CVSS: 5.9EPSS: 1%CPEs: 10EXPL: 0CVE-2022-2127 – Samba: out-of-bounds read in winbind auth_crap
https://notcve.org/view.php?id=CVE-2022-2127
20 Jul 2023 — An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash. It was discovered that Samba incorrectly... • https://access.redhat.com/errata/RHSA-2023:6667 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2023-3347 – Samba: smb2 packet signing is not enforced when "server signing = required" is set
https://notcve.org/view.php?id=CVE-2023-3347
20 Jul 2023 — A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data. It was discovered that Samba incorrectly handled W... • https://access.redhat.com/errata/RHSA-2023:4325 • CWE-347: Improper Verification of Cryptographic Signature CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 5.3EPSS: 2%CPEs: 10EXPL: 0CVE-2023-34968 – Samba: spotlight server-side share path disclosure
https://notcve.org/view.php?id=CVE-2023-34968
20 Jul 2023 — A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. It was discovered that Samba incorrectly handled Winbind NTLM authentication responses. An attacker could possibly use this issue to cause Samba to crash, resulting in a d... • https://access.redhat.com/errata/RHSA-2023:6667 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-3618 – Segmentation fault in fax3encode in libtiff/tif_fax3.c
https://notcve.org/view.php?id=CVE-2023-3618
12 Jul 2023 — A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service. It was discovered that LibTIFF could be made to write out of bounds when processing certain malformed image files with the tiffcrop utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcrop to crash, resulting in a denial of service... • https://access.redhat.com/security/cve/CVE-2023-3618 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-3354 – Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service
https://notcve.org/view.php?id=CVE-2023-3354
11 Jul 2023 — A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service. This update for qemu fixes the following issues. • https://access.redhat.com/security/cve/CVE-2023-3354 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2023-1672 – Race condition exists in the key generation and rotation functionality
https://notcve.org/view.php?id=CVE-2023-1672
11 Jul 2023 — A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host. Brian McDermott discovered that Tang incorrectly handled permissions when creating/rotating keys. A local attacker could possibly use this issue to read the keys. • https://access.redhat.com/security/cve/CVE-2023-1672 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 1CVE-2023-3269 – Distros-[dirtyvma] privilege escalation via non-rcu-protected vma traversal
https://notcve.org/view.php?id=CVE-2023-3269
06 Jul 2023 — A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges. Ruihan Li discovered that the memory management subsystem in the Linux kernel contained a race condition when accessing VMAs in certain conditions, leading to a use-after-free vulnerabilit... • https://github.com/lrh2000/StackRot • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2023-3089 – Ocp & fips mode
https://notcve.org/view.php?id=CVE-2023-3089
05 Jul 2023 — A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. Red Hat Advanced Cluster Management for Kubernetes 2.8.1 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applicati... • https://access.redhat.com/security/cve/CVE-2023-3089 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-521: Weak Password Requirements CWE-693: Protection Mechanism Failure •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1206 – kernel: hash collisions in the IPv6 connection lookup table
https://notcve.org/view.php?id=CVE-2023-1206
30 Jun 2023 — A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. ... • https://bugzilla.redhat.com/show_bug.cgi?id=2175903 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-2422 – Keycloak: oauth client impersonation
https://notcve.org/view.php?id=CVE-2023-2422
28 Jun 2023 — A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients. Se encontró una falla en Keycloak. Un servidor Keycloak configurado para admitir la autenticación mTLS para clientes OAuth/OpenID no verifica correctamente la cadena de certificados del cliente. • https://access.redhat.com/errata/RHSA-2023:3883 • CWE-295: Improper Certificate Validation •