CVSS: 5.2EPSS: 0%CPEs: 19EXPL: 0CVE-2024-34397 – glib2: Signal subscription vulnerabilities
https://notcve.org/view.php?id=CVE-2024-34397
07 May 2024 — An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact. Se descubrió un problema en GNO... • https://gitlab.gnome.org/GNOME/glib/-/issues/3268 • CWE-290: Authentication Bypass by Spoofing CWE-940: Improper Verification of Source of a Communication Channel •
CVSS: 7.1EPSS: 0%CPEs: 26EXPL: 0CVE-2024-25742 – hw: amd: Instruction raise #VC exception at exit
https://notcve.org/view.php?id=CVE-2024-25742
01 May 2024 — In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES. En el kernel de Linux anterior a 6.9, un hipervisor que no es de confianza puede inyectar la interrupción virtual 29 (#VC) en cualquier momento y puede activar su controlador. Esto afecta a AMD SEV-SNP y AMD SEV-ES. A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality an... • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.9 •
CVSS: 8.5EPSS: 0%CPEs: 14EXPL: 0CVE-2023-51794
https://notcve.org/view.php?id=CVE-2023-51794
26 Apr 2024 — Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69. Vulnerabilidad de desbordamiento de búfer en Ffmpeg v.N113007-g8d24a28d06 permite a un atacante local ejecutar código arbitrario a través de libavfilter/af_stereowiden.c:120:69. • https://trac.ffmpeg.org/ticket/10746 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 14EXPL: 0CVE-2023-49502
https://notcve.org/view.php?id=CVE-2023-49502
19 Apr 2024 — Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. Vulnerabilidad de desbordamiento de búfer en Ffmpeg v.n6.1-3-g466799d4f5 permite a un atacante local ejecutar código arbitrario a través de la función ff_bwdif_filter_intra_c en el componente libavfilter/bwdifdsp.c:125:5. • https://github.com/FFmpeg/FFmpeg • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2023-50010
https://notcve.org/view.php?id=CVE-2023-50010
19 Apr 2024 — Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the set_encoder_id function in /fftools/ffmpeg_enc.c component. Vulnerabilidad de desbordamiento de búfer en Ffmpeg v.n6.1-3-g466799d4f5 permite a un atacante local ejecutar código arbitrario a través de la función set_encoder_id en el componente /fftools/ffmpeg_enc.c. • https://ffmpeg.org • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2023-51793
https://notcve.org/view.php?id=CVE-2023-51793
19 Apr 2024 — Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane. Vulnerabilidad de desbordamiento de búfer en Ffmpeg v.N113007-g8d24a28d06 permite a un atacante local ejecutar código arbitrario a través de libavutil/imgutils.c:353:9 en image_copy_plane. • https://ffmpeg.org • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2023-51798
https://notcve.org/view.php?id=CVE-2023-51798
19 Apr 2024 — Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate. Vulnerabilidad de desbordamiento de búfer en Ffmpeg v.N113007-g8d24a28d06 permite a un atacante local ejecutar código arbitrario a través de un error de excepción de punto flotante (FPE) en libavfilter/vf_minterpolate.c:1078:60 en interpolación. • https://ffmpeg.org • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 14EXPL: 0CVE-2024-31578
https://notcve.org/view.php?id=CVE-2024-31578
17 Apr 2024 — FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. Se descubrió que la versión n6.1.1 de FFmpeg contenía un heap use-after-free a través de la función av_hwframe_ctx_init. • https://gist.github.com/1047524396/45400cce5859d78dcd3a62010df8d179 • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 36EXPL: 0CVE-2024-3864 – Mozilla: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
https://notcve.org/view.php?id=CVE-2024-3864
16 Apr 2024 — Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. Error de seguridad de la memoria presente en Firefox 124, Firefox ESR 115.9 y Thunderbird 115.9. Este error mostró evidencia de corrupción de memoria y suponemos que con suficiente esfuerzo esto podr... • https://bugzilla.mozilla.org/show_bug.cgi?id=1888333 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 3.7EPSS: 0%CPEs: 35EXPL: 0CVE-2024-3302 – Mozilla: Denial of Service using HTTP/2 CONTINUATION frames
https://notcve.org/view.php?id=CVE-2024-3302
16 Apr 2024 — There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. No había límite para la cantidad de frames de CONTINUATION HTTP/2 que se procesarían. Un servidor podría abusar de esto para crear una condición de falta de memoria en el navegador. • https://bugzilla.mozilla.org/show_bug.cgi?id=1881183 • CWE-400: Uncontrolled Resource Consumption •