CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51566 – bhyve(8) NVMe driver to guest-induced infinite loops.
https://notcve.org/view.php?id=CVE-2024-51566
12 Nov 2024 — The NVMe driver queue processing is vulernable to guest-induced infinite loops. • https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51565 – bhyve(8) hda driver buffer over-read
https://notcve.org/view.php?id=CVE-2024-51565
12 Nov 2024 — The hda driver is vulnerable to a buffer over-read from a guest-controlled value. • https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51564 – bhyve(8) infinite loop in the hda audio driver
https://notcve.org/view.php?id=CVE-2024-51564
12 Nov 2024 — A guest can trigger an infinite loop in the hda audio driver. • https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51563 – bhyve(8) virtio_vq_recordon time-of-check to time-of-use race
https://notcve.org/view.php?id=CVE-2024-51563
12 Nov 2024 — The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition. • https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51562 – bhyve(8) nvme_opc_get_log_page buffer over-read
https://notcve.org/view.php?id=CVE-2024-51562
12 Nov 2024 — The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over-read from a guest-controlled value. • https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-9936 – Ubuntu Security Notice USN-7078-1
https://notcve.org/view.php?id=CVE-2024-9936
14 Oct 2024 — When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3. Atte Kettunen discovered that Firefox did not properly validate before inserting ranges into the selection node cache. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1920381 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 34%CPEs: 36EXPL: 2CVE-2024-9680 – Mozilla Firefox Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2024-9680
09 Oct 2024 — An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, and Firefox ESR < 115.16.1. An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. • https://github.com/tdonaworth/Firefox-CVE-2024-9680 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 34%CPEs: 4EXPL: 0CVE-2024-9370 – Debian Security Advisory 5781-1
https://notcve.org/view.php?id=CVE-2024-9370
03 Oct 2024 — This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47804 – jenkins: Item creation restriction bypass vulnerability
https://notcve.org/view.php?id=CVE-2024-47804
02 Oct 2024 — If an attempt is made to create an item of a type prohibited by `ACL#hasCreatePermission2` or `TopLevelItemDescriptor#isApplicableIn(ItemGroup)` through the Jenkins CLI or the REST API and either of these checks fail, Jenkins 2.478 and earlier, LTS 2.462.2 and earlier creates the item in memory, only deleting it from disk, allowing attackers with Item/Configure permission to save the item to persist it, effectively bypassing the item creation restriction. A flaw was found in Jenkins. When attempting to crea... • https://www.jenkins.io/security/advisory/2024-10-02/#SECURITY-3448 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-1220: Insufficient Granularity of Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47803 – jenkins: Exposure of multi-line secrets through error messages
https://notcve.org/view.php?id=CVE-2024-47803
02 Oct 2024 — Jenkins 2.478 and earlier, LTS 2.462.2 and earlier does not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field. A flaw was found in Jenkins. Certain versions do not redact multi-line secret values in error messages generated for form submissions involving the `secretTextarea` form field. • https://www.jenkins.io/security/advisory/2024-10-02/#SECURITY-3451 • CWE-209: Generation of Error Message Containing Sensitive Information •