CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2024-37535 – Ubuntu Security Notice USN-6833-1
https://notcve.org/view.php?id=CVE-2024-37535
09 Jun 2024 — GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476. GNOME VTE anterior a 0.76.3 permite a un atacante provocar una denegación de servicio (consumo de memoria) mediante una secuencia de escape de cambio de tamaño de ventana, un problema relacionado con CVE-2000-0476. Siddharth Dushantha discovered that VTE incorrectly handled large window resize escape sequences. An attacker could possibly use this... • http://www.openwall.com/lists/oss-security/2024/06/09/1 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.0EPSS: 0%CPEs: 28EXPL: 0CVE-2024-1298 – Integer Overflow caused by divide by zero during S3 suspension
https://notcve.org/view.php?id=CVE-2024-1298
30 May 2024 — EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability. EDK2 contiene una vulnerabilidad cuando se activa la suspensión de S3 donde un atacante puede causar una división por cero debido a un desbordamiento de UNIT32 a través del acceso local. Una explotación exitosa de esta vulnerabilidad puede provocar una pérdida de disponibilidad. A divi... • https://github.com/tianocore/edk2/security/advisories/GHSA-chfw-xj8f-6m53 • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2024-3657 – 389-ds-base: potential denial of service via specially crafted kerberos as-req request
https://notcve.org/view.php?id=CVE-2024-3657
28 May 2024 — A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service Se encontró una falla en 389-ds-base. Una consulta LDAP especialmente manipulada puede causar potencialmente una falla en el servidor de directorio, lo que lleva a una denegación de servicio. An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.7 for RHEL 8. Issues addressed include a denial of service vulnerability. • https://access.redhat.com/errata/RHSA-2024:3591 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 21EXPL: 0CVE-2024-2199 – 389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c
https://notcve.org/view.php?id=CVE-2024-2199
28 May 2024 — A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input. Se encontró una vulnerabilidad de denegación de servicio en el servidor ldap 389-ds-base. Este problema puede permitir que un usuario autenticado provoque una falla del servidor al modificar "userPassword" utilizando una entrada con formato incorrecto. An update for the redhat-ds:11 module is now available for Red Hat... • https://access.redhat.com/errata/RHSA-2024:3591 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2024-4453 – GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-4453
17 May 2024 — GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before... • https://gitlab.freedesktop.org/tpm/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5 • CWE-190: Integer Overflow or Wraparound •
CVSS: 3.3EPSS: 0%CPEs: 15EXPL: 0CVE-2023-47169
https://notcve.org/view.php?id=CVE-2023-47169
16 May 2024 — Improper buffer restrictions in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. Las restricciones incorrectas del búfer en todas las versiones del software Intel(R) Media SDK pueden permitir que un usuario autenticado potencialmente habilite la denegación de servicio a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html • CWE-92: DEPRECATED: Improper Sanitization of Custom Special Characters CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.9EPSS: 0%CPEs: 16EXPL: 0CVE-2023-47282
https://notcve.org/view.php?id=CVE-2023-47282
16 May 2024 — Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access. La escritura fuera de los límites en Intel(R) Media SDK en todas las versiones y en algunos software Intel(R) oneVPL anteriores a la versión 23.3.5 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html • CWE-787: Out-of-bounds Write •
CVSS: 3.9EPSS: 0%CPEs: 16EXPL: 0CVE-2023-22656
https://notcve.org/view.php?id=CVE-2023-22656
16 May 2024 — Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access. La lectura fuera de los límites en Intel(R) Media SDK y algún software Intel(R) oneVPL anterior a la versión 23.3.5 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html • CWE-125: Out-of-bounds Read •
CVSS: 4.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-45221
https://notcve.org/view.php?id=CVE-2023-45221
16 May 2024 — Improper buffer restrictions in Intel(R) Media SDK all versions may allow an authenticated user to potentially enable escalation of privilege via local access. Las restricciones inadecuadas del búfer en Intel(R) Media SDK en todas las versiones pueden permitir que un usuario autenticado potencialmente habilite la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 15EXPL: 0CVE-2023-48368
https://notcve.org/view.php?id=CVE-2023-48368
16 May 2024 — Improper input validation in Intel(R) Media SDK software all versions may allow an authenticated user to potentially enable denial of service via local access. La validación de entrada incorrecta en todas las versiones del software Intel(R) Media SDK puede permitir que un usuario autenticado potencialmente habilite la denegación de servicio a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00935.html • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •