Show filters
67 Total Results
Displaying 61-67 of 67
Sort by:
Attacker Value
Unknown
CVE-2024-2496
Disclosure Date: March 18, 2024 (last updated April 30, 2024)
A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash.
0
Attacker Value
Unknown
CVE-2024-1013
Disclosure Date: March 18, 2024 (last updated April 25, 2024)
An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken.
0
Attacker Value
Unknown
CVE-2024-1441
Disclosure Date: March 11, 2024 (last updated April 30, 2024)
An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.
0
Attacker Value
Unknown
CVE-2024-2236
Disclosure Date: March 06, 2024 (last updated November 12, 2024)
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
0
Attacker Value
Unknown
CVE-2023-6917
Disclosure Date: February 28, 2024 (last updated April 30, 2024)
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.
0
Attacker Value
Unknown
CVE-2024-21886
Disclosure Date: February 28, 2024 (last updated April 25, 2024)
A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.
0
Attacker Value
Unknown
CVE-2024-21885
Disclosure Date: February 28, 2024 (last updated April 25, 2024)
A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.
0