CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-43615
https://notcve.org/view.php?id=CVE-2023-43615
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. Mbed TLS 2.x anterior a 2.28.5 y 3.x anterior a 3.5.0 tiene un desbordamiento de búfer. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDSHAANRULB57GVS5B3DZHXL5KCC7OWQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGRB5MO2KUJKYPMGXMIZH2WRH6QR5UZS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7SB7L6A56QZALDTOZ6O4X7PTC4I647R https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-1 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-39928 – webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports
https://notcve.org/view.php?id=CVE-2023-39928
A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability. Existe una vulnerabilidad de use-after-free en la API MediaRecorder de Webkit WebKitGTK 2.40.5. Una página web especialmente manipulada puede aprovechar esta vulnerabilidad para provocar daños en la memoria y ejecución de código potencialmente arbitrario. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL https://security.gentoo.org/glsa/202401-33 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1831 https://webkitgtk.org/security/WSA-2023-0009.html https://www.debian.org/security/2023/dsa-5527 https://access.redhat.com/security/cve/CVE-2023-39928 https://bugzilla.redhat.com/show_bug.cgi?id=2241400 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-43788 – Libxpm: out of bounds read in xpmcreatexpmimagefrombuffer()
https://notcve.org/view.php?id=CVE-2023-43788
A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system. Se encontró una vulnerabilidad en libXpm debido a una condición de los límite dentro de la función XpmCreateXpmImageFromBuffer(). Esta falla permite que un local active un error de lectura fuera de los límites y lea el contenido de la memoria del sistema. • https://access.redhat.com/errata/RHSA-2024:2146 https://access.redhat.com/errata/RHSA-2024:2217 https://access.redhat.com/errata/RHSA-2024:2974 https://access.redhat.com/errata/RHSA-2024:3022 https://access.redhat.com/security/cve/CVE-2023-43788 https://bugzilla.redhat.com/show_bug.cgi?id=2242248 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject. • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-39323 – Arbitrary code execution during build via line directives in cmd/go
https://notcve.org/view.php?id=CVE-2023-39323
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex. Las directivas de línea ("//line") se pueden utilizar para evitar las restricciones de las directivas "//go:cgo_", permitiendo que se pasen indicadores bloqueados del enlazador y del compilador durante la compilación. Esto puede provocar la ejecución inesperada de código arbitrario al ejecutar "go build". • https://go.dev/cl/533215 https://go.dev/issue/63211 https://groups.google.com/g/golang-announce/c/XBa1oHDevAo https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2 https://pkg.go.dev/vuln/GO-2023-2095 https: •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 1CVE-2023-5441 – NULL Pointer Dereference in vim/vim
https://notcve.org/view.php?id=CVE-2023-5441
NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. Desreferencia del puntero NULL en el repositorio de GitHub vim/vim anterior a 20d161ace307e28690229b68584f2d84556f8960. • https://github.com/vim/vim/commit/20d161ace307e28690229b68584f2d84556f8960 https://huntr.dev/bounties/b54cbdf5-3e85-458d-bb38-9ea2c0b669f2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDDWD25AZIHBAA44HQT75OWLQ5UMDKU3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGTVLUV7UCXXCZAIQIUCLG6JXAVYT3HE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPT7NMYJRLBPIALGSE24UWTY6F774GZW • CWE-476: NULL Pointer Dereference •