CVSS: 4.4EPSS: 0%CPEs: 10EXPL: 0CVE-2023-20729
https://notcve.org/view.php?id=CVE-2023-20729
06 Jun 2023 — In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573552; Issue ID: ALPS07573575. • https://corp.mediatek.com/product-security-bulletin/June-2023 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 43EXPL: 0CVE-2023-20728
https://notcve.org/view.php?id=CVE-2023-20728
06 Jun 2023 — In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573603; Issue ID: ALPS07573603. • https://corp.mediatek.com/product-security-bulletin/June-2023 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 21EXPL: 0CVE-2023-20727
https://notcve.org/view.php?id=CVE-2023-20727
06 Jun 2023 — In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588531; Issue ID: ALPS07588531. • https://corp.mediatek.com/product-security-bulletin/June-2023 • CWE-125: Out-of-bounds Read •
CVSS: 2.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32684 – In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
https://notcve.org/view.php?id=CVE-2023-32684
30 May 2023 — Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The official templates of Lima and the well-known third party products (Colima, Rancher Desktop, and Finch) are unlikely to be affected by this issue. To exploit this issue, the attacker has to embed the target file path (an absolute or a relative pat... • https://github.com/lima-vm/lima/commit/01dbd4d9cabe692afa4517be3995771f0ebb38a5 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33199 – malformed proposed intoto v0.0.2 entries can cause a panic in Rekor
https://notcve.org/view.php?id=CVE-2023-33199
26 May 2023 — Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the `intoto/v0.0.2` type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. This has been fixed in v1.2.0 of Rekor. Users are advised to upgrade. • https://github.com/sigstore/rekor/commit/140c5add105179e5ffd9e3e114fd1b6b93aebbd4 • CWE-617: Reachable Assertion •
CVSS: 9.0EPSS: 15%CPEs: 9EXPL: 1CVE-2023-24805 – Command injection in cups-filters
https://notcve.org/view.php?id=CVE-2023-24805
17 May 2023 — cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with netw... • https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 3.3EPSS: 0%CPEs: 67EXPL: 0CVE-2023-20726
https://notcve.org/view.php?id=CVE-2023-20726
15 May 2023 — In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only). • https://corp.mediatek.com/product-security-bulletin/May-2023 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29195 – Vitess VTAdmin users that can create shards can deny access to other functions
https://notcve.org/view.php?id=CVE-2023-29195
11 May 2023 — Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. Ve... • https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920 • CWE-20: Improper Input Validation CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30840 – On a compromised node, the fluid-csi service account can be used to modify node specs
https://notcve.org/view.php?id=CVE-2023-30840
08 May 2023 — Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod (controlled by the `csi-nodeplugin-fluid` node-daemonset), they can leverage the fluid-csi service account to modify specs of all the nodes in the cluster. However, since this service account lacks `list node` permissions, the attacker may need to use other... • https://github.com/fluid-cloudnative/fluid/commit/77c8110a3d1ec077ae2bce6bd88d296505db1550 • CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30551 – Rekor's compressed archives can result in OOM conditions
https://notcve.org/view.php?id=CVE-2023-30551
08 May 2023 — Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are suff... • https://github.com/sigstore/rekor/commit/cf42ace82667025fe128f7a50cf6b4cdff51cc48 • CWE-770: Allocation of Resources Without Limits or Throttling •