CVSS: 7.8EPSS: 1%CPEs: 38EXPL: 0CVE-2024-1394 – Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads
https://notcve.org/view.php?id=CVE-2024-1394
21 Mar 2024 — A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fa... • https://access.redhat.com/errata/RHSA-2024:1462 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0CVE-2024-2496 – Libvirt: null pointer dereference in udevconnectlistallinterfaces()
https://notcve.org/view.php?id=CVE-2024-2496
18 Mar 2024 — A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash. Se encontró una falla de desreferencia de puntero NULL en la función udevConnectListAllInterfaces() en libvirt. Este problema puede ocurrir al desconectar una int... • https://access.redhat.com/errata/RHSA-2024:2236 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 1CVE-2024-1441 – Libvirt: off-by-one error in udevlistinterfacesbystatus()
https://notcve.org/view.php?id=CVE-2024-1441
11 Mar 2024 — An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash. Se encontró una falla de error uno por uno en la función udevListInterfacesByStatus() en libvirt cuando el número de interfaces excede el tamaño de la matri... • https://github.com/almkuznetsov/CVE-2024-1441 • CWE-193: Off-by-one Error •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2023-6536 – Kernel: null pointer dereference in __nvmet_req_complete
https://notcve.org/view.php?id=CVE-2023-6536
07 Feb 2024 — A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. Se encontró una falla en el controlador NVMe del kernel de Linux. Este problema puede permitir que un actor malicioso no autenticado envíe un conjunto de paquetes TCP manipulados cuando usa NVMe sobre TCP, lo que lleva a... • https://access.redhat.com/errata/RHSA-2024:0723 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2023-6535 – Kernel: null pointer dereference in nvmet_tcp_execute_request
https://notcve.org/view.php?id=CVE-2023-6535
07 Feb 2024 — A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. Se encontró una falla en el controlador NVMe del kernel de Linux. Este problema puede permitir que un actor malicioso no autenticado envíe un conjunto de paquetes TCP manipulados cuando usa NVMe sobre TCP, lo que lleva a... • https://access.redhat.com/errata/RHSA-2024:0723 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2023-6356 – Kernel: null pointer dereference in nvmet_tcp_build_iovec
https://notcve.org/view.php?id=CVE-2023-6356
07 Feb 2024 — A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service. Se encontró una falla en el controlador NVMe del kernel de Linux. Este problema puede permitir que un actor malicioso no autenticado envíe un conjunto de paquetes TCP manipulados cuando usa NVMe sobre TCP, lo que llev... • https://access.redhat.com/errata/RHSA-2024:0723 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 78%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-5366 – Openvswitch don't match packets on nd_target field
https://notcve.org/view.php?id=CVE-2023-5366
06 Oct 2023 — A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. Se encontró una falla en Open vSwitch que permite que los paquetes de anuncios de vecinos ICMPv6 entre máquinas virtuales omitan las reglas de OpenFlow. Este problema puede permitir que un atac... • http://www.openwall.com/lists/oss-security/2024/02/08/4 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 89%CPEs: 18EXPL: 27CVE-2023-4911 – GNU C Library Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-4911
03 Oct 2023 — A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. Se descubrió un desbordamiento del búfer en el cargador dinámico ld.so de la librería GNU C mientras se procesaba la variable de entorno GLIBC_TUNABLES. Este problema podría permitir que... • https://packetstorm.news/files/id/176288 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •