In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-12
printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-12
A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-12
create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-12
ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers), which may allow remote attackers to obtain sensitive information about websites visited by VPN users.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-11
Updated
2024-02-11
qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 allows SQL Injection.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-11
Updated
2024-02-11
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-11
Updated
2024-02-11
Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri.
Max CVSS
6.1
EPSS Score
0.05%
Published
2024-02-11
Updated
2024-02-16
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-11
Updated
2024-02-11
In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation.
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-02-09
Updated
2024-02-15
In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled.
Max CVSS
9.8
EPSS Score
0.06%
Published
2024-02-09
Updated
2024-02-15
In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document.
Max CVSS
8.8
EPSS Score
0.05%
Published
2024-02-09
Updated
2024-02-15
An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-02-09
Updated
2024-02-12
An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.
Max CVSS
9.8
EPSS Score
0.09%
Published
2024-02-09
Updated
2024-02-12
Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-09
Updated
2024-02-12
Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-09
Updated
2024-02-12
Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-09
Updated
2024-02-12
Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateBuffer() function.
Max CVSS
6.5
EPSS Score
0.05%
Published
2024-02-09
Updated
2024-02-12
imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().
Max CVSS
8.8
EPSS Score
0.12%
Published
2024-02-09
Updated
2024-02-15
An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.
Max CVSS
8.8
EPSS Score
0.12%
Published
2024-02-09
Updated
2024-02-15
Toggle Search Form
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!