CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2023-20900 – open-vm-tools: SAML token signature bypass
https://notcve.org/view.php?id=CVE-2023-20900
31 Aug 2023 — A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . Un actor malicioso al ... • http://www.openwall.com/lists/oss-security/2023/08/31/1 • CWE-294: Authentication Bypass by Capture-replay CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2023-38802 – frr: Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router
https://notcve.org/view.php?id=CVE-2023-38802
29 Aug 2023 — FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). FRRouting FRR 7.5.1 a 9.0 y Pica8 PICOS 4.3.3.2 permiten a un atacante remoto causar una denegación de servicio a través de una actualización BGP manipulada con un atributo dañado 23 (encapsulación de túnel). A vulnerability was found in FRRouting (FRR). This flaw allows a remote attacker to cause a denial of service issue... • https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling • CWE-20: Improper Input Validation CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-41358 – frr: processes invalid NLRIs if attribute length is zero
https://notcve.org/view.php?id=CVE-2023-41358
29 Aug 2023 — An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero. Se descubrió un problema en FRRouting FRR a través de 9.0. bgpd/bgp_packet.c procesa NLRI si la longitud del atributo es cero. A flaw was found in FRRouting, where it is susceptible to a denial of service vulnerability triggered by a NULL pointer dereference issue during the processing of Network Layer Reachability Information (NLRIs) with a zero attribute length. The vulnerability arises... • https://github.com/FRRouting/frr/pull/14260 • CWE-476: NULL Pointer Dereference •
CVSS: 9.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-41360 – frr: ahead-of-stream read of ORF header
https://notcve.org/view.php?id=CVE-2023-41360
29 Aug 2023 — An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. Se descubrió un problema en FRRouting FRR hasta 9.0. bgp/bgp_packet.c puede leer el byte inicial del encabezado ORF en una situación de avance de la transmisión. An out-of-bounds read flaw was found in FRRouting in bgpd/bgp_packet.c, resulting from a boundary condition. This flaw allows a remote attacker, through specially crafted input, to read the initial byt... • https://github.com/FRRouting/frr/pull/14245 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41361
https://notcve.org/view.php?id=CVE-2023-41361
29 Aug 2023 — An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version. Se ha descubierto un problema en FRRouting FRR v9.0. "bgpd/bgp_open.c" no comprueba una longitud excesiva de la versión de software rcv. • https://github.com/FRRouting/frr/pull/14241 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-24165 – Ubuntu Security Notice USN-6567-2
https://notcve.org/view.php?id=CVE-2020-24165
28 Aug 2023 — An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties. Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS ... • https://bugs.launchpad.net/qemu/+bug/1863025 •
CVSS: 6.4EPSS: 14%CPEs: 15EXPL: 1CVE-2023-41080 – Apache Tomcat: Open redirect with FORM authentication
https://notcve.org/view.php?id=CVE-2023-41080
25 Aug 2023 — URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. Vulnerabilidad de redirección de URL a sitio no fiable ('Open Redirect') en la función de autenticación FORM de Apache Tomcat. Este problema afecta a Apache Tomcat: de 11.0... • https://github.com/shiomiyan/CVE-2023-41080 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2023-40577 – Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint
https://notcve.org/view.php?id=CVE-2023-40577
25 Aug 2023 — Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51. Alertmanager gestiona alertas enviadas por aplicaciones cliente como el servidor Prometheus. Un atacante con permiso para realizar peticiones POST en el endpoint "/api/v1/alerts" podría s... • https://github.com/prometheus/alertmanager/security/advisories/GHSA-v86x-5fm3-5p7j • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-4431 – Debian Security Advisory 5483-1
https://notcve.org/view.php?id=CVE-2023-4431
22 Aug 2023 — Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) El acceso a memoria fuera de límites en Fonts en Google Chrome anterior a 116.0.5845.110 permitía a un atacante remoto realizar una lectura de memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media) Multiple vulnerabilities have been discovered in C... • https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-44729 – Apache XML Graphics Batik: Information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2022-44729
22 Aug 2023 — Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later. A flaw was found in Apache Batik 1.0 - 1.16. This issue occurs due to a malicious SVG triggering external resources loading by default,... • http://www.openwall.com/lists/oss-security/2023/08/22/2 • CWE-918: Server-Side Request Forgery (SSRF) •