CVSS: 9.3EPSS: 0%CPEs: 39EXPL: 0CVE-2024-1488 – Unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation
https://notcve.org/view.php?id=CVE-2024-1488
15 Feb 2024 — A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether. Se encontr... • https://access.redhat.com/errata/RHSA-2024:1750 • CWE-15: External Control of System or Configuration Setting CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 56%CPEs: 39EXPL: 1CVE-2023-50868 – bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources
https://notcve.org/view.php?id=CVE-2023-50868
13 Feb 2024 — The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations. El aspecto Closest Encloser Proof del protocolo DNS (en RFC 5155 cuando se omite la guía RFC 9276) permite a a... • https://github.com/Goethe-Universitat-Cybersecurity/NSEC3-Encloser-Attack • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2024-1062 – 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)
https://notcve.org/view.php?id=CVE-2024-1062
12 Feb 2024 — A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr. Se encontró una falla de desbordamiento de búfer de almacenamiento dinámico en 389-ds-base. Este problema provoca una denegación de servicio al escribir un valor superior a 256 caracteres en log_entry_attr. An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. • https://access.redhat.com/errata/RHSA-2024:1074 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2023-6536 – Kernel: null pointer dereference in __nvmet_req_complete
https://notcve.org/view.php?id=CVE-2023-6536
07 Feb 2024 — A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. Se encontró una falla en el controlador NVMe del kernel de Linux. Este problema puede permitir que un actor malicioso no autenticado envíe un conjunto de paquetes TCP manipulados cuando usa NVMe sobre TCP, lo que lleva a... • https://access.redhat.com/errata/RHSA-2024:0723 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2023-6535 – Kernel: null pointer dereference in nvmet_tcp_execute_request
https://notcve.org/view.php?id=CVE-2023-6535
07 Feb 2024 — A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. Se encontró una falla en el controlador NVMe del kernel de Linux. Este problema puede permitir que un actor malicioso no autenticado envíe un conjunto de paquetes TCP manipulados cuando usa NVMe sobre TCP, lo que lleva a... • https://access.redhat.com/errata/RHSA-2024:0723 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2023-6356 – Kernel: null pointer dereference in nvmet_tcp_build_iovec
https://notcve.org/view.php?id=CVE-2023-6356
07 Feb 2024 — A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service. Se encontró una falla en el controlador NVMe del kernel de Linux. Este problema puede permitir que un actor malicioso no autenticado envíe un conjunto de paquetes TCP manipulados cuando usa NVMe sobre TCP, lo que llev... • https://access.redhat.com/errata/RHSA-2024:0723 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 40EXPL: 0CVE-2024-20919 – OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
https://notcve.org/view.php?id=CVE-2024-20919
24 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, O... • https://www.oracle.com/security-alerts/cpujan2024.html • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 36EXPL: 0CVE-2024-20921 – OpenJDK: range check loop optimization issue (8314307)
https://notcve.org/view.php?id=CVE-2024-20921
24 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, O... • https://www.oracle.com/security-alerts/cpujan2024.html • CWE-20: Improper Input Validation CWE-276: Incorrect Default Permissions •
CVSS: 5.1EPSS: 0%CPEs: 36EXPL: 0CVE-2024-20945 – OpenJDK: logging of digital signature private keys (8316976)
https://notcve.org/view.php?id=CVE-2024-20945
24 Jan 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Ente... • https://www.oracle.com/security-alerts/cpujan2024.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0CVE-2024-0229 – Xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
https://notcve.org/view.php?id=CVE-2024-0229
17 Jan 2024 — An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments. Se encontró una falla de acceso a la memoria fuera de los límites en el servidor X.Org. Este problema puede desencadenarse cuando un dispositivo congelado po... • https://access.redhat.com/errata/RHSA-2024:0320 • CWE-787: Out-of-bounds Write CWE-788: Access of Memory Location After End of Buffer •