CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-23457 – Upx: segv on packlinuxelf64::invert_pt_dynamic() in p_lx_elf.cpp
https://notcve.org/view.php?id=CVE-2023-23457
A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service. Se encontró una falla de segmentación en UPX en PackLinuxElf64::invert_pt_dynamic() en p_lx_elf.cpp. Un atacante con un archivo de entrada manipulado permite el acceso a una dirección de memoria no válida que podría provocar una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=2160382 https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860 https://github.com/upx/upx/issues/631 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EL3BVKIGG3SH6I3KPOYQAWCBD4UMPOPI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGEP3FBNRZXGLIA2B2ICMB32JVMPREFZ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3592
https://notcve.org/view.php?id=CVE-2022-3592
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem. Se ha encontrado una vulnerabilidad de seguimiento de enlaces simbólicos en Samba, donde un usuario puede crear un enlace simbólico que haga que 'smbd' escape de la ruta de recurso compartido configurada. Este fallo permite a un usuario remoto con acceso a la parte exportada del sistema de archivos bajo un recurso compartido a través de extensiones SMB1 unix o NFS crear enlaces simbólicos a archivos fuera de la ruta de recurso compartido configurada por 'smbd' y obtener acceso al sistema de archivos de otro servidor restringido. • https://access.redhat.com/security/cve/CVE-2022-3592 https://bugzilla.redhat.com/show_bug.cgi?id=2137776 https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2022-3592.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-4379 – kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack
https://notcve.org/view.php?id=CVE-2022-4379
A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial of service. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75333d48f92256a0dec91dbf07835e804fc411c0 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aeba12b26c79fc35e07e511f692a8907037d95da https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LECFVUHKIRBV5JJBE3KQCLGKNYJPBRCN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAVD6JIILAVSRH • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21538 – .NET Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2023-21538
.NET Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de .NET A vulnerability was found in dotnet. This flaw occurs when parsing an empty HTTP response as a JSON.NET JObject that causes a stack overflow and crashes a process. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21538 https://access.redhat.com/security/cve/CVE-2023-21538 https://bugzilla.redhat.com/show_bug.cgi?id=2158342 • CWE-121: Stack-based Buffer Overflow CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-0049 – Out-of-bounds Read in vim/vim
https://notcve.org/view.php?id=CVE-2023-0049
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. Lectura fuera de los límites en el repositorio de GitHub vim/vim, afectando a las versiones anteriores a la 9.0.1143. • http://seclists.org/fulldisclosure/2023/Mar/17 https://github.com/vim/vim/commit/7b17eb4b063a234376c1ec909ee293e42cff290c https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3Y752EAVACVC5XY2TMGGOAIU25VQRPDW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T33LLWHLH63XDCO5OME7NWN63RA4U5HF https://security.gentoo.org/glsa/202305-16 https://support.apple.com/kb/HT213670 • CWE-125: Out-of-bounds Read •