CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-7730 – Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb()
https://notcve.org/view.php?id=CVE-2024-7730
14 Nov 2024 — A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds write if the size of the virtio queue element is equal to virtio_snd_pcm_status, which makes the available space for audio data zero. • https://access.redhat.com/security/cve/CVE-2024-7730 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.0EPSS: 0%CPEs: 21EXPL: 0CVE-2024-3447 – Qemu: sdhci: heap buffer overflow in sdhci_write_dataport()
https://notcve.org/view.php?id=CVE-2024-3447
14 Nov 2024 — A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. • https://access.redhat.com/security/cve/CVE-2024-3447 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49395 – Mutt: neomutt: bcc email header field is indirectly leaked by cryptographic info block
https://notcve.org/view.php?id=CVE-2024-49395
12 Nov 2024 — In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info. • https://access.redhat.com/security/cve/CVE-2024-49395 • CWE-1230: Exposure of Sensitive Information Through Metadata •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49394 – Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing
https://notcve.org/view.php?id=CVE-2024-49394
12 Nov 2024 — In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender. Jeriko One discovered that NeoMutt incorrectly handled certain IMAP and POP3 responses. An attacker could possibly use this issue to cause NeoMutt to crash, resulting in a denial of service, or the execution of arbitrary code. This issue only affected Ubuntu 18.04 LTS. • https://access.redhat.com/security/cve/CVE-2024-49394 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49393 – Mutt: neomutt: to and cc email header fields are not protected by cryptographic signing
https://notcve.org/view.php?id=CVE-2024-49393
12 Nov 2024 — In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality. • https://access.redhat.com/security/cve/CVE-2024-49393 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-11079 – Ansible-core: unsafe tagging bypass via hostvars object in ansible-core
https://notcve.org/view.php?id=CVE-2024-11079
11 Nov 2024 — A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks. An update is now available for Red Hat Ansible Automation Platform Execution Environments. Issues addressed include a bypass vulnerability. • https://access.redhat.com/security/cve/CVE-2024-11079 • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 13EXPL: 0CVE-2024-10963 – Pam: improper hostname interpretation in pam_access leads to access control bypass
https://notcve.org/view.php?id=CVE-2024-10963
07 Nov 2024 — A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control. A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability... • https://access.redhat.com/security/cve/CVE-2024-10963 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-6861 – Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api
https://notcve.org/view.php?id=CVE-2024-6861
06 Nov 2024 — A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API. • https://access.redhat.com/errata/RHSA-2022:8506 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-9902 – Ansible-core: ansible-core user may read/write unauthorized content
https://notcve.org/view.php?id=CVE-2024-9902
06 Nov 2024 — A flaw was found in Ansible. The ansible-core `user` module can allow an unprivileged user to silently create or replace the contents of any file on any system path and take ownership of it when a privileged user executes the `user` module against the unprivileged user's home directory. If the unprivileged user has traversal permissions on the directory containing the exploited target file, they retain full control over the contents of the file as its owner. An update for openstack-ansible-core is now avail... • https://access.redhat.com/security/cve/CVE-2024-9902 • CWE-863: Incorrect Authorization •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10573 – Mpg123: buffer overflow when writing decoded pcm samples
https://notcve.org/view.php?id=CVE-2024-10573
31 Oct 2024 — An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stre... • https://access.redhat.com/security/cve/CVE-2024-10573 • CWE-787: Out-of-bounds Write •