CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2024-31146 – PCI device pass-through with shared resources
https://notcve.org/view.php?id=CVE-2024-31146
25 Sep 2024 — When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration cannot really be security-supported, yet making that explicit was so far missing. Resources the sharing of which is known to be problematic include, but are not limited to - - PCI Base Address Registers (BARs) of multiple devices mapping ... • https://xenbits.xenproject.org/xsa/advisory-461.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2024-31145 – error handling in x86 IOMMU identity mapping
https://notcve.org/view.php?id=CVE-2024-31145
25 Sep 2024 — Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. In the logic establishing these mappings, error handling was fl... • https://xenbits.xenproject.org/xsa/advisory-460.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41708
https://notcve.org/view.php?id=CVE-2024-41708
25 Sep 2024 — An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate privileges and steal sessions via the Random_String() function in the src/core/aws-utils.adb module. • https://docs.adacore.com/corp/security-advisories/SEC.AWS-0040-v2.pdf • CWE-330: Use of Insufficiently Random Values •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45752
https://notcve.org/view.php?id=CVE-2024-45752
19 Sep 2024 — logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction. • https://bugzilla.suse.com/show_bug.cgi?id=1226598 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 0CVE-2024-8900 – firefox: Clipboard write permission bypass
https://notcve.org/view.php?id=CVE-2024-8900
17 Sep 2024 — An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129. An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3. The Mozilla Foundation's Security Advisory: An attacker could write data to the user's clipboard, bypassing the user pro... • https://bugzilla.mozilla.org/show_bug.cgi?id=1872841 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 0%CPEs: 35EXPL: 0CVE-2024-44187 – webkitgtk: A malicious website may exfiltrate data cross-origin
https://notcve.org/view.php?id=CVE-2024-44187
16 Sep 2024 — A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. A vulnerability was found in WebKit. • https://support.apple.com/en-us/121238 • CWE-346: Origin Validation Error •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40857 – Apple Security Advisory 09-16-2024-3
https://notcve.org/view.php?id=CVE-2024-40857
16 Sep 2024 — This issue was addressed through improved state management. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to universal cross site scripting. macOS Sequoia 15 addresses buffer overflow, bypass, cross site scripting, integer overflow, out of bounds access, out of bounds read, out of bounds write, and spoofing vulnerabilities. • https://support.apple.com/en-us/121238 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-40866 – webkitgtk: Visiting a malicious website may lead to address bar spoofing
https://notcve.org/view.php?id=CVE-2024-40866
16 Sep 2024 — The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing. A flaw was found in WebKit. This flaw allows a remote attacker to conduct spoofing attacks by exploiting an inconsistent user interface issue. • https://support.apple.com/en-us/121238 •
CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0CVE-2024-23984 – Ubuntu Security Notice USN-7033-1
https://notcve.org/view.php?id=CVE-2024-23984
16 Sep 2024 — Observable discrepancy in RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. Avraham Shalev and Nagaraju N Kodalapura discovered that some Intel Xeon processors did not properly restrict access to the memory controller when using Intel SGX. This may allow a local privileged attacker to further escalate their privileges. It was discovered that some 4th and 5th Generation Intel Xeon Processors did not properly implement finite... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01103.html • CWE-203: Observable Discrepancy •
CVSS: 5.6EPSS: 0%CPEs: 15EXPL: 0CVE-2024-24968 – microcode_ctl: Denial of Service
https://notcve.org/view.php?id=CVE-2024-24968
16 Sep 2024 — Improper finite state machines (FSMs) in hardware logic in some Intel(R) Processors may allow an privileged user to potentially enable a denial of service via local access. A flaw was found in intel Processors. Improper finite state machines (FSMs) in hardware logic in some Intel(R) Processors may allow an privileged user to enable a denial of service via local access. Avraham Shalev and Nagaraju N Kodalapura discovered that some Intel Xeon processors did not properly restrict access to the memory controlle... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01097.html • CWE-1245: Improper Finite State Machines (FSMs) in Hardware Logic •