CVSS: 10.0EPSS: 0%CPEs: 25EXPL: 0CVE-2022-48624 – less: missing quoting of shell metacharacters in LESSCLOSE handling
https://notcve.org/view.php?id=CVE-2022-48624
19 Feb 2024 — close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE. close_altfile en filename.c en less antes de 606 omite las llamadas shell_quote para LESSCLOSE. A flaw was found in less. The close_altfile() function in filename.c omits shell_quote calls for LESSCLOSE, a command line to invoke the optional input postprocessor. This issue could lead to an OS command injection vulnerability and arbitrary command execution on the host operating system. Several vulnerabilities were discovere... • https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.0EPSS: 0%CPEs: 12EXPL: 0CVE-2024-26328 – Ubuntu Security Notice USN-6977-1
https://notcve.org/view.php?id=CVE-2024-26328
19 Feb 2024 — An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled. Se descubrió un problema en QEMU 7.1.0 a 8.2.1. Register_vfs en hw/pci/pcie_sriov.c no configura NumVFs en PCI_SRIOV_TOTAL_VF y, por lo tanto, la interacción con hw/nvme/ctrl.c no se maneja correctamente. This update for qemu fixes the following issues. Fixed buffer overflow via invalid SR/IOV NumVFs value. • https://lore.kernel.org/all/20240213055345-mutt-send-email-mst%40kernel.org •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-20925
https://notcve.org/view.php?id=CVE-2024-20925
17 Feb 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attac... • https://www.oracle.com/security-alerts/cpujan2024.html •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-20923
https://notcve.org/view.php?id=CVE-2024-20923
17 Feb 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attac... • https://www.oracle.com/security-alerts/cpujan2024.html • CWE-693: Protection Mechanism Failure •
CVSS: 9.3EPSS: 0%CPEs: 39EXPL: 0CVE-2024-1488 – Unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation
https://notcve.org/view.php?id=CVE-2024-1488
15 Feb 2024 — A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether. Se encontr... • https://access.redhat.com/errata/RHSA-2024:1750 • CWE-15: External Control of System or Configuration Setting CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 47%CPEs: 39EXPL: 1CVE-2023-50868 – bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources
https://notcve.org/view.php?id=CVE-2023-50868
13 Feb 2024 — The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations. El aspecto Closest Encloser Proof del protocolo DNS (en RFC 5155 cuando se omite la guía RFC 9276) permite a a... • https://github.com/Goethe-Universitat-Cybersecurity/NSEC3-Encloser-Attack • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 13EXPL: 0CVE-2023-6681 – Jwcrypto: denail of service via specifically crafted jwe
https://notcve.org/view.php?id=CVE-2023-6681
12 Feb 2024 — A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack. Se encontró una vulnerabilidad en JWCrypto. Esta falla permite que un atacante provoque un ataque de denegación de servicio (DoS) y posibles ataques de fuerza bruta y diccionario de contraseñas que consuman m... • https://access.redhat.com/errata/RHSA-2024:3267 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2024-1062 – 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)
https://notcve.org/view.php?id=CVE-2024-1062
12 Feb 2024 — A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr. Se encontró una falla de desbordamiento de búfer de almacenamiento dinámico en 389-ds-base. Este problema provoca una denegación de servicio al escribir un valor superior a 256 caracteres en log_entry_attr. An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. • https://access.redhat.com/errata/RHSA-2024:1074 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 23EXPL: 0CVE-2024-25744 – kernel: untrusted VMM can trigger int80 syscall handling
https://notcve.org/view.php?id=CVE-2024-25744
12 Feb 2024 — In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. En el kernel de Linux anterior a 6.6.7, un VMM que no es de confianza puede activar el manejo de llamadas al sistema int80 en cualquier punto dado. Esto está relacionado con arch/x86/coco/tdx/tdx.c y arch/x86/mm/mem_encrypt_amd.c. A flaw was found in the Linux kernel. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.7 • CWE-693: Protection Mechanism Failure •
CVSS: 10.0EPSS: 0%CPEs: 40EXPL: 0CVE-2024-20919 – OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
https://notcve.org/view.php?id=CVE-2024-20919
24 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, O... • https://www.oracle.com/security-alerts/cpujan2024.html • CWE-20: Improper Input Validation •