CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-3171 – Eap-7: heap exhaustion via deserialization
https://notcve.org/view.php?id=CVE-2023-3171
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service. Se encontró una falla en EAP-7 durante la deserialización de ciertas clases, lo que permite la creación de instancias de HashMap y HashTable sin verificar los recursos consumidos. Este problema podría permitir que un atacante envíe solicitudes maliciosas utilizando estas clases, lo que eventualmente podría agotar el montón y provocar una denegación de servicio. • https://access.redhat.com/errata/RHSA-2023:5484 https://access.redhat.com/errata/RHSA-2023:5485 https://access.redhat.com/errata/RHSA-2023:5486 https://access.redhat.com/errata/RHSA-2023:5488 https://access.redhat.com/security/cve/CVE-2023-3171 https://bugzilla.redhat.com/show_bug.cgi?id=2213639 • CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-4061 – Wildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor
https://notcve.org/view.php?id=CVE-2023-4061
A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system. Se encontró una falla en wildfly-core. Un usuario de administración podría usar la expresión de resolución en la interfaz HAL para leer posible información confidencial del sistema Wildfly. • https://access.redhat.com/errata/RHSA-2023:5484 https://access.redhat.com/errata/RHSA-2023:5485 https://access.redhat.com/errata/RHSA-2023:5486 https://access.redhat.com/errata/RHSA-2023:5488 https://access.redhat.com/security/cve/CVE-2023-4061 https://bugzilla.redhat.com/show_bug.cgi?id=2228608 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-43788 – Libxpm: out of bounds read in xpmcreatexpmimagefrombuffer()
https://notcve.org/view.php?id=CVE-2023-43788
A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system. Se encontró una vulnerabilidad en libXpm debido a una condición de los límite dentro de la función XpmCreateXpmImageFromBuffer(). Esta falla permite que un local active un error de lectura fuera de los límites y lea el contenido de la memoria del sistema. • https://access.redhat.com/errata/RHSA-2024:2146 https://access.redhat.com/errata/RHSA-2024:2217 https://access.redhat.com/errata/RHSA-2024:2974 https://access.redhat.com/errata/RHSA-2024:3022 https://access.redhat.com/security/cve/CVE-2023-43788 https://bugzilla.redhat.com/show_bug.cgi?id=2242248 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject. • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-41175 – Libtiff: potential integer overflow in raw2tiff.c
https://notcve.org/view.php?id=CVE-2023-41175
A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. Se encontró una vulnerabilidad en libtiff debido a múltiples posibles desbordamientos de enteros en raw2tiff.c. Esta falla permite a atacantes remotos provocar una denegación de servicio o posiblemente ejecutar un código arbitrario a través de una imagen tiff manipulada, lo que desencadena un desbordamiento del búfer. • https://access.redhat.com/errata/RHSA-2024:2289 https://access.redhat.com/security/cve/CVE-2023-41175 https://bugzilla.redhat.com/show_bug.cgi?id=2235264 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-40745 – Libtiff: integer overflow in tiffcp.c
https://notcve.org/view.php?id=CVE-2023-40745
LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. LibTIFF es vulnerable a un desbordamiento de enteros. Esta falla permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar un código arbitrario a través de una imagen tiff manipulada, lo que desencadena un desbordamiento del búfer. • https://access.redhat.com/errata/RHSA-2024:2289 https://access.redhat.com/security/cve/CVE-2023-40745 https://bugzilla.redhat.com/show_bug.cgi?id=2235265 https://security.netapp.com/advisory/ntap-20231110-0005 • CWE-190: Integer Overflow or Wraparound •