CVE-2023-6004 – Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname
https://notcve.org/view.php?id=CVE-2023-6004
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter. Se encontró una falla en libssh. Al utilizar la función ProxyCommand o ProxyJump, los usuarios pueden explotar la sintaxis del hostname no verificada en el cliente. • https://access.redhat.com/errata/RHSA-2024:2504 https://access.redhat.com/errata/RHSA-2024:3233 https://access.redhat.com/security/cve/CVE-2023-6004 https://bugzilla.redhat.com/show_bug.cgi?id=2251110 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM https://security.netapp.com/advisory/ntap-20240223-0004 https://www.libssh.org/security/advisories/CVE-2023-6004.txt • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2023-6879 – heap buffer overflow in libaom
https://notcve.org/view.php?id=CVE-2023-6879
Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). Aumentar la resolución de los fotogramas de vídeo, mientras se realiza una codificación multiproceso, puede provocar un desbordamiento del montón en av1_loop_restoration_dealloc(). • https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1 https://crbug.com/aomedia/3491 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVE-2023-7104 – SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow
https://notcve.org/view.php?id=CVE-2023-7104
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP https://security.netapp.com/advisory/ntap-20240112-0008 https://sqlite.org/forum/forumpost/5bcbf4571c https://sqlite.org/src/info/0e4e7a05c4204b47 https://vuldb.com/?ctiid.248999 https://vuldb.com/?id.248999 https://access.redhat.com/security/cve/CVE-2023-7104 https: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2023-7101 – Spreadsheet::ParseExcel Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-7101
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic. Spreadsheet::ParseExcel version 0.65 es un módulo Perl utilizado para analizar archivos Excel. Spreadsheet::ParseExcel es afectado por una vulnerabilidad de ejecución de código arbitrario (ACE) debido a que se pasa una entrada no validada de un archivo a una "evaluación" de tipo cadena. • http://www.openwall.com/lists/oss-security/2023/12/29/4 https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171 https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc https://https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc https://https://metacpan.org/dist/Spreadsheet-ParseExcel https: • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVE-2023-51764
https://notcve.org/view.php?id=CVE-2023-51764
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9. • https://github.com/duy-31/CVE-2023-51764 https://github.com/eeenvik1/CVE-2023-51764 https://github.com/Double-q1015/CVE-2023-51764 https://github.com/d4op/CVE-2023-51764-POC http://www.openwall.com/lists/oss-security/2023/12/24/1 http://www.openwall.com/lists/oss-security/2023/12/25/1 http://www.openwall.com/lists/oss-security/2024/05/09/3 https://access.redhat.com/security/cve/CVE-2023-51764 https://bugzilla.redhat.com/show_bug.cgi?id=2255563 http • CWE-345: Insufficient Verification of Data Authenticity •