CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0224
https://notcve.org/view.php?id=CVE-2024-0224
Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El use after free en WebAudio en Google Chrome anterior a 120.0.6099.199 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html https://crbug.com/1505086 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP https://security.gentoo.org/glsa/202401-34 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0223
https://notcve.org/view.php?id=CVE-2024-0223
Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento de búfer de almacenamiento dinámico en ANGLE en Google Chrome anterior a 120.0.6099.199 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html https://crbug.com/1505009 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP https://security.gentoo.org/glsa/202401-34 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0222
https://notcve.org/view.php?id=CVE-2024-0222
Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El use after free en ANGLE en Google Chrome anterior a 120.0.6099.199 permitió a un atacante remoto que había comprometido el proceso de renderizado explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html https://crbug.com/1501798 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP https://security.gentoo.org/glsa/202401-34 • CWE-416: Use After Free •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0217 – Packagekitd: use-after-free in idle function callback
https://notcve.org/view.php?id=CVE-2024-0217
A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost. Se encontró un fallo de use after free en PackageKitd. • https://access.redhat.com/security/cve/CVE-2024-0217 https://bugzilla.redhat.com/show_bug.cgi?id=2256624 https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6693 – Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx()
https://notcve.org/view.php?id=CVE-2023-6693
A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak. Se encontró un desbordamiento de búfer en la región stack de la memoria en el dispositivo virtio-net de QEMU. • https://access.redhat.com/errata/RHSA-2024:2962 https://access.redhat.com/security/cve/CVE-2023-6693 https://bugzilla.redhat.com/show_bug.cgi?id=2254580 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGUN5HVOXESW7MSNM44E4AE2VNXQB6Y https://security.netapp.com/advisory/ntap-20240208-0004 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •