CVE-2023-6546 – Kernel: gsm multiplexing race condition leads to privilege escalation
https://notcve.org/view.php?id=CVE-2023-6546
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system. Se encontró una condición de ejecución en el multiplexor tty GSM 0710 en el kernel de Linux. Este problema ocurre cuando dos subprocesos ejecutan GSMIOC_SETCONF ioctl en el mismo descriptor de archivo tty con la disciplina de línea gsm habilitada y puede provocar un problema de use after free en una estructura gsm_dlci al reiniciar gsm mux. • http://www.openwall.com/lists/oss-security/2024/04/10/18 http://www.openwall.com/lists/oss-security/2024/04/10/21 http://www.openwall.com/lists/oss-security/2024/04/11/7 http://www.openwall.com/lists/oss-security/2024/04/11/9 http://www.openwall.com/lists/oss-security/2024/04/12/1 http://www.openwall.com/lists/oss-security/2024/04/12/2 http://www.openwall.com/lists/oss-security/2024/04/16/2 http://www.openwall.com/lists/oss-security/20 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVE-2023-6918 – Libssh: missing checks for return values for digests
https://notcve.org/view.php?id=CVE-2023-6918
A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the uninitialized memory as an input for the KDF. In this case, non-matching keys will result in decryption/integrity failures, terminating the connection. Se encontró un fallo en la capa abstracta de implementación de libssh para operaciones de resumen de mensajes (MD) implementadas por diferentes backends criptográficos compatibles. Los valores de retorno de estos no se verificaron correctamente, lo que podría causar fallas en situaciones de poca memoria, desreferencias NULL, fallas o uso de la memoria no inicializada como entrada para el KDF. • https://access.redhat.com/errata/RHSA-2024:2504 https://access.redhat.com/errata/RHSA-2024:3233 https://access.redhat.com/security/cve/CVE-2023-6918 https://bugzilla.redhat.com/show_bug.cgi?id=2254997 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh- • CWE-252: Unchecked Return Value •
CVE-2023-6927 – Keycloak: open redirect via "form_post.jwt" jarm response mode
https://notcve.org/view.php?id=CVE-2023-6927
A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134. Se encontró una falla en Keycloak. Este problema puede permitir que un atacante robe códigos de autorización o tokens de clientes usando un comodín en el modo de respuesta JARM "form_post.jwt" que podría usarse para eludir el parche de seguridad implementado para abordar CVE-2023-6134. • https://access.redhat.com/errata/RHSA-2024:0094 https://access.redhat.com/errata/RHSA-2024:0095 https://access.redhat.com/errata/RHSA-2024:0096 https://access.redhat.com/errata/RHSA-2024:0097 https://access.redhat.com/errata/RHSA-2024:0098 https://access.redhat.com/errata/RHSA-2024:0100 https://access.redhat.com/errata/RHSA-2024:0101 https://access.redhat.com/errata/RHSA-2024:0798 https://access.redhat.com/errata/RHSA-2024:0799 https://access.redhat.com/errata/RHSA • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2023-6228 – Libtiff: heap-based buffer overflow in cpstriptotile() in tools/tiffcp.c
https://notcve.org/view.php?id=CVE-2023-6228
An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. Se encontró un problema en la utilidad tiffcp distribuida por el paquete libtiff donde un archivo TIFF manipulado durante el procesamiento puede provocar un desbordamiento de búfer de almacenamiento dinámico y provocar un bloqueo de la aplicación. • https://access.redhat.com/errata/RHSA-2024:2289 https://access.redhat.com/security/cve/CVE-2023-6228 https://bugzilla.redhat.com/show_bug.cgi?id=2240995 https://access.redhat.com/errata/RHSA-2024:5079 • CWE-787: Out-of-bounds Write •
CVE-2023-5384 – Infinispan: credentials returned from configuration as clear text
https://notcve.org/view.php?id=CVE-2023-5384
A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration. Se encontró una falla en Infinispan. Al serializar la configuración de una caché en XML/JSON/YAML, que contiene credenciales (almacén JDBC con agrupación de conexiones, almacén remoto), las credenciales se devuelven en texto plano como parte de la configuración. • https://access.redhat.com/errata/RHSA-2023:7676 https://access.redhat.com/security/cve/CVE-2023-5384 https://bugzilla.redhat.com/show_bug.cgi?id=2242156 https://security.netapp.com/advisory/ntap-20240125-0004 • CWE-312: Cleartext Storage of Sensitive Information •