CVSS: 9.4EPSS: 0%CPEs: 23EXPL: 0CVE-2024-38428 – wget: Misinterpretation of input may lead to improper behavior
https://notcve.org/view.php?id=CVE-2024-38428
16 Jun 2024 — url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent. url.c en GNU Wget hasta 1.24.5 maneja mal los puntos y comas en el subcomponente de información de usuario de un URI y, por lo tanto, puede haber un comportamiento inseguro en el que los datos que se suponía que estaban en el subcomponente de información d... • https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace • CWE-115: Misinterpretation of Input CWE-436: Interpretation Conflict •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-37388
https://notcve.org/view.php?id=CVE-2024-37388
07 Jun 2024 — An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service (DoS) via crafted XML input. Una vulnerabilidad de entidad externa XML (XXE) en la función ebookmeta.get_metadata de lxml anterior a v4.9.1 permite a los atacantes acceder a información confidencial o provocar una denegación de servicio (DoS) a través de una entrada XML manipulada. • https://github.com/dnkorpushov/ebookmeta/issues/16#issue-2317712335 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-49441
https://notcve.org/view.php?id=CVE-2023-49441
06 Jun 2024 — dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query. dnsmasq 2.9 es vulnerable al desbordamiento de enteros a través de forward_query. • https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q4/017332.html •
CVSS: 8.1EPSS: 0%CPEs: 25EXPL: 0CVE-2024-5564 – Libndp: buffer overflow in route information length field
https://notcve.org/view.php?id=CVE-2024-5564
31 May 2024 — A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information. Se encontró una vulnerabilidad en libndp. Esta falla permite que un usuario malintencionado local provoque un desbordamiento del búfer en NetworkManager, provocado al enviar un paquete de publicidad de enrutador IPv6 con formato inco... • https://access.redhat.com/errata/RHSA-2024:4618 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.0EPSS: 0%CPEs: 16EXPL: 0CVE-2024-1298 – Integer Overflow caused by divide by zero during S3 suspension
https://notcve.org/view.php?id=CVE-2024-1298
30 May 2024 — EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability. EDK2 contiene una vulnerabilidad cuando se activa la suspensión de S3 donde un atacante puede causar una división por cero debido a un desbordamiento de UNIT32 a través del acceso local. Una explotación exitosa de esta vulnerabilidad puede provocar una pérdida de disponibilidad. A divi... • https://github.com/tianocore/edk2/security/advisories/GHSA-chfw-xj8f-6m53 • CWE-369: Divide By Zero •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35221 – Denial of service when publishing a package on rubygems.org
https://notcve.org/view.php?id=CVE-2024-35221
29 May 2024 — Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.from_yaml. from_yaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-based metadata of a gem. YAML aliases allow for Denial of Service attacks with so-called `YAML-bombs` (comparable to Billion laughs attacks). This was patched. • https://en.wikipedia.org/wiki/Billion_laughs_attack • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.3EPSS: 0%CPEs: 25EXPL: 1CVE-2024-29510 – ghostscript: format string injection leads to shell command execution (SAFER bypass)
https://notcve.org/view.php?id=CVE-2024-29510
16 May 2024 — Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. Artifex Ghostscript anterior a 10.03.1 permite la corrupción de la memoria y una omisión MÁS SEGURA de la sandbox mediante la inyección de cadena de formato con un dispositivo uniprint. A flaw in Ghostscript has been identified where the uniprint device allows users to pass various string fragments as device options. These strings, particularly upWriteComponentCommands a... • https://github.com/swsmith2391/CVE-2024-29510 • CWE-20: Improper Input Validation CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2024-34459
https://notcve.org/view.php?id=CVE-2024-34459
13 May 2024 — An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. Se descubrió un problema en xmllint (de libxml2) anterior a 2.11.8 y 2.12.x anterior a 2.12.7. Formatear mensajes de error con xmllint --htmlout puede provocar una lectura excesiva del búfer en xmlHTMLPrintFileContext en xmllint.c. • https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.2EPSS: 0%CPEs: 16EXPL: 0CVE-2024-4418 – Libvirt: stack use-after-free in virnetclientioeventloop()
https://notcve.org/view.php?id=CVE-2024-4418
08 May 2024 — A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this i... • https://access.redhat.com/errata/RHSA-2024:4351 • CWE-416: Use After Free •
CVSS: 5.2EPSS: 0%CPEs: 19EXPL: 0CVE-2024-34397 – glib2: Signal subscription vulnerabilities
https://notcve.org/view.php?id=CVE-2024-34397
07 May 2024 — An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact. Se descubrió un problema en GNO... • https://gitlab.gnome.org/GNOME/glib/-/issues/3268 • CWE-290: Authentication Bypass by Spoofing CWE-940: Improper Verification of Source of a Communication Channel •