CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2024-0091
https://notcve.org/view.php?id=CVE-2024-0091
13 Jun 2024 — NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering. El controlador de pantalla GPU NVIDIA para Windows y Linux contiene una vulnerabilidad en la que un usuario puede provocar una desreferencia de un puntero que no es de confianza ejecutando una API del controlador. Una explotación exitos... • https://nvidia.custhelp.com/app/answers/detail/a_id/5551 • CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2024-0090
https://notcve.org/view.php?id=CVE-2024-0090
13 Jun 2024 — NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. El controlador de GPU NVIDIA para Windows y Linux contiene una vulnerabilidad en la que un usuario puede provocar una escritura fuera de los límites. Una explotación exitosa de esta vulnerabilidad podría provocar la ejecución de código, d... • https://nvidia.custhelp.com/app/answers/detail/a_id/5551 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-38417
https://notcve.org/view.php?id=CVE-2023-38417
16 May 2024 — Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. La validación de entrada incorrecta para algunos software Intel(R) PROSet/Wireless WiFi anteriores a la versión 23.20 puede permitir que un usuario no autenticado habilite potencialmente la denegación de servicio a través del acceso adyacente. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 15EXPL: 0CVE-2023-47210
https://notcve.org/view.php?id=CVE-2023-47210
16 May 2024 — Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. La validación de entrada incorrecta para algunos software Intel(R) PROSet/Wireless WiFi para Linux anteriores a la versión 23.20 puede permitir que un usuario no autenticado habilite potencialmente la denegación de servicio a través del acceso adyacente. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2024-21823 – kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application
https://notcve.org/view.php?id=CVE-2024-21823
16 May 2024 — Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local access. La lógica de hardware con desincronización insegura en Intel(R) DSA e Intel(R) IAA para algunos procesadores Intel(R) Xeon(R) de cuarta o quinta generación puede permitir que un usuario autorizado habilite potencialmente la denegación de servicio a través del acceso local. Hardware lo... • http://www.openwall.com/lists/oss-security/2024/05/15/1 • CWE-400: Uncontrolled Resource Consumption CWE-1264: Hardware Logic with Insecure De-Synchronization between Control and Data Channels •
CVSS: 7.1EPSS: 0%CPEs: 26EXPL: 0CVE-2024-25742 – hw: amd: Instruction raise #VC exception at exit
https://notcve.org/view.php?id=CVE-2024-25742
01 May 2024 — In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES. En el kernel de Linux anterior a 6.9, un hipervisor que no es de confianza puede inyectar la interrupción virtual 29 (#VC) en cualquier momento y puede activar su controlador. Esto afecta a AMD SEV-SNP y AMD SEV-ES. A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality an... • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.9 • CWE-828: Signal Handler with Functionality that is not Asynchronous-Safe •
CVSS: 7.8EPSS: 42%CPEs: 12EXPL: 0CVE-2024-4340 – Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.
https://notcve.org/view.php?id=CVE-2024-4340
30 Apr 2024 — Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError. Pasar una lista muy anidada a sqlparse.parse() conduce a una denegación de servicio debido a RecursionError. A flaw was found in sqlparse. This issue occurs in a heavily nested list in sqlparse.parse(), where a recursion error may be triggered, which can lead to a denial of service. It was discovered that SQL parse incorrectly handled certain nested lists. • https://github.com/advisories/GHSA-2m57-hf25-phgg • CWE-674: Uncontrolled Recursion •
CVSS: 8.5EPSS: 0%CPEs: 21EXPL: 0CVE-2024-1135 – HTTP Request Smuggling in benoitc/gunicorn
https://notcve.org/view.php?id=CVE-2024-1135
16 Apr 2024 — Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerabilit... • https://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 4.7EPSS: 0%CPEs: 37EXPL: 0CVE-2024-2201 – CVE-2024-2201
https://notcve.org/view.php?id=CVE-2024-2201
15 Apr 2024 — A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems. A flaw was found in some Intel CPUs where mitigations for the Spectre V2/BHI vulnerability were incomplete. This issue may allow an attacker to read arbitrary memory, compromising system integrity and exposing sensitive information. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a... • http://www.openwall.com/lists/oss-security/2024/04/09/15 • CWE-1423: Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2023-29483 – dnspython: denial of service in stub resolver
https://notcve.org/view.php?id=CVE-2023-29483
11 Apr 2024 — eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1. eventlet ant... • https://github.com/eventlet/eventlet/issues/913 • CWE-292: DEPRECATED: Trusting Self-reported DNS Name CWE-696: Incorrect Behavior Order •