CVSS: 8.8EPSS: 1%CPEs: 18EXPL: 0CVE-2024-3019 – Pcp: exposure of the redis server backend allows remote command execution via pmproxy
https://notcve.org/view.php?id=CVE-2024-3019
28 Mar 2024 — A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. • https://access.redhat.com/errata/RHSA-2024:2566 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2024-29025 – Netty HttpPostRequestDecoder can OOM
https://notcve.org/view.php?id=CVE-2024-29025
25 Mar 2024 — Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecoded... • https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47154 – Ubuntu Security Notice USN-6712-1
https://notcve.org/view.php?id=CVE-2021-47154
18 Mar 2024 — The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. El módulo Net::CIDR::Lite anterior a 0.22 para Perl no considera adecuadamente los caracteres cero extraños al comienzo de una cadena de dirección IP, lo que (en algunas situaciones) permite a los atacantes eludir el control de acceso basado en direcciones IP. It was ... • https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros •
CVSS: 6.5EPSS: 0%CPEs: 32EXPL: 0CVE-2023-28746 – kernel: Local information disclosure on Intel(R) Atom(R) processors
https://notcve.org/view.php?id=CVE-2023-28746
14 Mar 2024 — Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. La exposición de la información a través del estado de la microarquitectura después de la ejecución transitoria de algunos archivos de registro para algunos procesadores Intel(R) Atom(R) puede permitir que un usuario autenticado potencialmente habilite la divulgación de info... • http://www.openwall.com/lists/oss-security/2024/03/12/13 • CWE-1342: Information Exposure through Microarchitectural State after Transient Execution •
CVSS: 8.1EPSS: 0%CPEs: 30EXPL: 0CVE-2024-23263 – webkit: processing malicious web content prevents Content Security Policy from being enforced
https://notcve.org/view.php?id=CVE-2024-23263
08 Mar 2024 — A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Se abordó un problema de lógica con una validación mejorada. Este problema se solucionó en tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7.6, Safari ... • http://seclists.org/fulldisclosure/2024/Mar/20 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 34EXPL: 0CVE-2024-23280 – webkit: maliciously crafted webpage may be able to fingerprint the user
https://notcve.org/view.php?id=CVE-2024-23280
08 Mar 2024 — An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user. Se solucionó un problema de inyección con una validación mejorada. Este problema se solucionó en Safari 17.4, macOS Sonoma 14.4, iOS 17.4 y iPadOS 17.4, watchOS 10.4, tvOS 17.4. • http://seclists.org/fulldisclosure/2024/Mar/20 •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2024-23254 – webkit: malicious website may exfiltrate audio data cross-origin
https://notcve.org/view.php?id=CVE-2024-23254
08 Mar 2024 — The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin. El problema se solucionó mejorando el manejo de la interfaz de usuario. Este problema se solucionó en tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, Safari 17.4. • http://seclists.org/fulldisclosure/2024/Mar/20 •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2024-23284 – webkit: processing maliciously crafted web content prevents Content Security Policy from being enforced
https://notcve.org/view.php?id=CVE-2024-23284
08 Mar 2024 — A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Se abordó una cuestión de lógica con una mejor gestión de estado. Este problema se solucionó en tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7... • http://seclists.org/fulldisclosure/2024/Mar/20 • CWE-693: Protection Mechanism Failure •
CVSS: 10.0EPSS: 0%CPEs: 23EXPL: 0CVE-2024-23226 – Apple Security Advisory 03-07-2024-7
https://notcve.org/view.php?id=CVE-2024-23226
08 Mar 2024 — The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. Processing web content may lead to arbitrary code execution. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, tvOS 17.4. • http://seclists.org/fulldisclosure/2024/Mar/21 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6917 – Pcp: unsafe use of directories allows pcp to root privilege escalation
https://notcve.org/view.php?id=CVE-2023-6917
28 Feb 2024 — A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compro... • https://access.redhat.com/errata/RHSA-2024:2213 • CWE-378: Creation of Temporary File With Insecure Permissions •