Page 53 of 3085 results (0.013 seconds)

CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0

CVE-2023-0330 – Qemu: lsi53c895a: dma reentrancy issue leads to stack overflow

https://notcve.org/view.php?id=CVE-2023-0330

A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. • https://access.redhat.com/security/cve/CVE-2023-0330 https://bugzilla.redhat.com/show_bug.cgi?id=2160151 https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 1

CVE-2023-27561 – runc: volume mount race condition (regression of CVE-2019-19921)

https://notcve.org/view.php?id=CVE-2023-27561

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. A flaw was found in runc. An attacker who controls the container image for two containers that share a volume can race volume mounts during container initialization by adding a symlink to the rootfs that points to a directory on the volume. • https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9 https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334 https://github.com/opencontainers/runc/issues/3751 https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF https://lists.fedoraproject.org • CWE-41: Improper Resolution of Path Equivalence CWE-706: Use of Incorrectly-Resolved Name or Reference •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1

CVE-2023-24758

https://notcve.org/view.php?id=CVE-2023-24758

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. • https://github.com/strukturag/libde265/issues/383 https://lists.debian.org/debian-lts-announce/2023/03/msg00004.html • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1

CVE-2023-24756

https://notcve.org/view.php?id=CVE-2023-24756

libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. • https://github.com/strukturag/libde265/issues/380 https://lists.debian.org/debian-lts-announce/2023/03/msg00004.html • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

CVE-2023-25221

https://notcve.org/view.php?id=CVE-2023-25221

Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc. • https://github.com/strukturag/libde265/issues/388 https://lists.debian.org/debian-lts-announce/2023/03/msg00004.html • CWE-787: Out-of-bounds Write •