CVSS: 6.7EPSS: 0%CPEs: 23EXPL: 0CVE-2024-28219 – python-pillow: buffer overflow in _imagingcms.c
https://notcve.org/view.php?id=CVE-2024-28219
03 Apr 2024 — In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. En _imagingcms.c en Pillow anterior a 10.3.0, existe un desbordamiento del búfer porque se usa strcpy en lugar de strncpy. A flaw was found in Pillow. The cms_transform_new function in src/_imagingcms.c does not validate the length of its parameters before copying them into fixed-size buffers, leading to a buffer overflow, resulting in a denial of service. USN-6744-1 fixed a vulnerability in Pillow.... • https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-3019 – Pcp: exposure of the redis server backend allows remote command execution via pmproxy
https://notcve.org/view.php?id=CVE-2024-3019
28 Mar 2024 — A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. • https://access.redhat.com/errata/RHSA-2024:2566 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.3EPSS: 0%CPEs: 9EXPL: 0CVE-2024-2947 – Cockpit: command injection when deleting a sosreport with a crafted name
https://notcve.org/view.php?id=CVE-2024-2947
28 Mar 2024 — A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affects Cockpit versions 270 and newer. Se encontró una falla en Cockpit. Eliminar un informe sos con un nombre modificado a través de la interfaz web de Cockpit puede generar una vulnerabilidad de inyección de comandos, lo que resulta en una escalada de privilegios. • https://access.redhat.com/errata/RHSA-2024:3667 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.2EPSS: 0%CPEs: 7EXPL: 0CVE-2024-25580 – qtbase: potential buffer overflow when reading KTX images
https://notcve.org/view.php?id=CVE-2024-25580
27 Mar 2024 — An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file. Se descubrió un problema en gui/util/qktxhandler.cpp en Qt antes de 5.15.17, 6.x antes de 6.2.12, 6.3.x hasta 6.5.x antes de 6.5.5 y 6.6.x antes de 6.6.2. Se puede producir un desbordamiento del búfer y un bloqueo de la aplicación a través de un archivo de imagen KTX manipulado. A... • https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-images • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2024-30205 – emacs: Org mode considers contents of remote files to be trusted
https://notcve.org/view.php?id=CVE-2024-30205
25 Mar 2024 — In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. En Emacs anterior a 29.3, el modo Org considera que el contenido de los archivos remotos es confiable. Esto afecta al modo de organización anterior a la versión 9.6.23. A flaw was found in Emacs. • http://www.openwall.com/lists/oss-security/2024/03/25/2 • CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data CWE-494: Download of Code Without Integrity Check •
CVSS: 7.2EPSS: 0%CPEs: 23EXPL: 0CVE-2024-30203 – emacs: Gnus treats inline MIME contents as trusted
https://notcve.org/view.php?id=CVE-2024-30203
25 Mar 2024 — In Emacs before 29.3, Gnus treats inline MIME contents as trusted. En Emacs anterior a 29.3, Gnus trata el contenido MIME en línea como confiable. A flaw was found in Emacs. When Emacs is used as an email client, inline MIME attachments are considered to be trusted by default, allowing a crafted LaTeX document to exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service. • http://www.openwall.com/lists/oss-security/2024/03/25/2 • CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •
CVSS: 7.2EPSS: 0%CPEs: 21EXPL: 0CVE-2024-30204 – emacs: LaTeX preview is enabled by default for e-mail attachments
https://notcve.org/view.php?id=CVE-2024-30204
25 Mar 2024 — In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. En Emacs anterior a 29.3, la vista previa de LaTeX está habilitada de forma predeterminada para los archivos adjuntos de correo electrónico. A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service. • http://www.openwall.com/lists/oss-security/2024/03/25/2 • CWE-276: Incorrect Default Permissions CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2024-30156 – varnish: HTTP/2 Broken Window Attack may result in denial of service
https://notcve.org/view.php?id=CVE-2024-30156
24 Mar 2024 — Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack. Varnish Cache anterior a 7.3.2 y 7.4.x anterior a 7.4.3 (y anterior a 6.0.13 LTS), y Varnish Enterprise 6 anterior a 6.0.12r6, permite el agotamiento de los créditos para una ventana de flujo de control de conexión HTTP/2, también conocido como ataque de ventana rota. A flaw was found in the Var... • https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 1%CPEs: 32EXPL: 0CVE-2024-29944 – Mozilla Firefox Exposed Dangerous Function Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2024-29944
22 Mar 2024 — An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1. Un atacante pudo inyectar un controlador de eventos en un objeto privilegiado que permitiría la ejecución arbitraria de JavaScript en el proceso principal. Nota: Esta vulnerabilidad afecta única... • http://www.openwall.com/lists/oss-security/2024/03/23/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-830: Inclusion of Web Functionality from an Untrusted Source •
CVSS: 6.2EPSS: 0%CPEs: 24EXPL: 0CVE-2024-2494 – Libvirt: negative g_new0 length can lead to unbounded memory allocation
https://notcve.org/view.php?id=CVE-2024-2494
21 Mar 2024 — A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash. Se encontró una falla en las API de la librería RPC de libvi... • https://access.redhat.com/errata/RHSA-2024:2560 • CWE-789: Memory Allocation with Excessive Size Value •