CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 1CVE-2023-36479 – Jetty vulnerable to errant command quoting in CGI Servlet
https://notcve.org/view.php?id=CVE-2023-36479
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. • https://github.com/eclipse/jetty.project/pull/9516 https://github.com/eclipse/jetty.project/pull/9888 https://github.com/eclipse/jetty.project/pull/9889 https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html https://www.debian.org/security/2023/dsa-5507 https://access.redhat.com/security/cve/CVE-2023-36479 https://bugzilla.redhat.com/show_bug.cgi?id=2239630 • CWE-149: Improper Neutralization of Quoting Syntax •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2023-4921 – Use-after-free in Linux kernel's net/sched: sch_qfq component
https://notcve.org/view.php?id=CVE-2023-4921
A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8. Una vulnerabilidad de use-after-free en el componente net/sched: sch_qfq del kernel de Linux se puede explotar para lograr una escalada de privilegios local. Cuando el complemento qdisc se utiliza como una clase de qfq qdisc, el envío de paquetes de red activa el uso después de la liberación en qfq_dequeue() debido al controlador .peek incorrecto de sch_plug y la falta de verificación de errores en agg_dequeue(). Recomendamos actualizar al commit anterior 8fc134fee27f2263988ae38920bc03da416b03d8. A use-after-free flaw was found in qfq_dequeue and agg_dequeue in net/sched/sch_qfq.c in the Traffic Control (QoS) subsystem in the Linux kernel. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8fc134fee27f2263988ae38920bc03da416b03d8 https://kernel.dance/8fc134fee27f2263988ae38920bc03da416b03d8 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://access.redhat.com/security/cve/CVE-2023-4921 https://bugzilla.redhat.com/show_bug.cgi?id=2245514 • CWE-416: Use After Free •
CVSS: 9.6EPSS: 44%CPEs: 16EXPL: 12CVE-2023-4863 – Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-4863
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) El desbordamiento del búfer de memoria en libwebp en Google Chrome anterior a 116.0.5845.187 y libwebp 1.3.2 permitía a un atacante remoto realizar una escritura en memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chromium: crítica) A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library. Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. • https://github.com/alsaeroth/CVE-2023-4863-POC https://github.com/mistymntncop/CVE-2023-4863 https://github.com/LiveOverflow/webp-CVE-2023-4863 https://github.com/bbaranoff/CVE-2023-4863 https://github.com/talbeerysec/BAD-WEBP-CVE-2023-4863 https://github.com/huiwen-yayaya/CVE-2023-4863 https://github.com/CrackerCat/CVE-2023-4863- https://github.com/sarsaeroth/CVE-2023-4863-POC http://www.openwall.com/lists/oss-security/2023/09/21/4 http://www.openwall.com/list • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4874 – Undefined Behavior for Input to API in Mutt
https://notcve.org/view.php?id=CVE-2023-4874
Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 Eliminación de referencia del puntero nulo al ver un correo electrónico especialmente manipulado en Mutt versiones >1.5.2 y <2.2.12 A null pointer dereference flaw was found in mutt when handling specially crafted characters. This issue could allow an attacker to send a specially crafted email that causes the email client to crash when reading or processing the email. • http://www.openwall.com/lists/oss-security/2023/09/26/6 https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch https://gitlab.com/muttmua/mutt/-/commit/a4752eb0ae0a521eec02e59e51ae5daedf74fda0.patch https://lists.debian.org/debian-lts-announce/2023/09/msg00021.html https://www.debian.org/security/2023/dsa-5494 https://access.redhat.com/security/cve/CVE-2023-4874 https://bugzilla.redhat.com/show_bug.cgi?id=2238240 • CWE-475: Undefined Behavior for Input to API CWE-476: NULL Pointer Dereference •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4875 – Undefined Behavior for Input to API in Mutt
https://notcve.org/view.php?id=CVE-2023-4875
Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 Eliminación de referencia del puntero nulo al redactar a partir de un mensaje de borrador especialmente manipulado en Mutt versiones >1.5.2 y <2.2.12 A null pointer dereference flaw was found in mutt when handling specially crafted characters. This issue could allow an attacker to send a specially crafted email that causes the email client to crash when reading or processing the email. • http://www.openwall.com/lists/oss-security/2023/09/26/6 https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6.patch https://lists.debian.org/debian-lts-announce/2023/09/msg00021.html https://www.debian.org/security/2023/dsa-5494 https://access.redhat.com/security/cve/CVE-2023-4875 https://bugzilla.redhat.com/show_bug.cgi?id=2238241 • CWE-475: Undefined Behavior for Input to API CWE-476: NULL Pointer Dereference •