CVE-2023-5217 – Google Chromium libvpx Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-5217
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento del búfer en la codificación vp8 en libvpx en Google Chrome anterior a 117.0.5938.132 y libvpx 1.13.1 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library. Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. • http://seclists.org/fulldisclosure/2023/Oct/12 http://seclists.org/fulldisclosure/2023/Oct/16 http://www.openwall.com/lists/oss-security/2023/09/28/5 http://www.openwall.com/lists/oss-security/2023/09/28/6 http://www.openwall.com/lists/oss-security/2023/09/29/1 http://www.openwall.com/lists/oss-security/2023/09/29/11 http://www.openwall.com/lists/oss-security/2023/09/29/12 http://www.openwall.com/lists/oss-security/2023/09/29/14 http://ww • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2023-42756 – Kernel: netfilter: race condition between ipset_cmd_add and ipset_cmd_swap
https://notcve.org/view.php?id=CVE-2023-42756
A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system. Se encontró una falla en el subsistema Netfilter del kernel de Linux. Una condición de ejecución entre IPSET_CMD_ADD e IPSET_CMD_SWAP puede provocar un panic en el kernel debido a la invocación de `__ip_set_put` en un `set` incorrecto. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/security/cve/CVE-2023-42756 https://bugzilla.redhat.com/show_bug.cgi?id=2239848 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6 https://lists.fedoraproject.org/archives/list/package& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2023-42822 – Unchecked access to font glyph info in xrdp
https://notcve.org/view.php?id=CVE-2023-42822
xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdp_painter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a potentially privileged process. On non-Debian platforms, xrdp tends to run as root. • https://github.com/neutrinolabs/xrdp/commit/73acbe1f7957c65122b00de4d6f57a8d0d257c40 https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2hjx-rm4f-r9hw https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FPGA4M7IYCP7OILDF2ZJEVSXUOFEFQ6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFGL22QQF65OIZRMCKUZCVJQCKGUBRYE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTXODUR4ILM7ZPA6ZGY6VSK4BBSBMKGY • CWE-125: Out-of-bounds Read •
CVE-2023-41335 – Temporary storage of plaintext passwords during password changes in matrix synapse
https://notcve.org/view.php?id=CVE-2023-41335
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as part of the authentication process—it does disrupt the expectation that passwords won't be stored in the database. As a result, these passwords could inadvertently be captured in database backups for a longer duration. These temporarily stored passwords are automatically erased after a 48-hour window. • https://github.com/matrix-org/synapse/pull/16272 https://github.com/matrix-org/synapse/security/advisories/GHSA-4f74-84v3-j9q5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AFB2Y3S2VCPCN5P2XCZTG24MBMZ7DM4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65QPC55I4D27HIZP7H2NQ34EOXHPP4AO https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY https://security.gentoo.org/glsa/202401-12 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2023-42453 – Improper validation of receipts allows forged read receipts in matrix synapse
https://notcve.org/view.php?id=CVE-2023-42453
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. • https://github.com/matrix-org/synapse/pull/16327 https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AFB2Y3S2VCPCN5P2XCZTG24MBMZ7DM4 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65QPC55I4D27HIZP7H2NQ34EOXHPP4AO https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6P4QULVUE254WI7XF2LWWOGHCYVFXFY https://security.gentoo.org/glsa/202401-12 • CWE-285: Improper Authorization •