CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 1CVE-2023-27320
https://notcve.org/view.php?id=CVE-2023-27320
Sudo before 1.9.13p2 has a double free in the per-command chroot feature. • http://www.openwall.com/lists/oss-security/2023/03/01/8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/332KN4QI6QXB7NI7SWSJ2EQJKWIILFN6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6VW24YGXJYI4NZ5HZPQCF4MCE7766AU https://security.gentoo.org/glsa/202309-12 https://security.netapp.com/advisory/ntap-20230413-0009 https: • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-1055 – RHDS: LDAP browser tries to decode userPassword instead of userCertificate attribute
https://notcve.org/view.php?id=CVE-2023-1055
A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality. A flaw was found in RHDS 11 and 12. • https://bugzilla.redhat.com/show_bug.cgi?id=2173517#c0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZOYQ5TCV6ZEPMDV4CSLK3KINAAO4SRI https://access.redhat.com/security/cve/CVE-2023-1055 https://bugzilla.redhat.com/show_bug.cgi?id=2173517 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 1CVE-2023-23916 – curl: HTTP multi-header compression denial of service
https://notcve.org/view.php?id=CVE-2023-23916
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. • https://hackerone.com/reports/1826048 https://lists.debian.org/debian-lts-announce/2023/02/msg00035.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO https://security.gentoo.org/glsa/202310-12 https://security.netapp.com/advisory/ntap-20230309-0006 https://www.debian.org/security/2023/dsa-5365 https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 4CVE-2023-24329 – python: urllib.parse url blocklisting bypass
https://notcve.org/view.php?id=CVE-2023-24329
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity. • https://github.com/JawadPy/CVE-2023-24329-Exploit https://github.com/Pandante-Central/CVE-2023-24329-codeql-test https://github.com/H4R335HR/CVE-2023-24329-PoC https://github.com/python/cpython/issues/102153 https://github.com/python/cpython/pull/99421 https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72 https://lists.fedoraproject.org/archives/list/package-announ • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 10EXPL: 1CVE-2023-0361 – gnutls: timing side-channel in the TLS RSA key exchange code
https://notcve.org/view.php?id=CVE-2023-0361
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. • https://access.redhat.com/security/cve/CVE-2023-0361 https://github.com/tlsfuzzer/tlsfuzzer/pull/679 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ https://lists.fedoraproject.org/archives/list/package& • CWE-203: Observable Discrepancy •