 — Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. La validación de entrada incorrecta en algún software de módulo Intel(R) TDX anterior a la versión 1.5.05.46.698 puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a través del acceso local. • https://security.netapp.com/advisory/ntap-20240621-0003 • CWE-20: Improper Input Validation •
CVSS: 2.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-45733 – intel-microcode: Race conditions in some Intel(R) Processors
https://notcve.org/view.php?id=CVE-2023-45733
16 May 2024 — Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. La lógica del hardware contiene condiciones de ejecución en algunos procesadores Intel(R) que pueden permitir que un usuario autenticado permita potencialmente la divulgación parcial de información a través del acceso local. A flaw was found in intel-microcode. The hardware logic contains race conditions in some Intel(R) processors that ma... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01051.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-1298: Hardware Logic Contains Race Conditions •
CVSS: 4.7EPSS: 0%CPEs: 14EXPL: 0CVE-2023-46103 – intel-microcode: Unexpected behavior in Intel(R) Core(TM) Ultra Processors
https://notcve.org/view.php?id=CVE-2023-46103
16 May 2024 — Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access. La secuencia de instrucciones del procesador genera un comportamiento inesperado en los procesadores Intel(R) Core(TM) Ultra que pueden permitir que un usuario autenticado habilite potencialmente la denegación de servicio a través del acceso local. A flaw was found in intel-microcode. The sequence of processor instruct... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01052.html • CWE-400: Uncontrolled Resource Consumption CWE-1281: Sequence of Processor Instructions Leads to Unexpected Behavior •
CVSS: 4.9EPSS: 0%CPEs: 25EXPL: 0CVE-2024-4317 – PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks
https://notcve.org/view.php?id=CVE-2024-4317
09 May 2024 — Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that versi... • https://www.postgresql.org/support/security/CVE-2024-4317 • CWE-862: Missing Authorization •
CVSS: 6.6EPSS: 0%CPEs: 14EXPL: 1CVE-2024-27282 – ruby: Arbitrary memory address read vulnerability with Regex search
https://notcve.org/view.php?id=CVE-2024-27282
06 May 2024 — An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1. Se descubrió un problema en Ruby 3.x hasta 3.3.0. Si los datos proporcionados por el atacante se proporcionan al compilador de expresiones regulares de Ruby, es posible extraer datos del montón arbitrarios relacionado... • https://github.com/Abo5/CVE-2024-27282 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-34020
https://notcve.org/view.php?id=CVE-2024-34020
29 Apr 2024 — A stack-based buffer overflow was found in the putSDN() function of mail.c in hcode through 2.1. Se encontró un desbordamiento de búfer en la región stack de la memoria en la función putSDN() de mail.c en hcode hasta 2.1. • http://ftp.kaist.ac.kr/hangul/code/hcode • CWE-121: Stack-based Buffer Overflow •