CVSS: 8.6EPSS: 0%CPEs: 30EXPL: 0CVE-2024-32487 – less: OS command injection
https://notcve.org/view.php?id=CVE-2024-32487
13 Apr 2024 — less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases. less hasta 653 permite la ejecución de comandos del sistema operativo mediante un carácter de nueva línea en el nombre de un archivo, po... • http://www.openwall.com/lists/oss-security/2024/04/15/1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2023-29483 – dnspython: denial of service in stub resolver
https://notcve.org/view.php?id=CVE-2023-29483
11 Apr 2024 — eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1. eventlet ant... • https://github.com/eventlet/eventlet/issues/913 • CWE-292: DEPRECATED: Trusting Self-reported DNS Name CWE-696: Incorrect Behavior Order •
CVSS: 8.2EPSS: 0%CPEs: 23EXPL: 1CVE-2024-3446 – Qemu: virtio: dma reentrancy issue leads to double free vulnerability
https://notcve.org/view.php?id=CVE-2024-3446
09 Apr 2024 — A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host. Se encontró una doble vulnerabilidad gratuita en los dispositivos QEMU virtio (virtio-gpu, virtio... • https://github.com/Toxich4/CVE-2024-34469 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 36EXPL: 0CVE-2024-31083 – Xorg-x11-server: use-after-free in procrenderaddglyphs
https://notcve.org/view.php?id=CVE-2024-31083
05 Apr 2024 — A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the syst... • http://www.openwall.com/lists/oss-security/2024/04/03/13 • CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 17EXPL: 0CVE-2024-31082 – Xorg-x11-server: heap buffer overread/data leakage in procappledricreatepixmap
https://notcve.org/view.php?id=CVE-2024-31082
04 Apr 2024 — A heap-based buffer over-read vulnerability was found in the X.org server's ProcAppleDRICreatePixmap() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a ... • http://www.openwall.com/lists/oss-security/2024/04/03/13 • CWE-126: Buffer Over-read •
CVSS: 8.0EPSS: 0%CPEs: 36EXPL: 0CVE-2024-31081 – Xorg-x11-server: heap buffer overread/data leakage in procxipassivegrabdevice
https://notcve.org/view.php?id=CVE-2024-31081
04 Apr 2024 — A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a c... • http://www.openwall.com/lists/oss-security/2024/04/03/13 • CWE-126: Buffer Over-read •
CVSS: 8.0EPSS: 0%CPEs: 37EXPL: 0CVE-2024-31080 – Xorg-x11-server: heap buffer overread/data leakage in procxigetselectedevents
https://notcve.org/view.php?id=CVE-2024-31080
04 Apr 2024 — A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a c... • http://www.openwall.com/lists/oss-security/2024/04/03/13 • CWE-126: Buffer Over-read •
CVSS: 6.2EPSS: 0%CPEs: 24EXPL: 0CVE-2024-2494 – Libvirt: negative g_new0 length can lead to unbounded memory allocation
https://notcve.org/view.php?id=CVE-2024-2494
21 Mar 2024 — A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash. Se encontró una falla en las API de la librería RPC de libvi... • https://access.redhat.com/errata/RHSA-2024:2560 • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 5.3EPSS: 0%CPEs: 29EXPL: 0CVE-2024-28834 – Gnutls: vulnerable to minerva side-channel information leak
https://notcve.org/view.php?id=CVE-2024-28834
21 Mar 2024 — A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel. Se encontró una falla en GnuTLS. El ataque Minerva es una vulnerabilidad criptográfica que explota el comportamiento determinista en sistemas ... • http://www.openwall.com/lists/oss-security/2024/03/22/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.0EPSS: 0%CPEs: 26EXPL: 0CVE-2024-28835 – Gnutls: potential crash during chain building/verification
https://notcve.org/view.php?id=CVE-2024-28835
21 Mar 2024 — A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command. Se ha descubierto una falla en GnuTLS donde se puede inducir una falla de la aplicación al intentar verificar un paquete .pem especialmente manipulado usando el comando "certtool --verify-chain". USN-6733-1 fixed vulnerabilities in GnuTLS. This update provides the corresponding updates for Ubuntu 24.04 LTS. It was discovered tha... • http://www.openwall.com/lists/oss-security/2024/03/22/1 • CWE-248: Uncaught Exception •