CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2022-4132 – Memory leak on tls connections
https://notcve.org/view.php?id=CVE-2022-4132
A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page). Se encontró una falla en JSS. Una pérdida de memoria en JSS requiere una configuración no estándar, pero es un vector DoS de bajo esfuerzo si se configura de esa manera (presionando repetidamente la página de inicio de sesión). • https://access.redhat.com/security/cve/CVE-2022-4132 https://bugzilla.redhat.com/show_bug.cgi?id=2147372 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-3153 – Service monitor mac flow is not rate limited
https://notcve.org/view.php?id=CVE-2023-3153
A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured. Se encontró una falla en Open Virtual Network donde el monitor de servicio MAC no califica correctamente el límite. Este problema podría permitir que un atacante provoque una denegación de servicio, incluso en implementaciones con CoPP habilitado y configurado correctamente. • https://access.redhat.com/security/cve/CVE-2023-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2213279 https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd https://github.com/ovn-org/ovn/issues/198 https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 17%CPEs: 18EXPL: 18CVE-2023-4911 – GNU C Library Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-4911
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. Se descubrió un desbordamiento del búfer en el cargador dinámico ld.so de la librería GNU C mientras se procesaba la variable de entorno GLIBC_TUNABLES. Este problema podría permitir que un atacante local utilice variables de entorno GLIBC_TUNABLES manipuladas con fines malintencionados al iniciar archivos binarios con permiso SUID para ejecutar código con privilegios elevados. Dubbed Looney Tunables, Qualys discovered a buffer overflow vulnerability in the glibc dynamic loader's processing of the GLIBC_TUNABLES environment variable. • https://github.com/leesh3288/CVE-2023-4911 https://github.com/ruycr4ft/CVE-2023-4911 https://github.com/guffre/CVE-2023-4911 https://github.com/NishanthAnand21/CVE-2023-4911-PoC https://github.com/RickdeJager/CVE-2023-4911 https://github.com/hadrian3689/looney-tunables-CVE-2023-4911 https://github.com/Green-Avocado/CVE-2023-4911 https://github.com/xiaoQ1z/CVE-2023-4911 https://github.com/Diego-AltF4/CVE-2023-4911 https://github.com/KernelKrise/CVE-2023-4911 https:/&# • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-44488 – libvpx: crash related to VP9 encoding in libvpx
https://notcve.org/view.php?id=CVE-2023-44488
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. VP9 en libvpx anterior a 1.13.1 maneja mal las anchuras, lo que provoca un bloqueo relacionado con la codificación. A heap-based buffer overflow flaw was found in libvpx, a library used to process VP9 video codecs data. This issue occurs when processing certain specially formatted video data via a crafted HTML page, allowing an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library. • http://www.openwall.com/lists/oss-security/2023/09/30/4 https://bugzilla.redhat.com/show_bug.cgi?id=2241806 https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937 https://github.com/webmproject/libvpx/compare/v1.13.0...v1.13.1 https://github.com/webmproject/libvpx/releases/tag/v1.13.1 https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html https://lists.fedoraproject.org&#x • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-39191 – Kernel: ebpf: insufficient stack type checks in dynptr
https://notcve.org/view.php?id=CVE-2023-39191
An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel. Se encontró una falla de validación de entrada incorrecta en el subsistema eBPF del kernel de Linux. El problema se debe a una falta de validación adecuada de los punteros dinámicos dentro de los programas eBPF proporcionados por el usuario antes de ejecutarlos. • https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2024:0381 https://access.redhat.com/errata/RHSA-2024:0439 https://access.redhat.com/errata/RHSA-2024:0448 https://access.redhat.com/security/cve/CVE-2023-39191 https://bugzilla.redhat.com/show_bug.cgi?id=2226783 https://www.zerodayinitiative.com/advisories/ZDI-CAN-19399 • CWE-20: Improper Input Validation •