CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-12086 – Rsync: rsync server leaks arbitrary client files
https://notcve.org/view.php?id=CVE-2024-12086
14 Jan 2025 — A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte ba... • https://access.redhat.com/security/cve/CVE-2024-12086 • CWE-390: Detection of Error Condition Without Action •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2024-12085 – Rsync: info leak via uninitialized stack contents
https://notcve.org/view.php?id=CVE-2024-12085
14 Jan 2025 — A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitializ... • https://access.redhat.com/security/cve/CVE-2024-12085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2024-53920 – Debian Security Advisory 5871-1
https://notcve.org/view.php?id=CVE-2024-53920
27 Nov 2024 — In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.) In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on un... • https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.0EPSS: 0%CPEs: 21EXPL: 0CVE-2024-3447 – Qemu: sdhci: heap buffer overflow in sdhci_write_dataport()
https://notcve.org/view.php?id=CVE-2024-3447
14 Nov 2024 — A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. • https://access.redhat.com/security/cve/CVE-2024-3447 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-46951 – Debian Security Advisory 5808-1
https://notcve.org/view.php?id=CVE-2024-46951
10 Nov 2024 — An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed. • https://bugs.ghostscript.com/show_bug.cgi?id=707991 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-46953 – Debian Security Advisory 5808-1
https://notcve.org/view.php?id=CVE-2024-46953
10 Nov 2024 — An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution. Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed. • https://bugs.ghostscript.com/show_bug.cgi?id=707793 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2024-46955 – Debian Security Advisory 5808-1
https://notcve.org/view.php?id=CVE-2024-46955
10 Nov 2024 — An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed. • https://bugs.ghostscript.com/show_bug.cgi?id=707990 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2024-9632 – Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-9632
30 Oct 2024 — A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges. Se encontró un fallo en el servidor X.org. Debido a que el tamaño de asignación no se rastrea correctamente en _XkbSetCompatMap, un atacante local podría desencadenar una condición d... • https://access.redhat.com/security/cve/CVE-2024-9632 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-22034 – Crafted projects can overwrite special files in the .osc config directory
https://notcve.org/view.php?id=CVE-2024-22034
16 Oct 2024 — Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim Los atacantes podrían colocar los archivos especiales en .osc en las fuentes del paquete real (por ejemplo, _apiurl). Esto permite al atacante cambiar la configuración de osc para la víctima. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22034 •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2024-22029 – tomcat packaging allows for escalation to root from tomcat user
https://notcve.org/view.php?id=CVE-2024-22029
16 Oct 2024 — Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root Los permisos inseguros en el empaquetado de Tomcat permiten que los usuarios locales que ganan una carrera durante la instalación del paquete escalen a la raíz • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22029 • CWE-732: Incorrect Permission Assignment for Critical Resource •