CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52429 – Debian Security Advisory 5658-1txt
https://notcve.org/view.php?id=CVE-2023-52429
12 Feb 2024 — dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count. dm_table_create en drivers/md/dm-table.c en el kernel de Linux hasta 6.7.4 puede intentar (en alloc_targets) asignar más de INT_MAX bytes y fallar debido a que falta una verificación de la estructura dm_ioctl.target_count. Several vulnerabilities have been discovered in the Linux kernel that may ... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bd504bcfec41a503b32054da5472904b404341a4 • CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 7.8EPSS: 2%CPEs: 5EXPL: 0CVE-2024-20290 – Ubuntu Security Notice USN-6636-1
https://notcve.org/view.php?id=CVE-2024-20290
07 Feb 2024 — A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ... • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2024-1283 – Debian Security Advisory 5617-1
https://notcve.org/view.php?id=CVE-2024-1283
06 Feb 2024 — Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento de búfer de almacenamiento dinámico en Skia en Google Chrome anterior a 121.0.6167.160 permitía a un atacante remoto explotar potencialmente la corrupción el almacenamiento dinámico a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been d... • https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-1284 – Debian Security Advisory 5617-1
https://notcve.org/view.php?id=CVE-2024-1284
06 Feb 2024 — Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Mojo en Google Chrome anterior a 121.0.6167.160 permitía a un atacante remoto explotar potencialmente la corrupción del almacenamiento dinámico a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which... • https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2024-0690 – Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration
https://notcve.org/view.php?id=CVE-2024-0690
06 Feb 2024 — An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values. Se encontró una falla de divulgación de información en ansible-core debido a que no se respetó la configuración de ANSIBLE_NO_LOG en algunos escenarios. Se descubrió que la información todaví... • https://access.redhat.com/errata/RHSA-2024:0733 • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVSS: 8.4EPSS: 4%CPEs: 3EXPL: 9CVE-2023-6246 – Glibc: heap-based buffer overflow in __vsyslog_internal()
https://notcve.org/view.php?id=CVE-2023-6246
31 Jan 2024 — A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer. Se encontró un desbordamiento de búfer en la región Heap de la memor... • https://packetstorm.news/files/id/176932 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 1%CPEs: 3EXPL: 4CVE-2023-6779 – Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal()
https://notcve.org/view.php?id=CVE-2023-6779
31 Jan 2024 — An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer. Se encontró un desbordamiento de búfer en la región Heap de la memoria de off-by-one en la función... • https://packetstorm.news/files/id/176932 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 4CVE-2023-6780 – Glibc: integer overflow in __vsyslog_internal()
https://notcve.org/view.php?id=CVE-2023-6780
31 Jan 2024 — An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer. Se encontró un desbordamiento de enteros en la función __vsyslog_internal de la liibrería glibc. • https://packetstorm.news/files/id/176932 • CWE-131: Incorrect Calculation of Buffer Size CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-1077 – Gentoo Linux Security Advisory 202405-14
https://notcve.org/view.php?id=CVE-2024-1077
30 Jan 2024 — Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) El use after free en Network de Google Chrome anterior a 121.0.6167.139 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de un archivo malicioso. (Severidad de seguridad de Chromium: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of whi... • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-1060 – Gentoo Linux Security Advisory 202405-14
https://notcve.org/view.php?id=CVE-2024-1060
30 Jan 2024 — Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El use after free en Canvas en Google Chrome anterior a 121.0.6167.139 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chromium: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst... • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html • CWE-416: Use After Free •