CVE-2023-34058 – open-vm-tools: SAML token signature bypass
https://notcve.org/view.php?id=CVE-2023-34058
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . VMware Tools contiene una vulnerabilidad de omisión de firma de token SAML. Un actor malicioso al que se le han otorgado privilegios de operación de invitado https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html en una máquina virtual de destino es posible que pueda elevar sus privilegios si a esa máquina virtual de destino se le ha asignado un Alias de Invitado más privilegiado https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html. A flaw was found in open-vm-tools. • http://www.openwall.com/lists/oss-security/2023/10/27/1 https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK https://www.debian.org/security/2023/ • CWE-347: Improper Verification of Cryptographic Signature CWE-1220: Insufficient Granularity of Access Control •
CVE-2023-46234 – browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack
https://notcve.org/view.php?id=CVE-2023-46234
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2. browserify-sign es un paquete para duplicar la funcionalidad de las funciones de clave pública criptográfica del nodo, gran parte de esto se basa en el trabajo de Fedor Indutny en indutny/tls.js. Un problema de verificación de límite superior en la función `dsaVerify` permite a un atacante construir firmas que pueden verificarse con éxito mediante cualquier clave pública, lo que lleva a un ataque de falsificación de firmas. • https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30 https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw https://lists.debian.org/debian-lts-announce/2023/10/msg00040.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HUE6ZR5SL73KHL7XUPAOEL6SB7HUDT2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PVVPNSAGSDS63HQ74PJ7MZ3MU5IYNVZ https://www.debian.org/security/2023/dsa-5539 https • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2023-5380 – Xorg-x11-server: use-after-free bug in destroywindow
https://notcve.org/view.php?id=CVE-2023-5380
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed. Se encontró una falla de use-after-free en el servidor xorg-x11. Puede ocurrir una falla del servidor X en una configuración muy específica y heredada (una configuración de múltiples pantallas con múltiples pantallas de protocolo, también conocida como modo Zaphod) si el puntero se deforma desde dentro de una ventana en una pantalla a la ventana raíz de la otra pantalla y si la ventana original se destruye y luego se destruye otra ventana. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. • https://access.redhat.com/errata/RHSA-2023:7428 https://access.redhat.com/errata/RHSA-2024:2169 https://access.redhat.com/errata/RHSA-2024:2298 https://access.redhat.com/errata/RHSA-2024:2995 https://access.redhat.com/errata/RHSA-2024:3067 https://access.redhat.com/security/cve/CVE-2023-5380 https://bugzilla.redhat.com/show_bug.cgi?id=2244736 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D https://lists.fedoraprojec • CWE-416: Use After Free •
CVE-2023-5367 – Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty
https://notcve.org/view.php?id=CVE-2023-5367
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service. Se encontró una falla de escritura fuera de los límites en el servidor xorg-x11. Este problema ocurre debido a un cálculo incorrecto de un desplazamiento del búfer al copiar datos almacenados en el montón en la función XIChangeDeviceProperty en Xi/xiproperty.c y en la función RRChangeOutputProperty en randr/rrproperty.c, lo que permite una posible escalada de privilegios o Denegación de Servicio (DoS). . This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. • https://access.redhat.com/errata/RHSA-2023:6802 https://access.redhat.com/errata/RHSA-2023:6808 https://access.redhat.com/errata/RHSA-2023:7373 https://access.redhat.com/errata/RHSA-2023:7388 https://access.redhat.com/errata/RHSA-2023:7405 https://access.redhat.com/errata/RHSA-2023:7428 https://access.redhat.com/errata/RHSA-2023:7436 https://access.redhat.com/errata/RHSA-2023:7526 https://access.redhat.com/errata/RHSA-2023:7533 https://access.redhat.com/errata/RHSA • CWE-787: Out-of-bounds Write •
CVE-2023-42852 – webkitgtk: Processing web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-42852
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution. Se solucionó un problema lógico con controles mejorados. Este problema se solucionó en iOS 17.1 y iPadOS 17.1, watchOS 10.1, iOS 16.7.2 y iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. • http://seclists.org/fulldisclosure/2023/Oct/19 http://seclists.org/fulldisclosure/2023/Oct/22 http://seclists.org/fulldisclosure/2023/Oct/23 http://seclists.org/fulldisclosure/2023/Oct/24 http://seclists.org/fulldisclosure/2023/Oct/25 http://seclists.org/fulldisclosure/2023/Oct/27 http://www.openwall.com/lists/oss-security/2023/11/15/1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2 https://lists.fedoraproject.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •