CVSS: 6.0EPSS: 0%CPEs: 21EXPL: 0CVE-2024-3447 – Qemu: sdhci: heap buffer overflow in sdhci_write_dataport()
https://notcve.org/view.php?id=CVE-2024-3447
14 Nov 2024 — A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. • https://access.redhat.com/security/cve/CVE-2024-3447 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.4EPSS: 0%CPEs: 28EXPL: 0CVE-2023-1932 – Hibernate-validator: rendering of invalid html with safehtml leads to html injection and xss
https://notcve.org/view.php?id=CVE-2023-1932
07 Nov 2024 — A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks. Se encontró una falla en el método 'isValid' de hibernate-validator en la clase org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator, que se puede evitar omitiendo la ... • https://access.redhat.com/security/cve/CVE-2023-1932 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 25EXPL: 0CVE-2024-7409 – Qemu: denial of service via improper synchronization in qemu nbd server during socket closure
https://notcve.org/view.php?id=CVE-2024-7409
05 Aug 2024 — A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline. Red Hat OpenShift Container Platform release 4.16.25 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include bypass and denial of service vulnerabilities. • https://access.redhat.com/security/cve/CVE-2024-7409 • CWE-662: Improper Synchronization •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2024-4467 – Qemu-kvm: 'qemu-img info' leads to host file read/write
https://notcve.org/view.php?id=CVE-2024-4467
02 Jul 2024 — A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file. Se encontró una falla en el comando 'info' de la utilidad de imagen de disco QEMU (qemu-img). Un archivo de imagen especialmente manipulado que contenga un valor `json:{}` que des... • http://www.openwall.com/lists/oss-security/2024/07/23/2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.3EPSS: 0%CPEs: 44EXPL: 0CVE-2024-3727 – Containers/image: digest type does not guarantee valid type
https://notcve.org/view.php?id=CVE-2024-3727
09 May 2024 — A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. Se encontró una falla en la librería github.com/containers/image. Esta falla permite a los atacantes activar accesos inesperados al registro autenticado en nombre de un usuario víctima, lo que provoca agotamiento de recursos, path traversal local y otros ataques. Red Hat ... • https://access.redhat.com/errata/RHSA-2024:0045 • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 8.2EPSS: 0%CPEs: 23EXPL: 1CVE-2024-3446 – Qemu: virtio: dma reentrancy issue leads to double free vulnerability
https://notcve.org/view.php?id=CVE-2024-3446
09 Apr 2024 — A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host. Se encontró una doble vulnerabilidad gratuita en los dispositivos QEMU virtio (virtio-gpu, virtio... • https://github.com/Toxich4/CVE-2024-34469 • CWE-415: Double Free •
CVSS: 6.2EPSS: 0%CPEs: 24EXPL: 0CVE-2024-2494 – Libvirt: negative g_new0 length can lead to unbounded memory allocation
https://notcve.org/view.php?id=CVE-2024-2494
21 Mar 2024 — A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash. Se encontró una falla en las API de la librería RPC de libvi... • https://access.redhat.com/errata/RHSA-2024:2560 • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 5.9EPSS: 67%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.9EPSS: 22%CPEs: 42EXPL: 3CVE-2021-44142 – Samba fruit_pwrite Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44142
01 Feb 2022 — The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. El módulo vfs_fruit de S... • https://github.com/horizon3ai/CVE-2021-44142 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •