CVSS: 7.4EPSS: 0%CPEs: 23EXPL: 0CVE-2024-11614 – Dpdk: denial of service from malicious guest on hypervisors using dpdk vhost library
https://notcve.org/view.php?id=CVE-2024-11614
18 Dec 2024 — An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset. An update for dpdk is now available for Red Hat Enterprise Linux 8.6 Ad... • https://access.redhat.com/security/cve/CVE-2024-11614 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-53920 – emacs: arbitrary code execution via Lisp macro expansion
https://notcve.org/view.php?id=CVE-2024-53920
27 Nov 2024 — In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.) In elisp-mode.el in GNU Emacs before 30.1, a user who chooses to invoke elisp-completion-at-point (for code completion) on un... • https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.0EPSS: 0%CPEs: 21EXPL: 0CVE-2024-3447 – Qemu: sdhci: heap buffer overflow in sdhci_write_dataport()
https://notcve.org/view.php?id=CVE-2024-3447
14 Nov 2024 — A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. • https://access.redhat.com/security/cve/CVE-2024-3447 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2024-46955 – Debian Security Advisory 5808-1
https://notcve.org/view.php?id=CVE-2024-46955
10 Nov 2024 — An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed. • https://bugs.ghostscript.com/show_bug.cgi?id=707990 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-46951 – ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space
https://notcve.org/view.php?id=CVE-2024-46951
10 Nov 2024 — An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. A flaw was found in Artifex Ghostscript's psi/zcolor.c component. This vulnerability allows arbitrary code execution via an unchecked implementation pointer in the Pattern color space. Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially ... • https://bugs.ghostscript.com/show_bug.cgi?id=707991 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2024-46953 – ghostscript: Path Traversal and Code Execution via Integer Overflow in Ghostscript
https://notcve.org/view.php?id=CVE-2024-46953
10 Nov 2024 — An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution. A flaw was found in Artifex Ghostscript base/gsdevice.c. This vulnerability allows path truncation, path traversal, and possible code execution via an integer overflow when parsing the filename format string for the output filename. Multiple security issues were disco... • https://bugs.ghostscript.com/show_bug.cgi?id=707793 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 37EXPL: 0CVE-2024-9632 – Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-9632
30 Oct 2024 — A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges. Se encontró un fallo en el servidor X.org. Debido a que el tamaño de asignación no se rastrea correctamente en _XkbSetCompatMap, un atacante local podría desencadenar una condición d... • https://access.redhat.com/security/cve/CVE-2024-9632 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2024-22029 – tomcat packaging allows for escalation to root from tomcat user
https://notcve.org/view.php?id=CVE-2024-22029
16 Oct 2024 — Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root Los permisos inseguros en el empaquetado de Tomcat permiten que los usuarios locales que ganan una carrera durante la instalación del paquete escalen a la raíz • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22029 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.4EPSS: 0%CPEs: 41EXPL: 0CVE-2024-21217 – JDK: Unbounded allocation leads to out-of-memory error (8331446)
https://notcve.org/view.php?id=CVE-2024-21217
15 Oct 2024 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and 21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM f... • https://www.oracle.com/security-alerts/cpuoct2024.html • CWE-502: Deserialization of Untrusted Data CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 6.8EPSS: 1%CPEs: 38EXPL: 0CVE-2024-9676 – Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos)
https://notcve.org/view.php?id=CVE-2024-9676
15 Oct 2024 — A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to r... • https://access.redhat.com/errata/RHSA-2024:10289 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •