CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-2626 – Debian Security Advisory 5648-1
https://notcve.org/view.php?id=CVE-2024-2626
20 Mar 2024 — Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) La lectura fuera de los límites en Swiftshader en Google Chrome anterior a 123.0.6312.58 permitía a un atacante remoto realizar acceso a memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media) Security issues were discovered in Chromium, which could resu... • https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2024-2625 – Debian Security Advisory 5648-1
https://notcve.org/view.php?id=CVE-2024-2625
20 Mar 2024 — Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) El problema del ciclo de vida de los objetos en V8 en Google Chrome anterior a 123.0.6312.58 permitía a un atacante remoto explotar potencialmente la corrupción de objetos a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Security issues were discovered in Chromium, which could result... • https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2024-24246 – Ubuntu Security Notice USN-6713-1
https://notcve.org/view.php?id=CVE-2024-24246
29 Feb 2024 — Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h. La vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en qpdf 11.9.0 permite a los atacantes bloquear la aplicación a través de la función std::__shared_count() en /bits/shared_ptr_base.h. It was discovered that QPDF incorrectly handled certain memory operations when decoding JSON files. If a user or automated system were tricked int... • https://github.com/qpdf/qpdf/issues/1123 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-1597 – pgjdbc SQL Injection via line comment generation
https://notcve.org/view.php?id=CVE-2024-1597
19 Feb 2024 — pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. • http://www.openwall.com/lists/oss-security/2024/04/02/6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-1048 – Grub2: grub2-set-bootflag can be abused by local (pseudo-)users
https://notcve.org/view.php?id=CVE-2024-1048
06 Feb 2024 — A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks. Se encontró una falla en la utilidad grub2-set-bootflag de grub2. Después de la corrección ... • http://www.openwall.com/lists/oss-security/2024/02/06/3 • CWE-459: Incomplete Cleanup •
CVSS: 7.8EPSS: 1%CPEs: 59EXPL: 0CVE-2023-5455 – Ipa: invalid csrf protection
https://notcve.org/view.php?id=CVE-2023-5455
10 Jan 2024 — A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing alrea... • https://access.redhat.com/errata/RHSA-2024:0137 • CWE-352: Cross-Site Request Forgery (CSRF) •