CVSS: 7.4EPSS: 0%CPEs: 19EXPL: 0CVE-2024-20918 – OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)
https://notcve.org/view.php?id=CVE-2024-20918
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. • https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html https://security.netapp.com/advisory/ntap-20240201-0002 https://www.oracle.com/security-alerts/cpujan2024.html https://access.redhat.com/security/cve/CVE-2024-20918 https://bugzilla.redhat.com/show_bug.cgi?id=2257728 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 2CVE-2024-0567 – Gnutls: rejects certificate chain with distributed trust
https://notcve.org/view.php?id=CVE-2024-0567
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. Se encontró una vulnerabilidad en GnuTLS, donde una cabina (que usa gnuTLS) rechaza una cadena de certificados con confianza distribuida. Este problema ocurre al validar una cadena de certificados con cockpit-certificate-ensure. • http://www.openwall.com/lists/oss-security/2024/01/19/3 https://access.redhat.com/errata/RHSA-2024:0533 https://access.redhat.com/errata/RHSA-2024:1082 https://access.redhat.com/errata/RHSA-2024:1383 https://access.redhat.com/errata/RHSA-2024:2094 https://access.redhat.com/security/cve/CVE-2024-0567 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://lists.fedoraproject.org/archives/list/package-announce@lists. • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-0565 – Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client
https://notcve.org/view.php?id=CVE-2024-0565
An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service. Se encontró un fallo de lectura de memoria fuera de los límites en receive_encrypted_standard en fs/smb/client/smb2ops.c en el subcomponente SMB Client en el kernel de Linux. Este problema se produce debido a un desbordamiento insuficiente de enteros en la longitud de memcpy, lo que provoca una denegación de servicio. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. • https://access.redhat.com/errata/RHSA-2024:1188 https://access.redhat.com/errata/RHSA-2024:1404 https://access.redhat.com/errata/RHSA-2024:1532 https://access.redhat.com/errata/RHSA-2024:1533 https://access.redhat.com/errata/RHSA-2024:1607 https://access.redhat.com/errata/RHSA-2024:1614 https://access.redhat.com/errata/RHSA-2024:2093 https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/security/cve/CVE-2024-0565 https://bugzilla.redhat.com/show • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-21982 – CVE-2024-21982 Information Disclosure Vulnerability in ONTAP 9
https://notcve.org/view.php?id=CVE-2024-21982
ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store profiler command is being run by an administrative user. Las versiones de ONTAP 9.4 y superiores son susceptibles a una vulnerabilidad que, cuando se explota con éxito, podría provocar la divulgación de información confidencial a atacantes sin privilegios cuando un usuario administrativo ejecuta el comando del generador de perfiles del almacén de objetos. • https://security.netapp.com/advisory/ntap-20240111-0001 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27319 – CVE-2023-27319 Information Disclosure Vulnerability in ONTAP Mediator
https://notcve.org/view.php?id=CVE-2023-27319
ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API. Las versiones de ONTAP Mediator anteriores a la 1.7 son susceptibles a una vulnerabilidad que puede permitir que un atacante no autenticado enumere URLs a través de la API REST. • https://security.netapp.com/advisory/ntap-20231221-0011 • CWE-209: Generation of Error Message Containing Sensitive Information •