A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
Max CVSS
5.0
EPSS Score
0.05%
Published
2024-03-21
Updated
2024-03-21
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
Max CVSS
5.3
EPSS Score
0.05%
Published
2024-03-21
Updated
2024-03-21
Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).
Max CVSS
3.5
EPSS Score
0.05%
Published
2024-02-19
Updated
2024-02-29
The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.
Max CVSS
4.3
EPSS Score
0.05%
Published
2024-02-19
Updated
2024-02-29
Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers.
Max CVSS
4.3
EPSS Score
0.05%
Published
2024-02-19
Updated
2024-02-29
Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.
Max CVSS
4.3
EPSS Score
0.05%
Published
2024-02-19
Updated
2024-02-29
The URL parameters accepted by forum search were not limited to the allowed parameters.
Max CVSS
5.3
EPSS Score
0.05%
Published
2024-02-19
Updated
2024-02-29
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-01-12
Updated
2024-02-21
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
Max CVSS
5.9
EPSS Score
0.04%
Published
2024-03-06
Updated
2024-03-07
The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.
Max CVSS
3.4
EPSS Score
0.05%
Published
2024-02-12
Updated
2024-03-23
An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.
Max CVSS
5.5
EPSS Score
0.05%
Published
2024-03-11
Updated
2024-03-28
A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system.
Max CVSS
5.1
EPSS Score
0.04%
Published
2024-02-08
Updated
2024-02-15
A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.
Max CVSS
5.5
EPSS Score
0.05%
Published
2024-02-11
Updated
2024-02-22
A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.
Max CVSS
5.5
EPSS Score
0.05%
Published
2024-02-12
Updated
2024-03-19
A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.
Max CVSS
3.3
EPSS Score
0.05%
Published
2024-02-06
Updated
2024-03-21
Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)
Max CVSS
4.3
EPSS Score
0.05%
Published
2024-01-24
Updated
2024-02-19
Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
Max CVSS
4.3
EPSS Score
0.08%
Published
2024-01-24
Updated
2024-01-29
Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)
Max CVSS
4.3
EPSS Score
0.08%
Published
2024-01-24
Updated
2024-01-29
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
Max CVSS
5.5
EPSS Score
0.05%
Published
2024-02-06
Updated
2024-03-25
A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-01-12
Updated
2024-01-18
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-01-18
Updated
2024-03-07
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High)
Max CVSS
5.3
EPSS Score
0.05%
Published
2024-01-10
Updated
2024-01-18
A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.
Max CVSS
5.5
EPSS Score
0.06%
Published
2024-01-16
Updated
2024-03-15
A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.
Max CVSS
3.3
EPSS Score
0.08%
Published
2024-01-03
Updated
2024-02-02
dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-26
1493 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!