CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-40745 – Libtiff: integer overflow in tiffcp.c
https://notcve.org/view.php?id=CVE-2023-40745
05 Oct 2023 — LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. LibTIFF es vulnerable a un desbordamiento de enteros. Esta falla permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar un código arbitrario a través de una imagen tiff manipulada, lo que desencadena un desbordamient... • https://access.redhat.com/errata/RHSA-2024:2289 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2023-42754 – Kernel: ipv4: null pointer dereference in ipv4_send_dest_unreach()
https://notcve.org/view.php?id=CVE-2023-42754
05 Oct 2023 — A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system. Se encontró una falla de desreferencia del puntero NULL en la pila ipv4 del kernel de Linux. Se suponía que el búfer de socket (skb) estaba asociado con un dispositivo antes de llamar a _... • https://access.redhat.com/errata/RHSA-2024:2394 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-3576 – Libtiff: memory leak in tiffcrop.c
https://notcve.org/view.php?id=CVE-2023-3576
04 Oct 2023 — A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service. Se encontró una falla de pérdida de memoria en la utilidad tiffcrop de Libatiff. Este problema se produce cuando tiffcrop opera en un archivo de imagen TIFF, lo que permite a un atacante pasar un archi... • https://access.redhat.com/errata/RHSA-2023:6575 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2022-4132 – Memory leak on tls connections
https://notcve.org/view.php?id=CVE-2022-4132
04 Oct 2023 — A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page). Se encontró una falla en JSS. Una pérdida de memoria en JSS requiere una configuración no estándar, pero es un vector DoS de bajo esfuerzo si se configura de esa manera (presionando repetidamente la página de inicio de sesión). • https://access.redhat.com/security/cve/CVE-2022-4132 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-4692 – Grub2: out-of-bounds write at fs/ntfs.c may lead to unsigned code execution
https://notcve.org/view.php?id=CVE-2023-4692
04 Oct 2023 — An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved. Se encontró una falla de escritura fuera de los límites en el controlador del sistema de archivos NTFS de grub2. • https://access.redhat.com/errata/RHSA-2024:2456 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2023-4693 – Grub2: out-of-bounds read at fs/ntfs.c
https://notcve.org/view.php?id=CVE-2023-4693
04 Oct 2023 — An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk. Se encontró una falla de lectura fuera de los límites en el controlador del sistema de archivos NTFS de grub2. Este problema puede permitir que un atacante físicam... • https://access.redhat.com/errata/RHSA-2024:2456 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-43785 – Libx11: out-of-bounds memory access in _xkbreadkeysyms()
https://notcve.org/view.php?id=CVE-2023-43785
04 Oct 2023 — A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system. Se encontró una vulnerabilidad en libX11 debido a una condición de los límite dentro de la función _XkbReadKeySyms(). Esta falla permite a un usuario local desencadenar un error de lectura fuera de los límites y leer el contenido de la memoria del sistema. Gregory James Duck discovered that l... • https://access.redhat.com/errata/RHSA-2024:2145 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-43786 – Libx11: stack exhaustion from infinite recursion in putsubimage()
https://notcve.org/view.php?id=CVE-2023-43786
04 Oct 2023 — A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. Se encontró una vulnerabilidad en libX11 debido a un bucle infinito dentro de la función PutSubImage(). Esta falla permite que un usuario local consuma todos los recursos disponibles del sistema y provoque una condición de denegación de servicio. Yair Mizrahi discovered that libXpm incorrectly handled c... • https://github.com/jfrog/jfrog-CVE-2023-43786-libX11_DoS • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-43787 – Libx11: integer overflow in xcreateimage() leading to a heap overflow
https://notcve.org/view.php?id=CVE-2023-43787
04 Oct 2023 — A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. Se encontró una vulnerabilidad en libX11 debido a un desbordamiento de enteros dentro de la función XCreateImage(). Esta falla permite a un usuario local desencadenar un desbordamiento de enteros y ejecutar código arbitrario con privilegios elevados. Yair Mizrahi discovered that libXpm incorrectly ... • http://www.openwall.com/lists/oss-security/2024/01/24/9 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-43789 – Libxpm: out of bounds read on xpm with corrupted colormap
https://notcve.org/view.php?id=CVE-2023-43789
04 Oct 2023 — A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system. Se encontró una vulnerabilidad en libXpm donde existe una vulnerabilidad debido a una condición de los límite, un usuario local puede desencadenar un error de lectura fuera de los límites y leer el contenido de la memoria en el sistema. Yair Mizrahi discovered that libXpm incorrectly handled certain malformed XPM image f... • https://access.redhat.com/errata/RHSA-2024:2146 • CWE-125: Out-of-bounds Read •