CVSS: 5.5EPSS: 6%CPEs: 5EXPL: 0CVE-2023-1183 – Arbitrary file write
https://notcve.org/view.php?id=CVE-2023-1183
22 Jun 2023 — A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker. Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL database engine, allowed the execution of spurious scripting commands in .script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally used to record the commands input by the databas... • http://www.openwall.com/lists/oss-security/2023/12/28/4 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-3138 – libX11: InitExt.c can overwrite unintended portions of the Display structure if the extension request leads to a buffer overflow
https://notcve.org/view.php?id=CVE-2023-3138
16 Jun 2023 — A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, a... • https://access.redhat.com/security/cve/CVE-2023-3138 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-3161 – kernel: fbcon: shift-out-of-bounds in fbcon_set_font()
https://notcve.org/view.php?id=CVE-2023-3161
12 Jun 2023 — A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing a font->width and font->height greater than 32 to the fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs, leading t... • https://bugzilla.redhat.com/show_bug.cgi?id=2213485 • CWE-682: Incorrect Calculation CWE-1335: Incorrect Bitwise Shift of Integer •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 2CVE-2023-2603 – libcap: Integer Overflow in _libcap_strdup()
https://notcve.org/view.php?id=CVE-2023-2603
06 Jun 2023 — A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB. Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications... • https://github.com/Pazhanivelmani/external_libcap-Android10_r33_CVE-2023-2603 • CWE-190: Integer Overflow or Wraparound •
CVSS: 3.3EPSS: 0%CPEs: 10EXPL: 1CVE-2023-2602 – libcap: Memory Leak on pthread_create() Error
https://notcve.org/view.php?id=CVE-2023-2602
06 Jun 2023 — A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts... • https://bugzilla.redhat.com/show_bug.cgi?id=2209114 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-2977 – opensc: buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package
https://notcve.org/view.php?id=CVE-2023-2977
01 Jun 2023 — A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. • https://access.redhat.com/security/cve/CVE-2023-2977 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 1%CPEs: 19EXPL: 0CVE-2023-2953 – openldap: null pointer dereference in ber_memalloc_x function
https://notcve.org/view.php?id=CVE-2023-2953
30 May 2023 — A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication. • http://seclists.org/fulldisclosure/2023/Jul/47 • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2023-32373 – Apple Multiple Products WebKit Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2023-32373
30 May 2023 — A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. A use after free vulnerability was found in the webkitgtk package. • https://security.gentoo.org/glsa/202401-04 • CWE-416: Use After Free •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 1CVE-2023-1981 – avahi: avahi-daemon can be crashed via DBus
https://notcve.org/view.php?id=CVE-2023-1981
26 May 2023 — A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash. USN-6129-1 fixed a vulnerability in Avahi. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Avahi incorrectly handled certain DBus messages. • https://access.redhat.com/security/cve/CVE-2023-1981 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 1%CPEs: 6EXPL: 0CVE-2023-1667 – libssh: NULL pointer dereference during rekeying with algorithm guessing
https://notcve.org/view.php?id=CVE-2023-1667
23 May 2023 — A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and manage... • http://www.libssh.org/security/advisories/CVE-2023-1667.txt • CWE-476: NULL Pointer Dereference •