CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 1CVE-2023-51766
https://notcve.org/view.php?id=CVE-2023-51766
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not. Exim hasta 4.97 permite el contrabando SMTP en ciertas configuraciones. • http://www.openwall.com/lists/oss-security/2023/12/24/1 http://www.openwall.com/lists/oss-security/2023/12/25/1 http://www.openwall.com/lists/oss-security/2023/12/29/2 http://www.openwall.com/lists/oss-security/2024/01/01/1 http://www.openwall.com/lists/oss-security/2024/01/01/2 http://www.openwall.com/lists/oss-security/2024/01/01/3 https://bugs.exim.org/show_bug.cgi?id=3063 https://bugzilla.redhat.com/show_bug.cgi?id=2255852 https:/ • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 6CVE-2023-51764
https://notcve.org/view.php?id=CVE-2023-51764
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required, such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9. • https://github.com/duy-31/CVE-2023-51764 https://github.com/eeenvik1/CVE-2023-51764 https://github.com/Double-q1015/CVE-2023-51764 https://github.com/d4op/CVE-2023-51764-POC http://www.openwall.com/lists/oss-security/2023/12/24/1 http://www.openwall.com/lists/oss-security/2023/12/25/1 http://www.openwall.com/lists/oss-security/2024/05/09/3 https://access.redhat.com/security/cve/CVE-2023-51764 https://bugzilla.redhat.com/show_bug.cgi?id=2255563 http • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-7024 – Google Chromium WebRTC Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-7024
Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento de búfer de almacenamiento dinámico en WebRTC en Google Chrome anterior a 120.0.6099.129 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome. • https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html https://crbug.com/1513170 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6M6AJDHUL6EDPURWQXGLUFJNDE7SOJT3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6JL4VHZMHFGEGQYTF74533ZNRWMCMMR https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5585 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-6546 – Kernel: gsm multiplexing race condition leads to privilege escalation
https://notcve.org/view.php?id=CVE-2023-6546
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system. Se encontró una condición de ejecución en el multiplexor tty GSM 0710 en el kernel de Linux. Este problema ocurre cuando dos subprocesos ejecutan GSMIOC_SETCONF ioctl en el mismo descriptor de archivo tty con la disciplina de línea gsm habilitada y puede provocar un problema de use after free en una estructura gsm_dlci al reiniciar gsm mux. • http://www.openwall.com/lists/oss-security/2024/04/10/18 http://www.openwall.com/lists/oss-security/2024/04/10/21 http://www.openwall.com/lists/oss-security/2024/04/11/7 http://www.openwall.com/lists/oss-security/2024/04/11/9 http://www.openwall.com/lists/oss-security/2024/04/12/1 http://www.openwall.com/lists/oss-security/2024/04/12/2 http://www.openwall.com/lists/oss-security/2024/04/16/2 http://www.openwall.com/lists/oss-security/20 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2023-4255 – W3m: out-of-bounds write in function checktype() in etc.c (incomplete fix for cve-2022-38223)
https://notcve.org/view.php?id=CVE-2023-4255
An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition. Se descubrió un problema de escritura fuera de los límites en el manejo de retroceso de la función checkType() en etc.c dentro de la aplicación W3M. Esta vulnerabilidad se activa al proporcionar un archivo HTML especialmente manipulado al binario w3m. • https://bugzilla.redhat.com/show_bug.cgi?id=2255207 https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3 https://github.com/tats/w3m/issues/268 https://github.com/tats/w3m/pull/273 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject&# • CWE-787: Out-of-bounds Write •