CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-11614 – Dpdk: denial of service from malicious guest on hypervisors using dpdk vhost library
https://notcve.org/view.php?id=CVE-2024-11614
18 Dec 2024 — An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset. An update for dpdk is now available for Red Hat Enterprise Linux 8.6 Ad... • https://access.redhat.com/security/cve/CVE-2024-11614 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-48916 – ceph: rhceph-container: Authentication bypass in CEPH RadosGW
https://notcve.org/view.php?id=CVE-2024-48916
09 Dec 2024 — A vulnerability in the Ceph Rados Gateway (RadosGW) OIDC provider allows attackers to bypass JWT signature verification by supplying a token with "none" as the algorithm (alg). This occurs because the implementation fails to enforce strict signature validation, enabling attackers to forge valid tokens without a signature. ceph: rhceph-container: Authentication bypass in CEPH RadosGW It was discovered that Ceph incorrectly handled unsupported JWT algorithms in the RadosGW gateway. An attacker could possibly ... • https://access.redhat.com/security/cve/CVE-2024-48916 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8676 – Cri-o: checkpoint restore can be triggered from different namespaces
https://notcve.org/view.php?id=CVE-2024-8676
26 Nov 2024 — A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the pod spec, verifying that the pod has access to the mounts it specifies are not applicable to a restored container. This flaw allows a malicious user to trick CRI-O into restoring a pod that doesn't have access to h... • https://access.redhat.com/security/cve/CVE-2024-8676 • CWE-285: Improper Authorization •
CVSS: 5.5EPSS: 0%CPEs: 21EXPL: 0CVE-2024-52337 – Tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method
https://notcve.org/view.php?id=CVE-2024-52337
26 Nov 2024 — A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged str... • https://access.redhat.com/errata/RHSA-2024:10381 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-52336 – Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root
https://notcve.org/view.php?id=CVE-2024-52336
26 Nov 2024 — A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local pr... • https://access.redhat.com/errata/RHSA-2024:10384 • CWE-269: Improper Privilege Management •
CVSS: 6.4EPSS: 0%CPEs: 33EXPL: 0CVE-2024-11694 – firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims
https://notcve.org/view.php?id=CVE-2024-11694
26 Nov 2024 — Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5. Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and D... • https://bugzilla.mozilla.org/show_bug.cgi?id=1924167 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0CVE-2024-53899 – virtualenv: potential command injection via virtual environment activation scripts
https://notcve.org/view.php?id=CVE-2024-53899
24 Nov 2024 — virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287. A flaw was found in the virtualenv Python package. Due to the improper handling of quotes in magic template strings, the virtual environment activation script is vulnerable to OS command injection,leading to the loss of confidentiality,integrity and availability of the system. • https://github.com/pypa/virtualenv/issues/2768 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52616 – Avahi: avahi wide-area dns predictable transaction ids
https://notcve.org/view.php?id=CVE-2024-52616
21 Nov 2024 — A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs. • https://access.redhat.com/security/cve/CVE-2024-52616 • CWE-334: Small Space of Random Values •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-52615 – Avahi: avahi wide-area dns uses constant source port
https://notcve.org/view.php?id=CVE-2024-52615
21 Nov 2024 — A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected. • https://access.redhat.com/security/cve/CVE-2024-52615 • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2232 – Keycloak: ldap injection on username input
https://notcve.org/view.php?id=CVE-2022-2232
14 Nov 2024 — A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions. • https://access.redhat.com/errata/RHSA-2024:0094 • CWE-20: Improper Input Validation •