CVE-2023-5869 – Postgresql: buffer overrun from integer overflow in array modification
https://notcve.org/view.php?id=CVE-2023-5869
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory. Se encontró una falla en PostgreSQL que permite a los usuarios de bases de datos autenticados ejecutar código arbitrario al faltar verificaciones de desbordamiento durante la modificación del valor de la matriz SQL. Este problema existe debido a un desbordamiento de enteros durante la modificación de la matriz, donde un usuario remoto puede desencadenar el desbordamiento proporcionando datos especialmente manipulados. • https://access.redhat.com/errata/RHSA-2023:7545 https://access.redhat.com/errata/RHSA-2023:7579 https://access.redhat.com/errata/RHSA-2023:7580 https://access.redhat.com/errata/RHSA-2023:7581 https://access.redhat.com/errata/RHSA-2023:7616 https://access.redhat.com/errata/RHSA-2023:7656 https://access.redhat.com/errata/RHSA-2023:7666 https://access.redhat.com/errata/RHSA-2023:7667 https://access.redhat.com/errata/RHSA-2023:7694 https://access.redhat.com/errata/RHSA • CWE-190: Integer Overflow or Wraparound •
CVE-2023-46847 – Squid: denial of service in http digest authentication
https://notcve.org/view.php?id=CVE-2023-46847
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. Squid es vulnerable a una Denegación de Servicio, donde un atacante remoto puede realizar un ataque de desbordamiento de búfer escribiendo hasta 2 MB de datos arbitrarios en la memoria acumulada cuando Squid está configurado para aceptar la autenticación implícita HTTP. • https://access.redhat.com/errata/RHSA-2023:6266 https://access.redhat.com/errata/RHSA-2023:6267 https://access.redhat.com/errata/RHSA-2023:6268 https://access.redhat.com/errata/RHSA-2023:6748 https://access.redhat.com/errata/RHSA-2023:6801 https://access.redhat.com/errata/RHSA-2023:6803 https://access.redhat.com/errata/RHSA-2023:6804 https://access.redhat.com/errata/RHSA-2023:6805 https://access.redhat.com/errata/RHSA-2023:6810 https://access.redhat.com/errata/RHSA • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-5367 – Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty
https://notcve.org/view.php?id=CVE-2023-5367
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service. Se encontró una falla de escritura fuera de los límites en el servidor xorg-x11. Este problema ocurre debido a un cálculo incorrecto de un desplazamiento del búfer al copiar datos almacenados en el montón en la función XIChangeDeviceProperty en Xi/xiproperty.c y en la función RRChangeOutputProperty en randr/rrproperty.c, lo que permite una posible escalada de privilegios o Denegación de Servicio (DoS). . This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. • https://access.redhat.com/errata/RHSA-2023:6802 https://access.redhat.com/errata/RHSA-2023:6808 https://access.redhat.com/errata/RHSA-2023:7373 https://access.redhat.com/errata/RHSA-2023:7388 https://access.redhat.com/errata/RHSA-2023:7405 https://access.redhat.com/errata/RHSA-2023:7428 https://access.redhat.com/errata/RHSA-2023:7436 https://access.redhat.com/errata/RHSA-2023:7526 https://access.redhat.com/errata/RHSA-2023:7533 https://access.redhat.com/errata/RHSA • CWE-787: Out-of-bounds Write •
CVE-2023-3899 – Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration
https://notcve.org/view.php?id=CVE-2023-3899
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root. • https://access.redhat.com/errata/RHSA-2023:4701 https://access.redhat.com/errata/RHSA-2023:4702 https://access.redhat.com/errata/RHSA-2023:4703 https://access.redhat.com/errata/RHSA-2023:4704 https://access.redhat.com/errata/RHSA-2023:4705 https://access.redhat.com/errata/RHSA-2023:4706 https://access.redhat.com/errata/RHSA-2023:4707 https://access.redhat.com/errata/RHSA-2023:4708 https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVE-2023-0494 – X.Org Server DeepCopyPointerClasses Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-0494
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DeepCopyPointerClasses function. • https://bugzilla.redhat.com/show_bug.cgi?id=2165995 https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec https://lists.x.org/archives/xorg-announce/2023-February/003320.html https://security.gentoo.org/glsa/202305-30 https://access.redhat.com/security/cve/CVE-2023-0494 • CWE-416: Use After Free •