CVSS: 8.2EPSS: 0%CPEs: 22EXPL: 1CVE-2024-1441 – Libvirt: off-by-one error in udevlistinterfacesbystatus()
https://notcve.org/view.php?id=CVE-2024-1441
11 Mar 2024 — An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash. Se encontró una falla de error uno por uno en la función udevListInterfacesByStatus() en libvirt cuando el número de interfaces excede el tamaño de la matri... • https://github.com/almkuznetsov/CVE-2024-1441 • CWE-193: Off-by-one Error •
CVSS: 10.0EPSS: 0%CPEs: 36EXPL: 3CVE-2024-28757 – expat: XML Entity Expansion
https://notcve.org/view.php?id=CVE-2024-28757
10 Mar 2024 — libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). libexpat hasta 2.6.1 permite un ataque de expansión de entidad XML cuando hay un uso aislado de analizadores externos (creados a través de XML_ExternalEntityParserCreate). An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers. • https://github.com/RenukaSelvar/expat_CVE-2024-28757 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 9.0EPSS: 0%CPEs: 19EXPL: 0CVE-2024-24474 – Ubuntu Security Notice USN-6954-1
https://notcve.org/view.php?id=CVE-2024-24474
20 Feb 2024 — QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len. QEMU anterior a 8.2.0 tiene un desbordamiento de número entero y un desbordamiento de búfer resultante, a través de un comando TI cuando una longitud de transferencia esperada que no es DMA es menor que la longitud de los datos FIFO disponibles... • https://gist.github.com/1047524396/5ce07b9d387095c276b1cd234ae5615e • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-36774 – Gentoo Linux Security Advisory 202402-27
https://notcve.org/view.php?id=CVE-2020-36774
19 Feb 2024 — plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash). plugins/gtk+/glade-gtk-box.c en GNOME Glade anterior a 3.38.1 y 3.39.x anterior a 3.40.0 maneja mal la reconstrucción de widgets para GladeGtkBox, lo que provoca una denegación de servicio (caída de la aplicación). A vulnerability has been discovered in Glade which can lead to a denial of service. Versions greater than or equal t... • https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17 • CWE-664: Improper Control of a Resource Through its Lifetime •
CVSS: 10.0EPSS: 0%CPEs: 25EXPL: 0CVE-2022-48624 – less: missing quoting of shell metacharacters in LESSCLOSE handling
https://notcve.org/view.php?id=CVE-2022-48624
19 Feb 2024 — close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE. close_altfile en filename.c en less antes de 606 omite las llamadas shell_quote para LESSCLOSE. A flaw was found in less. The close_altfile() function in filename.c omits shell_quote calls for LESSCLOSE, a command line to invoke the optional input postprocessor. This issue could lead to an OS command injection vulnerability and arbitrary command execution on the host operating system. Several vulnerabilities were discovere... • https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.3EPSS: 0%CPEs: 39EXPL: 0CVE-2024-1488 – Unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation
https://notcve.org/view.php?id=CVE-2024-1488
15 Feb 2024 — A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether. Se encontr... • https://access.redhat.com/errata/RHSA-2024:1750 • CWE-15: External Control of System or Configuration Setting CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46049 – llvm LLVM-15 Null Pointer
https://notcve.org/view.php?id=CVE-2023-46049
29 Jan 2024 — LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to llvm-lto. NOTE: this is disputed because the relationship between pdflatex.fmt and any LLVM language front end is not explained, and because a crash of the llvm-lto application should be categorized as a usability problem. LLVM 15.0.0 tiene una desreferencia de puntero NULL en la función parseOneMetadata() a través de un archivo pdflatex.fmt modificado (o quizás un ... • http://seclists.org/fulldisclosure/2024/Jan/66 • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 14EXPL: 0CVE-2023-39804 – Ubuntu Security Notice USN-6543-1
https://notcve.org/view.php?id=CVE-2023-39804
11 Dec 2023 — In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. En GNU tar anterior a 1.35, los atributos de extensión mal manejados en un archivo PAX pueden provocar un bloqueo de la aplicación en xheader.c. It was discovered that tar incorrectly handled extended attributes in PAX archives. An attacker could use this issue to cause tar to crash, resulting in a denial of service. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079 •
CVSS: 10.0EPSS: 3%CPEs: 39EXPL: 0CVE-2023-44446 – GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44446
15 Nov 2023 — GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • https://gstreamer.freedesktop.org/security/sa-2023-0010.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2021-34981 – Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-34981
21 Oct 2021 — Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the CMTP module. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. • https://www.zerodayinitiative.com/advisories/ZDI-21-1223 • CWE-415: Double Free •