CVSS: 7.8EPSS: 0%CPEs: 34EXPL: 0CVE-2024-23280
https://notcve.org/view.php?id=CVE-2024-23280
08 Mar 2024 — An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user. Se solucionó un problema de inyección con una validación mejorada. Este problema se solucionó en Safari 17.4, macOS Sonoma 14.4, iOS 17.4 y iPadOS 17.4, watchOS 10.4, tvOS 17.4. • http://seclists.org/fulldisclosure/2024/Mar/20 •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2024-23254
https://notcve.org/view.php?id=CVE-2024-23254
08 Mar 2024 — The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin. El problema se solucionó mejorando el manejo de la interfaz de usuario. Este problema se solucionó en tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, Safari 17.4. • http://seclists.org/fulldisclosure/2024/Mar/20 •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2024-23284
https://notcve.org/view.php?id=CVE-2024-23284
08 Mar 2024 — A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Se abordó una cuestión de lógica con una mejor gestión de estado. Este problema se solucionó en tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7... • http://seclists.org/fulldisclosure/2024/Mar/20 •
CVSS: 10.0EPSS: 0%CPEs: 23EXPL: 0CVE-2024-23226
https://notcve.org/view.php?id=CVE-2024-23226
08 Mar 2024 — The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. Processing web content may lead to arbitrary code execution. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, tvOS 17.4. • http://seclists.org/fulldisclosure/2024/Mar/21 •
CVSS: 7.6EPSS: 0%CPEs: 26EXPL: 0CVE-2024-1936 – Mozilla: Leaking of encrypted email subjects to other conversations
https://notcve.org/view.php?id=CVE-2024-1936
04 Mar 2024 — The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the co... • https://bugzilla.mozilla.org/show_bug.cgi?id=1860977 • CWE-311: Missing Encryption of Sensitive Data CWE-922: Insecure Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-27913
https://notcve.org/view.php?id=CVE-2024-27913
28 Feb 2024 — ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field. • https://github.com/FRRouting/frr/pull/15431 •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-27099 – Azure IoT Platform Device SDK Double Free Vulnerability
https://notcve.org/view.php?id=CVE-2024-27099
27 Feb 2024 — The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987. uAMQP es una librería C para la comunicación de AMQP 1.0 con Azure Cloud Services. Al procesar un estado fallido `AMQP_VALUE` incorrecto, puede causar un problema de doble liberación. • https://github.com/Azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0CVE-2024-26458 – krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c
https://notcve.org/view.php?id=CVE-2024-26458
26 Feb 2024 — Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. Kerberos 5 (también conocido como krb5) 1.21.2 contiene una pérdida de memoria en /krb5/src/lib/rpc/pmap_rmt.c. A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion. • https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2024-26461 – krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c
https://notcve.org/view.php?id=CVE-2024-26461
26 Feb 2024 — Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Kerberos 5 (también conocido como krb5) 1.21.2 contiene una vulnerabilidad de pérdida de memoria en /krb5/src/lib/gssapi/krb5/k5sealv3.c. A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion. • https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md • CWE-401: Missing Release of Memory after Effective Lifetime CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26462 – krb5: Memory leak at /krb5/src/kdc/ndr.c
https://notcve.org/view.php?id=CVE-2024-26462
26 Feb 2024 — Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c. Kerberos 5 (también conocido como krb5) 1.21.2 contiene una vulnerabilidad de pérdida de memoria en /krb5/src/kdc/ndr.c. A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion. • https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md • CWE-401: Missing Release of Memory after Effective Lifetime •