CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2023-3107 – Remote denial of service in IPv6 fragment reassembly
https://notcve.org/view.php?id=CVE-2023-3107
A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service. Un conjunto de paquetes ipv6 cuidadosamente diseñados puede desencadenar un desbordamiento de enteros en el cálculo del campo de longitud de la carga útil de un paquete reensamblado por fragmentos. Esto permite a un atacante desencadenar un kernel panic, resultando en una denegación de servicio. • https://security.FreeBSD.org/advisories/FreeBSD-SA-23:06.ipv6.asc https://security.netapp.com/advisory/ntap-20230804-0001 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-4004 – Kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove()
https://notcve.org/view.php?id=CVE-2023-4004
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. Se encontró una falla de use-after-free en el netfilter del kernel de Linux en la forma en que un usuario activa la función nft_pipapo_remove con el elemento, sin un NFT_SET_EXT_KEY_END. Este problema podría permitir que un usuario local bloquee el sistema o potencialmente aumente sus privilegios en el sistema. • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://access.redhat.com/errata/RHSA-2023:4961 https://access.redhat.com/errata/RHSA-2023:4962 https://access.redhat.com/errata/RHSA-2023:4967 https://access.redhat.com/errata/RHSA-2023:5069 https://access.redhat.com/errata/RHSA-2023:5091 https://access.redhat.com/errata/RHSA-2023:5093 https:// • CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 9EXPL: 0CVE-2023-22058 – mysql: Server: DDL unspecified vulnerability (CPU Jul 2023)
https://notcve.org/view.php?id=CVE-2023-22058
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN https://security.netapp.com/advisory/ntap-20230725-0005 https://www.oracle.com/security-alerts/cpujul2023.html https://access.redhat.com/security/cve/CVE-2023-22058 https:&#x •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2023-22057 – mysql: Server: Replication unspecified vulnerability (CPU Jul 2023)
https://notcve.org/view.php?id=CVE-2023-22057
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN https://security.netapp.com/advisory/ntap-20230725-0005 https://www.oracle.com/security-alerts/cpujul2023.html https://access.redhat.com/security/cve/CVE-2023-22057 https:&#x •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2023-22056 – mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023)
https://notcve.org/view.php?id=CVE-2023-22056
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN https://security.netapp.com/advisory/ntap-20230725-0005 https://www.oracle.com/security-alerts/cpujul2023.html https://access.redhat.com/security/cve/CVE-2023-22056 https:&#x •