CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-41909 – frr: NULL pointer dereference in bgp_nlri_parse_flowspec() in bgpd/bgp_flowspec.c
https://notcve.org/view.php?id=CVE-2023-41909
An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference. Se descubrió un problema en FRRouting FRR hasta 9.0. bgp_nlri_parse_flowspec en bgpd/bgp_flowspec.c. Procesa solicitudes con formato incorrecto sin atributos, conllevando una desreferencia de puntero NULL. A flaw was found in frr. Processing a malformed request with no attributes may cause a NULL pointer dereference, resulting in a denial of service. • https://github.com/FRRouting/frr/pull/13222/commits/cfd04dcb3e689754a72507d086ba3b9709fc5ed8 https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4 https://access.redhat • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2023-4733 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2023-4733
Use After Free in GitHub repository vim/vim prior to 9.0.1840. Use After Free en el repositorio de GitHub vim/vim anterior a 9.0.1840. • http://seclists.org/fulldisclosure/2023/Oct/24 https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ&# • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2023-4750 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2023-4750
Use After Free in GitHub repository vim/vim prior to 9.0.1857. Use After Free en el repositorio de GitHub vim/vim anterior a 9.0.1857. • http://seclists.org/fulldisclosure/2023/Oct/24 https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ&# • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2023-4752 – Use After Free in vim/vim
https://notcve.org/view.php?id=CVE-2023-4752
Use After Free in GitHub repository vim/vim prior to 9.0.1858. Use After Free en el repositorio de GitHub vim/vim anterior a 9.0.1858. • http://seclists.org/fulldisclosure/2023/Oct/24 https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF https://lists.fedoraproject.org/archives • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-36328
https://notcve.org/view.php?id=CVE-2023-36328
Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). La vulnerabilidad de Desbordamiento de Enteros en mp_grow en libtom libtommath antes de commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, permite a los atacantes ejecutar código arbitrario y provocar una denegación de servicio (DoS). • https://github.com/libtom/libtommath/pull/546 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3H2PFUTBKQUDSOJXQQS7LUSZQWT3JTW2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46GORAXZ34MHQNUGJBKS7PJ5NSMIAJGC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ZUPWZGPFJ4JOI2NIP7YLRKZD5YXQTBK • CWE-190: Integer Overflow or Wraparound •