CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2023-40589 – FreeRDP Global-Buffer-Overflow in ncrush_decompress
https://notcve.org/view.php?id=CVE-2023-40589
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. • https://github.com/FreeRDP/FreeRDP/commit/16141a30f983dd6f7a6e5b0356084171942c9416 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2023-20900 – open-vm-tools: SAML token signature bypass
https://notcve.org/view.php?id=CVE-2023-20900
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . Un actor malicioso al que se le han otorgado Privilegios de Operación de Invitado https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html en una máquina virtual de destino es posible que pueda elevar sus privilegios si a esa máquina virtual de destino se le ha asignado un Alias de Invitado más privilegiado https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/ 07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html. An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias. • http://www.openwall.com/lists/oss-security/2023/08/31/1 http://www.openwall.com/lists/oss-security/2023/10/27/1 https://lists.debian.org/debian-lts-announce/2023/10/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message& • CWE-294: Authentication Bypass by Capture-replay CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2023-38802 – frr: Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router
https://notcve.org/view.php?id=CVE-2023-38802
FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). FRRouting FRR 7.5.1 a 9.0 y Pica8 PICOS 4.3.3.2 permiten a un atacante remoto causar una denegación de servicio a través de una actualización BGP manipulada con un atributo dañado 23 (encapsulación de túnel). A vulnerability was found in FRRouting (FRR). This flaw allows a remote attacker to cause a denial of service issue via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation). • https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4 https://news.ycombinator.com& • CWE-20: Improper Input Validation CWE-354: Improper Validation of Integrity Check Value •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-41360 – frr: ahead-of-stream read of ORF header
https://notcve.org/view.php?id=CVE-2023-41360
An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation. Se descubrió un problema en FRRouting FRR hasta 9.0. bgp/bgp_packet.c puede leer el byte inicial del encabezado ORF en una situación de avance de la transmisión. An out-of-bounds read flaw was found in FRRouting in bgpd/bgp_packet.c, resulting from a boundary condition. This flaw allows a remote attacker, through specially crafted input, to read the initial byte of the ORF header in an ahead-of-stream scenario. This attacker can gain information and potentially launch further attacks against the affected system. • https://github.com/FRRouting/frr/pull/14245 https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4 https://access.redhat.com/security/cve/CVE-2023-41360 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41361
https://notcve.org/view.php?id=CVE-2023-41361
An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version. Se ha descubierto un problema en FRRouting FRR v9.0. "bgpd/bgp_open.c" no comprueba una longitud excesiva de la versión de software rcv. • https://github.com/FRRouting/frr/pull/14241 https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •