CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6004 – Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname
https://notcve.org/view.php?id=CVE-2023-6004
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter. Se encontró una falla en libssh. Al utilizar la función ProxyCommand o ProxyJump, los usuarios pueden explotar la sintaxis del hostname no verificada en el cliente. • https://access.redhat.com/errata/RHSA-2024:2504 https://access.redhat.com/errata/RHSA-2024:3233 https://access.redhat.com/security/cve/CVE-2023-6004 https://bugzilla.redhat.com/show_bug.cgi?id=2251110 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM https://security.netapp.com/advisory/ntap-20240223-0004 https://www.libssh.org/security/advisories/CVE-2023-6004.txt • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-6879 – heap buffer overflow in libaom
https://notcve.org/view.php?id=CVE-2023-6879
Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc(). Aumentar la resolución de los fotogramas de vídeo, mientras se realiza una codificación multiproceso, puede provocar un desbordamiento del montón en av1_loop_restoration_dealloc(). • https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1 https://crbug.com/aomedia/3491 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 1CVE-2023-7104 – SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow
https://notcve.org/view.php?id=CVE-2023-7104
A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP https://security.netapp.com/advisory/ntap-20240112-0008 https://sqlite.org/forum/forumpost/5bcbf4571c https://sqlite.org/src/info/0e4e7a05c4204b47 https://vuldb.com/?ctiid.248999 https://vuldb.com/?id.248999 https://access.redhat.com/security/cve/CVE-2023-7104 https:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 6%CPEs: 4EXPL: 0CVE-2023-7101 – Spreadsheet::ParseExcel Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-7101
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic. Spreadsheet::ParseExcel version 0.65 es un módulo Perl utilizado para analizar archivos Excel. Spreadsheet::ParseExcel es afectado por una vulnerabilidad de ejecución de código arbitrario (ACE) debido a que se pasa una entrada no validada de un archivo a una "evaluación" de tipo cadena. • http://www.openwall.com/lists/oss-security/2023/12/29/4 https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171 https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc https://https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc https://https://metacpan.org/dist/Spreadsheet-ParseExcel https: • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-51767
https://notcve.org/view.php?id=CVE-2023-51767
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. OpenSSH hasta 9.6, cuando se utilizan tipos comunes de DRAM, podría permitir row hammer attacks (para omitir la autenticación) porque el valor entero de autenticado en mm_answer_authpassword no resiste cambios de un solo bit. NOTA: esto es aplicable a un determinado modelo de amenaza de ubicación conjunta entre atacante y víctima en el que el atacante tiene privilegios de usuario. • https://access.redhat.com/security/cve/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.netapp.com/advisory/ntap-20240125-0006 https://ubuntu.com/security/CVE-2023-51767 •