CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 0CVE-2024-10979 – PostgreSQL PL/Perl environment variable changes execute arbitrary code
https://notcve.org/view.php?id=CVE-2024-10979
14 Nov 2024 — Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected. A flaw was found in PostgreSQL PL/Perl. • https://www.postgresql.org/support/security/CVE-2024-10979 • CWE-15: External Control of System or Configuration Setting •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10978 – PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID
https://notcve.org/view.php?id=CVE-2024-10978
14 Nov 2024 — Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE ... • https://www.postgresql.org/support/security/CVE-2024-10978 • CWE-266: Incorrect Privilege Assignment •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10977 – PostgreSQL libpq retains an error message from man-in-the-middle
https://notcve.org/view.php?id=CVE-2024-10977
14 Nov 2024 — Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15... • https://www.postgresql.org/support/security/CVE-2024-10977 • CWE-348: Use of Less Trusted Source •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10976 – PostgreSQL row security below e.g. subqueries disregards user ID changes
https://notcve.org/view.php?id=CVE-2024-10976
14 Nov 2024 — Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied... • https://www.postgresql.org/support/security/CVE-2024-10976 • CWE-1250: Improper Preservation of Consistency Between Independent Representations of Shared State •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51566 – bhyve(8) NVMe driver to guest-induced infinite loops.
https://notcve.org/view.php?id=CVE-2024-51566
12 Nov 2024 — The NVMe driver queue processing is vulernable to guest-induced infinite loops. • https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51565 – bhyve(8) hda driver buffer over-read
https://notcve.org/view.php?id=CVE-2024-51565
12 Nov 2024 — The hda driver is vulnerable to a buffer over-read from a guest-controlled value. • https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 37EXPL: 0CVE-2024-9632 – Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2024-9632
30 Oct 2024 — A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges. Se encontró un fallo en el servidor X.org. Debido a que el tamaño de asignación no se rastrea correctamente en _XkbSetCompatMap, un atacante local podría desencadenar una condición d... • https://access.redhat.com/security/cve/CVE-2024-9632 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45289 – Unbounded allocation in ctl(4) CAM Target Layer
https://notcve.org/view.php?id=CVE-2024-45289
29 Oct 2024 — The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a certificate included in the revocation file passed to the --crl option. • https://security.freebsd.org/advisories/FreeBSD-SA-24:18.ctl.asc • CWE-665: Improper Initialization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39281 – Unbounded allocation in ctl(4) CAM Target Layer
https://notcve.org/view.php?id=CVE-2024-39281
29 Oct 2024 — The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator. The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator. A malicious guest could cause a Denial of Service (DoS) on the host. • https://security.freebsd.org/advisories/FreeBSD-SA-24:18.ctl.asc • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51562 – bhyve(8) nvme_opc_get_log_page buffer over-read
https://notcve.org/view.php?id=CVE-2024-51562
29 Oct 2024 — The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over-read from a guest-controlled value. Several vulnerabilities were found in the bhyve hypervisor's device models. The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over- read from a guest-controlled value. The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition. A guest can trigger an infinite loop in the hda audio driver. • https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc • CWE-125: Out-of-bounds Read •