CVSS: 9.8EPSS: %CPEs: 12EXPL: 0CVE-2024-27280 – ruby: Buffer overread vulnerability in StringIO
https://notcve.org/view.php?id=CVE-2024-27280
06 May 2024 — A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2. Se descubrió un problema de sobrelectura del búfer en StringIO 3.0.1, distri... • https://hackerone.com/reports/1399856 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-126: Buffer Over-read •
CVSS: 6.6EPSS: %CPEs: 14EXPL: 1CVE-2024-27282 – ruby: Arbitrary memory address read vulnerability with Regex search
https://notcve.org/view.php?id=CVE-2024-27282
06 May 2024 — An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1. Se descubrió un problema en Ruby 3.x hasta 3.3.0. Si los datos proporcionados por el atacante se proporcionan al compilador de expresiones regulares de Ruby, es posible extraer datos del montón arbitrarios relacionado... • https://github.com/Abo5/CVE-2024-27282 • CWE-125: Out-of-bounds Read •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3154 – Cri-o: arbitrary command injection via pod annotation
https://notcve.org/view.php?id=CVE-2024-3154
26 Apr 2024 — A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system. Se encontró una falla en cri-o, donde se puede inyectar una propiedad systemd arbitraria mediante una anotación Pod. Cualquier usuario que pueda crear un pod con una anotación arbitraria puede realizar una acción arbitraria en el sistema host. • https://access.redhat.com/errata/RHSA-2024:2669 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.1EPSS: 0%CPEs: 27EXPL: 0CVE-2023-3758 – Sssd: race condition during authorization leads to gpo policies functioning inconsistently
https://notcve.org/view.php?id=CVE-2023-3758
18 Apr 2024 — A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. Se encontró una falla en la condición de ejecución en sssd donde la política de GPO no se aplica de manera consistente para los usuarios autenticados. Esto puede dar lugar a problemas de autorización inapropiados, otorgando o denegando acceso a recursos de manera inapropiada. • https://access.redhat.com/errata/RHSA-2024:1919 • CWE-285: Improper Authorization CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.6EPSS: 0%CPEs: 30EXPL: 0CVE-2024-32487 – less: OS command injection
https://notcve.org/view.php?id=CVE-2024-32487
13 Apr 2024 — less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. less hasta 653 permite la ejecución de comandos del sistema operativo mediante un carácter de nueva línea en el nombre de un archivo, po... • http://www.openwall.com/lists/oss-security/2024/04/15/1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2023-29483 – dnspython: denial of service in stub resolver
https://notcve.org/view.php?id=CVE-2023-29483
11 Apr 2024 — eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1. eventlet ant... • https://github.com/eventlet/eventlet/issues/913 • CWE-292: DEPRECATED: Trusting Self-reported DNS Name CWE-696: Incorrect Behavior Order •
CVSS: 8.2EPSS: 0%CPEs: 23EXPL: 1CVE-2024-3446 – Qemu: virtio: dma reentrancy issue leads to double free vulnerability
https://notcve.org/view.php?id=CVE-2024-3446
09 Apr 2024 — A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host. Se encontró una doble vulnerabilidad gratuita en los dispositivos QEMU virtio (virtio-gpu, virtio... • https://github.com/Toxich4/CVE-2024-34469 • CWE-415: Double Free •
CVSS: 8.0EPSS: 0%CPEs: 37EXPL: 0CVE-2024-31080 – Xorg-x11-server: heap buffer overread/data leakage in procxigetselectedevents
https://notcve.org/view.php?id=CVE-2024-31080
04 Apr 2024 — A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a c... • http://www.openwall.com/lists/oss-security/2024/04/03/13 • CWE-126: Buffer Over-read •
CVSS: 6.7EPSS: 0%CPEs: 23EXPL: 0CVE-2024-28219 – python-pillow: buffer overflow in _imagingcms.c
https://notcve.org/view.php?id=CVE-2024-28219
03 Apr 2024 — In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. En _imagingcms.c en Pillow anterior a 10.3.0, existe un desbordamiento del búfer porque se usa strcpy en lugar de strncpy. A flaw was found in Pillow. The cms_transform_new function in src/_imagingcms.c does not validate the length of its parameters before copying them into fixed-size buffers, leading to a buffer overflow, resulting in a denial of service. • https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 6.2EPSS: 0%CPEs: 19EXPL: 2CVE-2024-28085 – util-linux wall Escape Sequence Injection
https://notcve.org/view.php?id=CVE-2024-28085
27 Mar 2024 — wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover. wall en util-linux hasta 2.40, a menudo instalado con permisos setgid tty, permite enviar secuencias de escape a terminales de otros usuarios a través de argv. (Espe... • https://github.com/skyler-ferrante/CVE-2024-28085 • CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences •