CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2024-31145 – error handling in x86 IOMMU identity mapping
https://notcve.org/view.php?id=CVE-2024-31145
25 Sep 2024 — Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. In the logic establishing these mappings, error handling was fl... • https://xenbits.xenproject.org/xsa/advisory-460.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 0CVE-2024-8900 – firefox: Clipboard write permission bypass
https://notcve.org/view.php?id=CVE-2024-8900
17 Sep 2024 — An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129. An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3. The Mozilla Foundation's Security Advisory: An attacker could write data to the user's clipboard, bypassing the user pro... • https://bugzilla.mozilla.org/show_bug.cgi?id=1872841 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0CVE-2024-23984 – Ubuntu Security Notice USN-7149-1
https://notcve.org/view.php?id=CVE-2024-23984
16 Sep 2024 — Observable discrepancy in RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. Avraham Shalev and Nagaraju N Kodalapura discovered that some Intel Xeon processors did not properly restrict access to the memory controller when using Intel SGX. This may allow a local privileged attacker to further escalate their privileges. It was discovered that some 4th and 5th Generation Intel Xeon Processors did not properly implement finite... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01103.html • CWE-203: Observable Discrepancy •
CVSS: 5.6EPSS: 0%CPEs: 15EXPL: 0CVE-2024-24968 – microcode_ctl: Denial of Service
https://notcve.org/view.php?id=CVE-2024-24968
16 Sep 2024 — Improper finite state machines (FSMs) in hardware logic in some Intel(R) Processors may allow an privileged user to potentially enable a denial of service via local access. A flaw was found in intel Processors. Improper finite state machines (FSMs) in hardware logic in some Intel(R) Processors may allow an privileged user to enable a denial of service via local access. Avraham Shalev and Nagaraju N Kodalapura discovered that some Intel Xeon processors did not properly restrict access to the memory controlle... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01097.html • CWE-1245: Improper Finite State Machines (FSMs) in Hardware Logic •
CVSS: 3.4EPSS: 0%CPEs: 9EXPL: 0CVE-2024-8443 – Libopensc: heap buffer overflow in openpgp driver when generating key
https://notcve.org/view.php?id=CVE-2024-8443
10 Sep 2024 — A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution. Se encontró una vulnerabilidad de desbordamiento de búfer en el montón en el controlador OpenPGP de libopensc. Un dispositivo USB o una tarjeta inteligente creados con respuestas maliciosas a las APDU durante... • https://access.redhat.com/security/cve/CVE-2024-8443 • CWE-122: Heap-based Buffer Overflow •
CVSS: 3.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-45620 – Libopensc: incorrect handling of the length of buffers or files in pkcs15init
https://notcve.org/view.php?id=CVE-2024-45620
03 Sep 2024 — A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. • https://access.redhat.com/security/cve/CVE-2024-45620 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 0CVE-2024-45619 – Libopensc: incorrect handling length of buffers or files in libopensc
https://notcve.org/view.php?id=CVE-2024-45619
03 Sep 2024 — A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. • https://access.redhat.com/security/cve/CVE-2024-45619 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 3.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-45618 – Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init
https://notcve.org/view.php?id=CVE-2024-45618
03 Sep 2024 — A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. • https://access.redhat.com/security/cve/CVE-2024-45618 • CWE-457: Use of Uninitialized Variable •
CVSS: 3.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-45617 – Libopensc: uninitialized values after incorrect or missing checking return values of functions in libopensc
https://notcve.org/view.php?id=CVE-2024-45617
03 Sep 2024 — A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a s... • https://access.redhat.com/security/cve/CVE-2024-45617 • CWE-457: Use of Uninitialized Variable •
CVSS: 3.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-45616 – Libopensc: uninitialized values after incorrect check or usage of apdu response values in libopensc
https://notcve.org/view.php?id=CVE-2024-45616
03 Sep 2024 — A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a s... • https://access.redhat.com/security/cve/CVE-2024-45616 • CWE-457: Use of Uninitialized Variable •