CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 1CVE-2022-4907 – Debian Security Advisory 5552-1
https://notcve.org/view.php?id=CVE-2022-4907
28 Jul 2023 — Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. • https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-3773 – Kernel: xfrm: out-of-bounds read of xfrma_mtimer_thresh nlattr
https://notcve.org/view.php?id=CVE-2023-3773
25 Jul 2023 — A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace. Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a specula... • https://access.redhat.com/errata/RHSA-2023:6583 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2023-3772 – Kernel: xfrm: null pointer dereference in xfrm_update_ae_params()
https://notcve.org/view.php?id=CVE-2023-3772
25 Jul 2023 — A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local ... • http://www.openwall.com/lists/oss-security/2023/08/10/1 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 5%CPEs: 145EXPL: 2CVE-2023-20593 – hw: amd: Cross-Process Information Leak
https://notcve.org/view.php?id=CVE-2023-20593
24 Jul 2023 — An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances. Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensiti... • https://github.com/sbaresearch/stop-zenbleed-win • CWE-209: Generation of Error Message Containing Sensitive Information CWE-1239: Improper Zeroization of Hardware Register •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-3863 – Use-after-free in nfc_llcp_find_loca in net/nfc/llcp_core.c
https://notcve.org/view.php?id=CVE-2023-3863
24 Jul 2023 — A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir Tamari and Sagi Tzadik discov... • https://access.redhat.com/security/cve/CVE-2023-3863 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-3417 – thunderbird: File Extension Spoofing using the Text Direction Override Character
https://notcve.org/view.php?id=CVE-2023-3417
24 Jul 2023 — Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1 and Thunderbird < 102.13.1. Junsung Lee discovered that Thunderbird did not properly validate the text direction override unicode character in filenames. • https://bugzilla.mozilla.org/show_bug.cgi?id=1835582 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 33%CPEs: 11EXPL: 3CVE-2023-38633 – librsvg: Arbitrary file read when xinclude href has special characters
https://notcve.org/view.php?id=CVE-2023-38633
22 Jul 2023 — A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. A directory traversal vulnerability was discovered in the URL decoder of Librsvg. This issue occurs when xinclude href has special characters; demonstrated by href=".?.. • http://seclists.org/fulldisclosure/2023/Jul/43 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-3776 – Use-after-free in Linux kernel's net/sched: cls_fw component
https://notcve.org/view.php?id=CVE-2023-3776
21 Jul 2023 — A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b225... • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-3611 – Out-of-bounds write in Linux kernel's net/sched: sch_qfq component
https://notcve.org/view.php?id=CVE-2023-3611
21 Jul 2023 — An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64. An out-of-bounds memory write flaw was found in qfq_change_agg in net/sched/sch_qfq.c in the Traffic Control (QoS) subsystem in the Lin... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64 • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 18%CPEs: 9EXPL: 0CVE-2023-34967 – Samba: type confusion in mdssvc rpc service for spotlight
https://notcve.org/view.php?id=CVE-2023-34967
20 Jul 2023 — A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the pass... • https://access.redhat.com/errata/RHSA-2023:6667 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •