CVSS: 7.6EPSS: 7%CPEs: 19EXPL: 0CVE-2023-50186 – GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-50186
19 Apr 2024 — GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of metadata within AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data ... • https://gstreamer.freedesktop.org/security/sa-2023-0011.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 7.1EPSS: 0%CPEs: 27EXPL: 0CVE-2023-3758 – Sssd: race condition during authorization leads to gpo policies functioning inconsistently
https://notcve.org/view.php?id=CVE-2023-3758
18 Apr 2024 — A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. Se encontró una falla en la condición de ejecución en sssd donde la política de GPO no se aplica de manera consistente para los usuarios autenticados. Esto puede dar lugar a problemas de autorización inapropiados, otorgando o denegando acceso a recursos de manera inapropiada. It was discovere... • https://access.redhat.com/errata/RHSA-2024:1919 • CWE-285: Improper Authorization CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21121 – Oracle VirtualBox OHCI USB Controller Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-21121
16 Apr 2024 — Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ac... • https://www.oracle.com/security-alerts/cpuapr2024.html • CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21120
https://notcve.org/view.php?id=CVE-2024-21120
16 Apr 2024 — Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible da... • https://www.oracle.com/security-alerts/cpuapr2024.html • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21119
https://notcve.org/view.php?id=CVE-2024-21119
16 Apr 2024 — Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible da... • https://www.oracle.com/security-alerts/cpuapr2024.html •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21118
https://notcve.org/view.php?id=CVE-2024-21118
16 Apr 2024 — Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible da... • https://www.oracle.com/security-alerts/cpuapr2024.html • CWE-269: Improper Privilege Management •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21117
https://notcve.org/view.php?id=CVE-2024-21117
16 Apr 2024 — Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible da... • https://www.oracle.com/security-alerts/cpuapr2024.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21116 – Oracle VirtualBox vboxdrv Improper Privilege Management Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-21116
16 Apr 2024 — Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. • https://www.oracle.com/security-alerts/cpuapr2024.html • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21115 – Oracle VirtualBox DevVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-21115
16 Apr 2024 — Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Ora... • https://www.oracle.com/security-alerts/cpuapr2024.html • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21114 – Oracle VirtualBox VirtIOCore Buffer Overflow Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-21114
16 Apr 2024 — Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Ora... • https://www.oracle.com/security-alerts/cpuapr2024.html • CWE-284: Improper Access Control •