CVSS: 6.0EPSS: 0%CPEs: 21EXPL: 0CVE-2024-3447 – Qemu: sdhci: heap buffer overflow in sdhci_write_dataport()
https://notcve.org/view.php?id=CVE-2024-3447
14 Nov 2024 — A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. • https://access.redhat.com/security/cve/CVE-2024-3447 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49395 – Mutt: neomutt: bcc email header field is indirectly leaked by cryptographic info block
https://notcve.org/view.php?id=CVE-2024-49395
12 Nov 2024 — In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info. • https://access.redhat.com/security/cve/CVE-2024-49395 • CWE-1230: Exposure of Sensitive Information Through Metadata •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49394 – Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing
https://notcve.org/view.php?id=CVE-2024-49394
12 Nov 2024 — In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender. • https://access.redhat.com/security/cve/CVE-2024-49394 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49393 – Mutt: neomutt: to and cc email header fields are not protected by cryptographic signing
https://notcve.org/view.php?id=CVE-2024-49393
12 Nov 2024 — In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality. • https://access.redhat.com/security/cve/CVE-2024-49393 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-11079 – Ansible-core: unsafe tagging bypass via hostvars object in ansible-core
https://notcve.org/view.php?id=CVE-2024-11079
11 Nov 2024 — A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks. An update is now available for Red Hat Ansible Automation Platform Execution Environments. Issues addressed include a bypass vulnerability. • https://access.redhat.com/security/cve/CVE-2024-11079 • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-10963 – Pam: improper hostname interpretation in pam_access leads to access control bypass
https://notcve.org/view.php?id=CVE-2024-10963
07 Nov 2024 — A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control. A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability... • https://access.redhat.com/security/cve/CVE-2024-10963 • CWE-287: Improper Authentication •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10573 – Mpg123: buffer overflow when writing decoded pcm samples
https://notcve.org/view.php?id=CVE-2024-10573
31 Oct 2024 — An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stre... • https://access.redhat.com/security/cve/CVE-2024-10573 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2024-9632 – Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-9632
30 Oct 2024 — A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges. Se encontró un fallo en el servidor X.org. Debido a que el tamaño de asignación no se rastrea correctamente en _XkbSetCompatMap, un atacante local podría desencadenar una condición d... • https://access.redhat.com/security/cve/CVE-2024-9632 • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-10041 – Pam: libpam: libpam vulnerable to read hashed password
https://notcve.org/view.php?id=CVE-2024-10041
23 Oct 2024 — A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. An update for pam is now available for Red Hat Enterprise Linux 9. • https://access.redhat.com/security/cve/CVE-2024-10041 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2024-9050 – Networkmanager-libreswan: local privilege escalation via leftupdown
https://notcve.org/view.php?id=CVE-2024-9050
22 Oct 2024 — A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to speci... • https://access.redhat.com/errata/RHSA-2024:8312 • CWE-94: Improper Control of Generation of Code ('Code Injection') •