CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-39418 – Postgresql: merge fails to enforce update or select row security policies
https://notcve.org/view.php?id=CVE-2023-39418
11 Aug 2023 — A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows. Se encontró una vulnerabilidad en PostgreSQL con el uso del comando MERGE, que no puede probar nuevas filas con las políticas de seguridad de filas definidas para ACTUALIZAR y SELECCIONAR. Si las políticas ACTUALIZAR y SELECCIONAR pro... • https://access.redhat.com/errata/RHSA-2023:7785 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 9.0EPSS: 0%CPEs: 11EXPL: 0CVE-2023-39417 – Postgresql: extension script @substitutions@ within quoting allow sql injection
https://notcve.org/view.php?id=CVE-2023-39417
11 Aug 2023 — IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. EN EL SCRIPT DE EXTENSIÓN, se encontró una vulnerabilidad de inyección SQL en PostgreSQL si usa @extowner@, @extschema@ o @extsch... • https://access.redhat.com/errata/RHSA-2023:7545 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1575EXPL: 2CVE-2022-40982 – hw: Intel: Gather Data Sampling (GDS) side channel vulnerability
https://notcve.org/view.php?id=CVE-2022-40982
11 Aug 2023 — Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. La exposición de información a través del estado microarquitectónico tras la ejecución transitoria en determinadas unidades de ejecución vectorial de algunos procesadores Intel(R) puede permitir a un usuario autenticado la divulgación potencial de información a través del a... • http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy CWE-1342: Information Exposure through Microarchitectural State after Transient Execution •
CVSS: 6.7EPSS: 0%CPEs: 18EXPL: 1CVE-2023-4273 – Kernel: exfat: stack overflow in exfat_get_uniname_from_ext_entry
https://notcve.org/view.php?id=CVE-2023-4273
09 Aug 2023 — A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. Se ha encontrado un fallo en el controlador exFAT del núcleo de Linu... • https://access.redhat.com/errata/RHSA-2023:6583 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 2%CPEs: 18EXPL: 0CVE-2023-3223 – Undertow: outofmemoryerror due to @multipartconfig handling
https://notcve.org/view.php?id=CVE-2023-3223
08 Aug 2023 — A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null. Se encontró una falla en el undertow. • https://access.redhat.com/errata/RHSA-2023:4505 • CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2023-4194 – Kernel: tap: tap_open(): correctly initialize socket uid next fix of i_uid to current_fsuid
https://notcve.org/view.php?id=CVE-2023-4194
07 Aug 2023 — A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that t... • https://access.redhat.com/errata/RHSA-2023:6583 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2023-4147 – Kernel: netfilter: nf_tables_newrule when adding a rule with nfta_rule_chain_id leads to use-after-free
https://notcve.org/view.php?id=CVE-2023-4147
07 Aug 2023 — A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system. Se encontró una falla de use-after-free en la funcionalidad Netfilter del kernel de Linux al agregar una regla con NFTA_RULE_CHAIN_ID. Esta falla permite a un usuario local bloquear o escalar sus privilegios en el sistema. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning... • https://github.com/murdok1982/Exploit-en-Python-para-CVE-2023-4147 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4133 – Kernel: cxgb4: use-after-free in ch_flower_stats_cb()
https://notcve.org/view.php?id=CVE-2023-4133
03 Aug 2023 — A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition. • https://access.redhat.com/errata/RHSA-2024:2394 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-38559 – Ghostscript: out-of-bound read in base/gdevdevn.c:1973 in devn_pcx_write_rle could result in dos
https://notcve.org/view.php?id=CVE-2023-38559
01 Aug 2023 — A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. Se ha encontrado un fallo de desbordamiento de búfer en base/gdevdevn.c:1973 en devn_pcx_write_rle() en ghostscript. Este problema puede permitir a un atacante local provocar una denegación de servicio mediante la salida de un archivo PDF manipulado para un dispositivo DEVN con gs. It w... • https://access.redhat.com/errata/RHSA-2023:6544 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 7.3EPSS: 0%CPEs: 8EXPL: 1CVE-2023-3971 – Controller: html injection in custom login info
https://notcve.org/view.php?id=CVE-2023-3971
01 Aug 2023 — An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise. Se encontró una falla de inyección de HTML en Controller en la configuración de la interfaz de usuario. Esta falla permite a un atacante capturar credenciales creando una página de inicio de sesión personalizada mediante la inyección de HTML, lo que resulta en un compromiso total. Red Hat Ansi... • https://github.com/ashangp923/CVE-2023-3971 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •