CVSS: 8.1EPSS: 0%CPEs: 34EXPL: 0CVE-2024-2607 – Mozilla: JIT code failed to save return registers on Armv7-A
https://notcve.org/view.php?id=CVE-2024-2607
19 Mar 2024 — Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Se sobrescribieron los registros de retorno, lo que podría haber permitido a un atacante ejecutar código arbitrario. • https://bugzilla.mozilla.org/show_bug.cgi?id=1879939 • CWE-123: Write-what-where Condition CWE-1262: Improper Access Control for Register Interface •
CVSS: 5.9EPSS: 0%CPEs: 17EXPL: 0CVE-2024-2605
https://notcve.org/view.php?id=CVE-2024-2605
19 Mar 2024 — An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Un atacante podría haber aprovechado el Informe de errores de Windows para ejecutar código arbitrario en el sistema escapando del entorno limitado. • https://bugzilla.mozilla.org/show_bug.cgi?id=1872920 •
CVSS: 8.6EPSS: 0%CPEs: 28EXPL: 0CVE-2024-1753 – Buildah: full container escape at build time
https://notcve.org/view.php?id=CVE-2024-1753
18 Mar 2024 — A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time. Se encontró una fa... • https://access.redhat.com/errata/RHSA-2024:2049 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-269: Improper Privilege Management •
CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0CVE-2024-2496 – Libvirt: null pointer dereference in udevconnectlistallinterfaces()
https://notcve.org/view.php?id=CVE-2024-2496
18 Mar 2024 — A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash. Se encontró una falla de desreferencia de puntero NULL en la función udevConnectListAllInterfaces() en libvirt. Este problema puede ocurrir al desconectar una int... • https://access.redhat.com/errata/RHSA-2024:2236 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47154
https://notcve.org/view.php?id=CVE-2021-47154
18 Mar 2024 — The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. El módulo Net::CIDR::Lite anterior a 0.22 para Perl no considera adecuadamente los caracteres cero extraños al comienzo de una cadena de dirección IP, lo que (en algunas situaciones) permite a los atacantes eludir el control de acceso basado en direcciones IP. • https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros •
CVSS: 6.5EPSS: 0%CPEs: 32EXPL: 0CVE-2023-28746 – kernel: Local information disclosure on Intel(R) Atom(R) processors
https://notcve.org/view.php?id=CVE-2023-28746
14 Mar 2024 — Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. La exposición de la información a través del estado de la microarquitectura después de la ejecución transitoria de algunos archivos de registro para algunos procesadores Intel(R) Atom(R) puede permitir que un usuario autenticado potencialmente habilite la divulgación de info... • http://www.openwall.com/lists/oss-security/2024/03/12/13 • CWE-1342: Information Exposure through Microarchitectural State after Transient Execution •
CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 0CVE-2023-22655 – kernel: local privilege escalation on Intel microcode on Intel(R) Xeon(R)
https://notcve.org/view.php?id=CVE-2023-22655
14 Mar 2024 — Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. La falla del mecanismo de protección en algunos procesadores Intel(R) Xeon(R) de tercera y cuarta generación cuando se utiliza Intel(R) SGX o Intel(R) TDX puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a través del acceso local. A vulnerability ... • https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html • CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-39368 – kernel: Possible Denial of Service on Intel(R) Processors
https://notcve.org/view.php?id=CVE-2023-39368
14 Mar 2024 — Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access. La falla del mecanismo de protección del regulador de bloqueo del bus para algunos procesadores Intel(R) puede permitir que un usuario no autenticado habilite potencialmente la denegación de servicio a través del acceso a la red. A vulnerability was found in the bus lock regulator mechanism for some Intel processors models. This issue m... • https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html • CWE-693: Protection Mechanism Failure •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2023-38575 – kernel: Local information disclosure in some Intel(R) processors
https://notcve.org/view.php?id=CVE-2023-38575
14 Mar 2024 — Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. El intercambio no transparente de objetivos de predicción de retorno entre contextos en algunos procesadores Intel(R) puede permitir que un usuario autorizado habilite potencialmente la divulgación de información a través del acceso local. A vulnerability was found in some Intel processors that may allow a malicious actor... • https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html • CWE-1303: Non-Transparent Sharing of Microarchitectural Resources •
CVSS: 5.3EPSS: 0%CPEs: 15EXPL: 0CVE-2023-43490 – kernel: Local information disclosure on Intel(R) Xeon(R) D processors with Intel(R) SGX due to incorrect calculation in microcode
https://notcve.org/view.php?id=CVE-2023-43490
14 Mar 2024 — Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access. El cálculo incorrecto en el mecanismo de codificación de microcódigo para algunos procesadores Intel(R) Xeon(R) D con Intel(R) SGX puede permitir que un usuario privilegiado habilite potencialmente la divulgación de información a través del acceso local. A vulnerability was found in some Intel Xeon D Processors... • https://lists.debian.org/debian-lts-announce/2024/05/msg00003.html • CWE-682: Incorrect Calculation •