CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-4781 – Heap-based Buffer Overflow in vim/vim
https://notcve.org/view.php?id=CVE-2023-4781
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. Desbordamiento de búfer basado en el heap en el repositorio de GitHub vim/vim anterior a la versión 9.0.1873. • http://seclists.org/fulldisclosure/2023/Oct/24 https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93 https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883 https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html https://support.apple.com/kb/HT213984 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-41909 – frr: NULL pointer dereference in bgp_nlri_parse_flowspec() in bgpd/bgp_flowspec.c
https://notcve.org/view.php?id=CVE-2023-41909
An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference. Se descubrió un problema en FRRouting FRR hasta 9.0. bgp_nlri_parse_flowspec en bgpd/bgp_flowspec.c. Procesa solicitudes con formato incorrecto sin atributos, conllevando una desreferencia de puntero NULL. A flaw was found in frr. Processing a malformed request with no attributes may cause a NULL pointer dereference, resulting in a denial of service. • https://github.com/FRRouting/frr/pull/13222/commits/cfd04dcb3e689754a72507d086ba3b9709fc5ed8 https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4 https://access.redhat • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2023-4752 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2023-4752
Use After Free in GitHub repository vim/vim prior to 9.0.1858. Use After Free en el repositorio de GitHub vim/vim anterior a 9.0.1858. • http://seclists.org/fulldisclosure/2023/Oct/24 https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF https://lists.fedoraproject.org/archives • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 1CVE-2023-40567 – Out-Of-Bounds Write in FreeRDP
https://notcve.org/view.php?id=CVE-2023-40567
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability. • https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L612-L618 https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L843-L845 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP https://lists.fedoraproject.org/archives/lis • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 1CVE-2023-40569 – Out-Of-Bounds Write in FreeRDP
https://notcve.org/view.php?id=CVE-2023-40569
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability. • https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/progressive.c#L2598-L2616 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hm8c-rcjg-c8qp https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF https://lists.fedoraproject.org/ • CWE-787: Out-of-bounds Write •