CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-41358 – frr: processes invalid NLRIs if attribute length is zero
https://notcve.org/view.php?id=CVE-2023-41358
29 Aug 2023 — An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero. Se descubrió un problema en FRRouting FRR a través de 9.0. bgpd/bgp_packet.c procesa NLRI si la longitud del atributo es cero. A flaw was found in FRRouting, where it is susceptible to a denial of service vulnerability triggered by a NULL pointer dereference issue during the processing of Network Layer Reachability Information (NLRIs) with a zero attribute length. The vulnerability arises... • https://github.com/FRRouting/frr/pull/14260 • CWE-476: NULL Pointer Dereference •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-41359 – frr: out of bounds read in bgp_attr_aigp_valid
https://notcve.org/view.php?id=CVE-2023-41359
29 Aug 2023 — An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation. Se descubrió un problema en FRRouting FRR hasta 9.0. Hay una lectura fuera de límites en bgp_attr_aigp_valid en bgpd/bgp_attr.c porque no se verifica la disponibilidad de dos bytes durante la validación AIGP. A flaw was found in FRRouting that involves a heap-based buffer overflow in the bgp_attr_aig... • https://github.com/FRRouting/frr/pull/14232 • CWE-125: Out-of-bounds Read •
CVSS: 9.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-41360 – frr: ahead-of-stream read of ORF header
https://notcve.org/view.php?id=CVE-2023-41360
29 Aug 2023 — An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. Se descubrió un problema en FRRouting FRR hasta 9.0. bgp/bgp_packet.c puede leer el byte inicial del encabezado ORF en una situación de avance de la transmisión. An out-of-bounds read flaw was found in FRRouting in bgpd/bgp_packet.c, resulting from a boundary condition. This flaw allows a remote attacker, through specially crafted input, to read the initial byt... • https://github.com/FRRouting/frr/pull/14245 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 58EXPL: 0CVE-2023-3899 – Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration
https://notcve.org/view.php?id=CVE-2023-3899
23 Aug 2023 — A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary confi... • https://access.redhat.com/errata/RHSA-2023:4701 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-4431 – Debian Security Advisory 5483-1
https://notcve.org/view.php?id=CVE-2023-4431
22 Aug 2023 — Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) El acceso a memoria fuera de límites en Fonts en Google Chrome anterior a 116.0.5845.110 permitía a un atacante remoto realizar una lectura de memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media) Multiple vulnerabilities have been discovered in C... • https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 11%CPEs: 6EXPL: 0CVE-2023-4430 – Debian Security Advisory 5483-1
https://notcve.org/view.php?id=CVE-2023-4430
22 Aug 2023 — Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El uso gratuito en Vulkan en Google Chrome anterior a 116.0.5845.110 permitía a un atacante remoto explotar potencialmente la corrupción de la memoria a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst ... • https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-4429 – Debian Security Advisory 5483-1
https://notcve.org/view.php?id=CVE-2023-4429
22 Aug 2023 — Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El uso gratuito en Loader en Google Chrome anterior a 116.0.5845.110 permitía a un atacante remoto explotar potencialmente la corrupción de la memoria a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst ... • https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html • CWE-416: Use After Free •
CVSS: 8.1EPSS: 7%CPEs: 6EXPL: 0CVE-2023-4428 – Debian Security Advisory 5483-1
https://notcve.org/view.php?id=CVE-2023-4428
22 Aug 2023 — Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) El acceso a memoria fuera de límites en CSS en Google Chrome anterior a 116.0.5845.110 permitía a un atacante remoto realizar una lectura de memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium a... • https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 80%CPEs: 4EXPL: 2CVE-2023-4427 – Debian Security Advisory 5483-1
https://notcve.org/view.php?id=CVE-2023-4427
22 Aug 2023 — Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) El acceso a memoria fuera de los límites en V8 en Google Chrome anterior a 116.0.5845.110 permitía a un atacante remoto realizar una lectura de memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium... • https://packetstorm.news/files/id/174951 • CWE-125: Out-of-bounds Read •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29390 – libjpeg-turbo: heap-buffer-overflow vulnerability in decompress_smooth_data in jdcoefct.c
https://notcve.org/view.php?id=CVE-2021-29390
22 Aug 2023 — libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c. libjpeg-turbo versión 2.0.90 tiene una sobrelectura del búfer (2 bytes) en decompress_smooth_data en jdcoefct.c. A heap buffer over-read flaw was found in libjpeg-turbo. For certain types of smoothed jpeg images, the decompress_smooth_data() function may improperly enter a condition statement that leads to heap memory read of uninitialized data, which may cause an application crash or loss of co... • https://bugzilla.redhat.com/show_bug.cgi?id=1943797 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •