CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0CVE-2024-23984 – Ubuntu Security Notice USN-7149-1
https://notcve.org/view.php?id=CVE-2024-23984
16 Sep 2024 — Observable discrepancy in RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. Avraham Shalev and Nagaraju N Kodalapura discovered that some Intel Xeon processors did not properly restrict access to the memory controller when using Intel SGX. This may allow a local privileged attacker to further escalate their privileges. It was discovered that some 4th and 5th Generation Intel Xeon Processors did not properly implement finite... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01103.html • CWE-203: Observable Discrepancy •
CVSS: 5.6EPSS: 0%CPEs: 15EXPL: 0CVE-2024-24968 – microcode_ctl: Denial of Service
https://notcve.org/view.php?id=CVE-2024-24968
16 Sep 2024 — Improper finite state machines (FSMs) in hardware logic in some Intel(R) Processors may allow an privileged user to potentially enable a denial of service via local access. A flaw was found in intel Processors. Improper finite state machines (FSMs) in hardware logic in some Intel(R) Processors may allow an privileged user to enable a denial of service via local access. Avraham Shalev and Nagaraju N Kodalapura discovered that some Intel Xeon processors did not properly restrict access to the memory controlle... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01097.html • CWE-1245: Improper Finite State Machines (FSMs) in Hardware Logic •
CVSS: 3.4EPSS: 0%CPEs: 9EXPL: 0CVE-2024-8443 – Libopensc: heap buffer overflow in openpgp driver when generating key
https://notcve.org/view.php?id=CVE-2024-8443
10 Sep 2024 — A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution. Se encontró una vulnerabilidad de desbordamiento de búfer en el montón en el controlador OpenPGP de libopensc. Un dispositivo USB o una tarjeta inteligente creados con respuestas maliciosas a las APDU durante... • https://access.redhat.com/security/cve/CVE-2024-8443 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2024-8394 – thunderbird: Crash when aborting verification of OTR chat
https://notcve.org/view.php?id=CVE-2024-8394
06 Sep 2024 — When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2. A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. Gentoo Linux Security Advisory 202412-6 - Multiple vulnerabili... • https://bugzilla.mozilla.org/show_bug.cgi?id=1895737 • CWE-416: Use After Free •
CVSS: 3.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-45620 – Libopensc: incorrect handling of the length of buffers or files in pkcs15init
https://notcve.org/view.php?id=CVE-2024-45620
03 Sep 2024 — A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. • https://access.redhat.com/security/cve/CVE-2024-45620 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 0CVE-2024-45619 – Libopensc: incorrect handling length of buffers or files in libopensc
https://notcve.org/view.php?id=CVE-2024-45619
03 Sep 2024 — A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. • https://access.redhat.com/security/cve/CVE-2024-45619 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 3.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-45618 – Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init
https://notcve.org/view.php?id=CVE-2024-45618
03 Sep 2024 — A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. • https://access.redhat.com/security/cve/CVE-2024-45618 • CWE-457: Use of Uninitialized Variable •
CVSS: 3.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-45617 – Libopensc: uninitialized values after incorrect or missing checking return values of functions in libopensc
https://notcve.org/view.php?id=CVE-2024-45617
03 Sep 2024 — A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a s... • https://access.redhat.com/security/cve/CVE-2024-45617 • CWE-457: Use of Uninitialized Variable •
CVSS: 3.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-45616 – Libopensc: uninitialized values after incorrect check or usage of apdu response values in libopensc
https://notcve.org/view.php?id=CVE-2024-45616
03 Sep 2024 — A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a s... • https://access.redhat.com/security/cve/CVE-2024-45616 • CWE-457: Use of Uninitialized Variable •
CVSS: 3.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-45615 – Libopensc: pkcs15init: usage of uninitialized values in libopensc and pkcs15init
https://notcve.org/view.php?id=CVE-2024-45615
03 Sep 2024 — A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to ot... • https://access.redhat.com/security/cve/CVE-2024-45615 • CWE-457: Use of Uninitialized Variable •