CVSS: 6.3EPSS: 22%CPEs: 25EXPL: 2CVE-2024-29510 – ghostscript: format string injection leads to shell command execution (SAFER bypass)
https://notcve.org/view.php?id=CVE-2024-29510
16 May 2024 — Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. Artifex Ghostscript anterior a 10.03.1 permite la corrupción de la memoria y una omisión MÁS SEGURA de la sandbox mediante la inyección de cadena de formato con un dispositivo uniprint. A flaw in Ghostscript has been identified where the uniprint device allows users to pass various string fragments as device options. These strings, particularly upWriteComponentCommands a... • https://packetstorm.news/files/id/179645 • CWE-20: Improper Input Validation CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2024-34459 – Ubuntu Security Notice USN-7240-1
https://notcve.org/view.php?id=CVE-2024-34459
13 May 2024 — An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. Se descubrió un problema en xmllint (de libxml2) anterior a 2.11.8 y 2.12.x anterior a 2.12.7. Formatear mensajes de error con xmllint --htmlout puede provocar una lectura excesiva del búfer en xmlHTMLPrintFileContext en xmllint.c. It was discovered that libxml2 incorrectly handled certain memory o... • https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.2EPSS: 0%CPEs: 18EXPL: 0CVE-2024-4418 – Libvirt: stack use-after-free in virnetclientioeventloop()
https://notcve.org/view.php?id=CVE-2024-4418
08 May 2024 — A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this i... • https://access.redhat.com/errata/RHSA-2024:4351 • CWE-416: Use After Free •
CVSS: 5.2EPSS: 0%CPEs: 19EXPL: 0CVE-2024-34397 – glib2: Signal subscription vulnerabilities
https://notcve.org/view.php?id=CVE-2024-34397
07 May 2024 — An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact. Se descubrió un problema en GNO... • https://gitlab.gnome.org/GNOME/glib/-/issues/3268 • CWE-290: Authentication Bypass by Spoofing CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 6.6EPSS: 0%CPEs: 14EXPL: 1CVE-2024-27282 – ruby: Arbitrary memory address read vulnerability with Regex search
https://notcve.org/view.php?id=CVE-2024-27282
06 May 2024 — An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1. Se descubrió un problema en Ruby 3.x hasta 3.3.0. Si los datos proporcionados por el atacante se proporcionan al compilador de expresiones regulares de Ruby, es posible extraer datos del montón arbitrarios relacionado... • https://github.com/Abo5/CVE-2024-27282 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2024-27280 – ruby: Buffer overread vulnerability in StringIO
https://notcve.org/view.php?id=CVE-2024-27280
06 May 2024 — A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2. Se descubrió un problema de sobrelectura del búfer en StringIO 3.0.1, distri... • https://hackerone.com/reports/1399856 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-126: Buffer Over-read •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3154 – Cri-o: arbitrary command injection via pod annotation
https://notcve.org/view.php?id=CVE-2024-3154
26 Apr 2024 — A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system. Se encontró una falla en cri-o, donde se puede inyectar una propiedad systemd arbitraria mediante una anotación Pod. Cualquier usuario que pueda crear un pod con una anotación arbitraria puede realizar una acción arbitraria en el sistema host. Red Hat OpenShift Container Platform release 4.13.43 is ... • https://access.redhat.com/errata/RHSA-2024:2669 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.1EPSS: 0%CPEs: 27EXPL: 0CVE-2023-3758 – Sssd: race condition during authorization leads to gpo policies functioning inconsistently
https://notcve.org/view.php?id=CVE-2023-3758
18 Apr 2024 — A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. Se encontró una falla en la condición de ejecución en sssd donde la política de GPO no se aplica de manera consistente para los usuarios autenticados. Esto puede dar lugar a problemas de autorización inapropiados, otorgando o denegando acceso a recursos de manera inapropiada. It was discovere... • https://access.redhat.com/errata/RHSA-2024:1919 • CWE-285: Improper Authorization CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.6EPSS: 0%CPEs: 30EXPL: 0CVE-2024-32487 – less: OS command injection
https://notcve.org/view.php?id=CVE-2024-32487
13 Apr 2024 — less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. less hasta 653 permite la ejecución de comandos del sistema operativo mediante un carácter de nueva línea en el nombre de un archivo, po... • http://www.openwall.com/lists/oss-security/2024/04/15/1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 7.8EPSS: 1%CPEs: 25EXPL: 0CVE-2023-29483 – dnspython: denial of service in stub resolver
https://notcve.org/view.php?id=CVE-2023-29483
11 Apr 2024 — eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1. eventlet ant... • https://github.com/eventlet/eventlet/issues/913 • CWE-292: DEPRECATED: Trusting Self-reported DNS Name CWE-696: Incorrect Behavior Order •