CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •
CVE-2022-0670 – ceph: user/tenant can obtain access (read/write) to any share
https://notcve.org/view.php?id=CVE-2022-0670
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2. Se ha encontrado un fallo en Openstack manilla que posee un "share" del sistema de archivos Ceph, que permite al propietario leer/escribir cualquier manilla compartido o todo el sistema de archivos. • https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5O3XMDFZWA2FWU6GAYOVSFJPOUTXN42N https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TIRTTRG5O4YP2TNGDCDOHIHP2DM3DFBT https://access.redhat.com/security/cve/CVE-2022-0670 https://bugzilla.redhat.com/show_bug.cgi?id=2050728 • CWE-863: Incorrect Authorization •
CVE-2021-4048 – lapack: Out-of-bounds read in *larrv
https://notcve.org/view.php?id=CVE-2021-4048
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory. Se ha encontrado un fallo de lectura fuera de límites en las funciones CLARRV, DLARRV, SLARRV y ZLARRV de lapack versiones hasta 3.10.0, usadas también en OpenBLAS versiones anteriores a 0.3.18. Las entradas especialmente diseñadas que se pasan a estas funciones podrían causar que una aplicación que use lapack se bloquee o posiblemente revele partes de su memoria An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack and OpenBLAS. A specially crafted input passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory. • https://github.com/JuliaLang/julia/issues/42415 https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781 https://github.com/Reference-LAPACK/lapack/pull/625 https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41 https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7 https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7 https://lists.fedoraproject.org/archives/li • CWE-125: Out-of-bounds Read •
CVE-2021-20236
https://notcve.org/view.php?id=CVE-2021-20236
A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en el servidor ZeroMQ en versiones anteriores a 4.3.3. Este fallo permite a un cliente malicioso causar un desbordamiento del búfer de pila en el servidor mediante el envío de peticiones de suscripción de temas diseñadas y luego cancelando la suscripción. • https://bugzilla.redhat.com/show_bug.cgi?id=1921976 https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVE-2020-27781 – ceph: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila
https://notcve.org/view.php?id=CVE-2020-27781
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. • https://bugzilla.redhat.com/show_bug.cgi?id=1900109 https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJ7FFROL25FYRL6FMI33VRKOD74LINRP https://security.gentoo.org/glsa/202105-39 https://access.redhat.com/security/cve/CVE-2020-27781 • CWE-522: Insufficiently Protected Credentials •