CVSS: 4.7EPSS: 0%CPEs: 14EXPL: 0CVE-2023-46103 – intel-microcode: Unexpected behavior in Intel(R) Core(TM) Ultra Processors
https://notcve.org/view.php?id=CVE-2023-46103
16 May 2024 — Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access. La secuencia de instrucciones del procesador genera un comportamiento inesperado en los procesadores Intel(R) Core(TM) Ultra que pueden permitir que un usuario autenticado habilite potencialmente la denegación de servicio a través del acceso local. A flaw was found in intel-microcode. The sequence of processor instruct... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01052.html • CWE-400: Uncontrolled Resource Consumption CWE-1281: Sequence of Processor Instructions Leads to Unexpected Behavior •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2024-21823 – kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application
https://notcve.org/view.php?id=CVE-2024-21823
16 May 2024 — Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local access. La lógica de hardware con desincronización insegura en Intel(R) DSA e Intel(R) IAA para algunos procesadores Intel(R) Xeon(R) de cuarta o quinta generación puede permitir que un usuario autorizado habilite potencialmente la denegación de servicio a través del acceso local. Hardware lo... • http://www.openwall.com/lists/oss-security/2024/05/15/1 • CWE-400: Uncontrolled Resource Consumption CWE-1264: Hardware Logic with Insecure De-Synchronization between Control and Data Channels •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2024-31142 – x86: Incorrect logic for BTC/SRSO mitigations
https://notcve.org/view.php?id=CVE-2024-31142
16 May 2024 — Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Sta... • https://xenbits.xenproject.org/xsa/advisory-455.html • CWE-693: Protection Mechanism Failure •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2023-46842 – x86 HVM hypercalls may trigger Xen bug check
https://notcve.org/view.php?id=CVE-2023-46842
16 May 2024 — Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and other modes. This in particular means that they may set registers used to pass 32-bit-mode hypercall arguments to values outside of the range 32-bit code would be able to set them to. When processing of hypercalls takes a considerable amount of time, the hypervisor may choose to invoke a hypercall continuation. Doing so involves putting (perhaps updated) hypercall arguments in respective registers. For guests not running in 64-bit mode... • https://xenbits.xenproject.org/xsa/advisory-454.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.3EPSS: 0%CPEs: 23EXPL: 0CVE-2024-33869 – ghostscript: path traversal and command execution due to path reduction
https://notcve.org/view.php?id=CVE-2024-33869
16 May 2024 — An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename. A flaw was found in Ghostscript. • https://bugs.ghostscript.com/show_bug.cgi?id=707691 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 6.8EPSS: 0%CPEs: 23EXPL: 0CVE-2024-33870 – ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths
https://notcve.org/view.php?id=CVE-2024-33870
16 May 2024 — An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted. • https://bugs.ghostscript.com/show_bug.cgi?id=707686 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 10.0EPSS: 2%CPEs: 32EXPL: 0CVE-2024-33871 – ghostscript: OPVP device arbitrary code execution via custom Driver library
https://notcve.org/view.php?id=CVE-2024-33871
16 May 2024 — An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded. Se descubrió un problema en Artifex Ghostscript antes de la versión 10.03.1. contrib/opvp/gdevopvp.c permite la ejecución de código arbitrario a través de una librería d... • https://bugs.ghostscript.com/show_bug.cgi?id=707754 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.3EPSS: 21%CPEs: 25EXPL: 2CVE-2024-29510 – ghostscript: format string injection leads to shell command execution (SAFER bypass)
https://notcve.org/view.php?id=CVE-2024-29510
16 May 2024 — Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. Artifex Ghostscript anterior a 10.03.1 permite la corrupción de la memoria y una omisión MÁS SEGURA de la sandbox mediante la inyección de cadena de formato con un dispositivo uniprint. A flaw in Ghostscript has been identified where the uniprint device allows users to pass various string fragments as device options. These strings, particularly upWriteComponentCommands a... • https://packetstorm.news/files/id/179645 • CWE-20: Improper Input Validation CWE-693: Protection Mechanism Failure •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2024-25743 – hw: amd: Instruction raise #VC exception at exit
https://notcve.org/view.php?id=CVE-2024-25743
15 May 2024 — In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES. En el kernel de Linux hasta 6.7.2, un hipervisor que no es de confianza puede inyectar interrupciones virtuales 0 y 14 en cualquier momento y puede activar el controlador de señales SIGFPE en aplicaciones de espacio de usuario. Esto afecta a AMD SEV-SNP y AMD SEV-ES. A vulnerability w... • https://bugzilla.redhat.com/show_bug.cgi?id=2270836 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 33EXPL: 0CVE-2024-4777 – Mozilla: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11
https://notcve.org/view.php?id=CVE-2024-4777
14 May 2024 — Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Errores de seguridad de la memoria presentes en Firefox 125, Firefox ESR 115.10 y Thunderbird 115.10. Algunos de estos errores mostraron evidencia de corrupción de memoria y sup... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1878199%2C1893340 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-416: Use After Free •