CVSS: 5.2EPSS: 0%CPEs: 19EXPL: 0CVE-2024-34397 – glib2: Signal subscription vulnerabilities
https://notcve.org/view.php?id=CVE-2024-34397
07 May 2024 — An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact. Se descubrió un problema en GNO... • https://gitlab.gnome.org/GNOME/glib/-/issues/3268 • CWE-290: Authentication Bypass by Spoofing CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2024-33394
https://notcve.org/view.php?id=CVE-2024-33394
02 May 2024 — An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. Un problema en kubevirt kubevirt v1.2.0 y anteriores permite a un atacante local ejecutar código arbitrario mediante un comando manipulado para obtener el componente token. • https://gist.github.com/HouqiyuA/1b75e23ece7ad98490aec1c887bdf49b • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: 26EXPL: 0CVE-2024-25742 – hw: amd: Instruction raise #VC exception at exit
https://notcve.org/view.php?id=CVE-2024-25742
01 May 2024 — In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES. En el kernel de Linux anterior a 6.9, un hipervisor que no es de confianza puede inyectar la interrupción virtual 29 (#VC) en cualquier momento y puede activar su controlador. Esto afecta a AMD SEV-SNP y AMD SEV-ES. A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality an... • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.9 • CWE-828: Signal Handler with Functionality that is not Asynchronous-Safe •
CVSS: 7.8EPSS: 42%CPEs: 12EXPL: 0CVE-2024-4340 – Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.
https://notcve.org/view.php?id=CVE-2024-4340
30 Apr 2024 — Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError. Pasar una lista muy anidada a sqlparse.parse() conduce a una denegación de servicio debido a RecursionError. A flaw was found in sqlparse. This issue occurs in a heavily nested list in sqlparse.parse(), where a recursion error may be triggered, which can lead to a denial of service. It was discovered that SQL parse incorrectly handled certain nested lists. • https://github.com/advisories/GHSA-2m57-hf25-phgg • CWE-674: Uncontrolled Recursion •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-34088
https://notcve.org/view.php?id=CVE-2024-34088
30 Apr 2024 — In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service. En FRRouting (FRR) hasta 9.1, es posible que la función get_edge() en ospf_te.c en el demonio OSPF devuelva un puntero NULL. En los casos en que las funciones de llamada no manejan el valor NULL devuelto, el daemon OSPF falla, lo que lleva a la denegac... • https://github.com/FRRouting/frr/pull/15674/commits/34d704fb0ea60dc5063af477a2c11d4884984d4f • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2023-52722 – Ubuntu Security Notice USN-6835-1
https://notcve.org/view.php?id=CVE-2023-52722
27 Apr 2024 — An issue was discovered in Artifex Ghostscript before 10.03.1. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard. Se descubrió un problema en Artifex Ghostscript hasta la versión 10.01.0. psi/zmisc1.c, cuando se utiliza el modo MÁS SEGURO, permite semillas eexec distintas al estándar Tipo 1. It was discovered that Ghostscript did not properly restrict eexec seeds to those specified by the Type 1 Font Format standard when SAFER mode is used. An attacker could use this i... • http://www.openwall.com/lists/oss-security/2024/06/28/2 •
CVSS: 8.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-31755 – Ubuntu Security Notice USN-6784-1
https://notcve.org/view.php?id=CVE-2024-31755
26 Apr 2024 — cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c. Se descubrió que cJSON v1.7.17 contiene una infracción de segmentación, que puede activarse a través del segundo parámetro de la función cJSON_SetValuestring en cJSON.c. It was discovered that cJSON incorrectly handled certain input. An attacker could possibly use this issue to cause cJSON to crash, resulting in a denial of service. This issue only aff... • https://github.com/DaveGamble/cJSON/issues/839 • CWE-476: NULL Pointer Dereference •
CVSS: 8.5EPSS: 0%CPEs: 14EXPL: 0CVE-2023-51794 – Debian Security Advisory 5721-1
https://notcve.org/view.php?id=CVE-2023-51794
26 Apr 2024 — Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69. Vulnerabilidad de desbordamiento de búfer en Ffmpeg v.N113007-g8d24a28d06 permite a un atacante local ejecutar código arbitrario a través de libavfilter/af_stereowiden.c:120:69. Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled certain input files. An attacker could possibly use this issue to cause FFmpeg to crash, resulting in a... • https://trac.ffmpeg.org/ticket/10746 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-0874 – Coredns: cd bit response is cached and served later
https://notcve.org/view.php?id=CVE-2024-0874
25 Apr 2024 — A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching. Se encontró una falla en coredns. Este problema podría provocar que se devuelvan entradas de caché no válidas debido a un almacenamiento en caché implementado incorrectamente. Red Hat OpenShift Container Platform release 4.15.24 is now available with updates to packages and images that fix several bugs and add enhancements. • https://access.redhat.com/errata/RHSA-2024:0041 • CWE-524: Use of Cache Containing Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-33663 – python-jose: algorithm confusion with OpenSSH ECDSA keys and other key formats
https://notcve.org/view.php?id=CVE-2024-33663
25 Apr 2024 — python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. python-jose hasta 3.3.0 tiene confusión de algoritmos con claves OpenSSH ECDSA y otros formatos de claves. Esto es similar a CVE-2022-29217. • https://github.com/mpdavis/python-jose/issues/346 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •