CVSS: 4.7EPSS: 0%CPEs: 37EXPL: 0CVE-2024-2201 – CVE-2024-2201
https://notcve.org/view.php?id=CVE-2024-2201
17 May 2024 — A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems. A flaw was found in some Intel CPUs where mitigations for the Spectre V2/BHI vulnerability were incomplete. This issue may allow an attacker to read arbitrary memory, compromising system integrity and exposing sensitive information. Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in ... • http://www.openwall.com/lists/oss-security/2024/04/09/15 • CWE-1423: Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-38417
https://notcve.org/view.php?id=CVE-2023-38417
16 May 2024 — Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. La validación de entrada incorrecta para algunos software Intel(R) PROSet/Wireless WiFi anteriores a la versión 23.20 puede permitir que un usuario no autenticado habilite potencialmente la denegación de servicio a través del acceso adyacente. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 15EXPL: 0CVE-2023-47210
https://notcve.org/view.php?id=CVE-2023-47210
16 May 2024 — Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access. La validación de entrada incorrecta para algunos software Intel(R) PROSet/Wireless WiFi para Linux anteriores a la versión 23.20 puede permitir que un usuario no autenticado habilite potencialmente la denegación de servicio a través del acceso adyacente. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2024-21823 – kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application
https://notcve.org/view.php?id=CVE-2024-21823
16 May 2024 — Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local access. La lógica de hardware con desincronización insegura en Intel(R) DSA e Intel(R) IAA para algunos procesadores Intel(R) Xeon(R) de cuarta o quinta generación puede permitir que un usuario autorizado habilite potencialmente la denegación de servicio a través del acceso local. Hardware lo... • http://www.openwall.com/lists/oss-security/2024/05/15/1 • CWE-400: Uncontrolled Resource Consumption CWE-1264: Hardware Logic with Insecure De-Synchronization between Control and Data Channels •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2024-25743 – hw: amd: Instruction raise #VC exception at exit
https://notcve.org/view.php?id=CVE-2024-25743
15 May 2024 — In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES. En el kernel de Linux hasta 6.7.2, un hipervisor que no es de confianza puede inyectar interrupciones virtuales 0 y 14 en cualquier momento y puede activar el controlador de señales SIGFPE en aplicaciones de espacio de usuario. Esto afecta a AMD SEV-SNP y AMD SEV-ES. A vulnerability w... • https://bugzilla.redhat.com/show_bug.cgi?id=2270836 •
CVSS: 7.1EPSS: 0%CPEs: 26EXPL: 0CVE-2024-25742 – hw: amd: Instruction raise #VC exception at exit
https://notcve.org/view.php?id=CVE-2024-25742
01 May 2024 — In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES. En el kernel de Linux anterior a 6.9, un hipervisor que no es de confianza puede inyectar la interrupción virtual 29 (#VC) en cualquier momento y puede activar su controlador. Esto afecta a AMD SEV-SNP y AMD SEV-ES. A vulnerability was found in AMD SEV-SNP, where a malicious hypervisor can potentially break confidentiality an... • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.9 •
CVSS: 6.5EPSS: 0%CPEs: 32EXPL: 0CVE-2023-28746 – kernel: Local information disclosure on Intel(R) Atom(R) processors
https://notcve.org/view.php?id=CVE-2023-28746
14 Mar 2024 — Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. La exposición de la información a través del estado de la microarquitectura después de la ejecución transitoria de algunos archivos de registro para algunos procesadores Intel(R) Atom(R) puede permitir que un usuario autenticado potencialmente habilite la divulgación de info... • http://www.openwall.com/lists/oss-security/2024/03/12/13 • CWE-1342: Information Exposure through Microarchitectural State after Transient Execution •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26482
https://notcve.org/view.php?id=CVE-2024-26482
22 Feb 2024 — An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is backend sanitization such that the reporter's mentioned "injecting malicious scripts" would not occur. Una vulnerabilidad de inyección de HTML en el módulo Edit Content Layout de Kirby CMS v4.1.0 permite a los atacantes ejecutar código arbitrario a través de un payload manipul... • https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-HTML-Injection-19ca19686d0a4533ab4b0c53fc977eef?pvs=4 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2024-25741 – Ubuntu Security Notice USN-7156-1
https://notcve.org/view.php?id=CVE-2024-25741
12 Feb 2024 — printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact. Printer_write en drivers/usb/gadget/function/f_printer.c en el kernel de Linux hasta 6.7.4 no llama correctamente a usb_ep_queue, lo que podría permitir a los atacantes provocar una denegación de servicio o tener otro impacto no especificado. Chenyuan Yang discovered that the USB Gadget subsy... • https://www.spinics.net/lists/linux-usb/msg252167.html •
CVSS: 8.8EPSS: 0%CPEs: 23EXPL: 0CVE-2024-25744 – kernel: untrusted VMM can trigger int80 syscall handling
https://notcve.org/view.php?id=CVE-2024-25744
12 Feb 2024 — In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. En el kernel de Linux anterior a 6.6.7, un VMM que no es de confianza puede activar el manejo de llamadas al sistema int80 en cualquier punto dado. Esto está relacionado con arch/x86/coco/tdx/tdx.c y arch/x86/mm/mem_encrypt_amd.c. A flaw was found in the Linux kernel. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.7 •