CVSS: 3.7EPSS: 0%CPEs: 91EXPL: 0CVE-2023-21937 – OpenJDK: missing string checks for NULL characters (8296622)
https://notcve.org/view.php?id=CVE-2023-21937
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in u... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 7.4EPSS: 0%CPEs: 91EXPL: 0CVE-2023-21930 – OpenJDK: improper connection handling during TLS handshake (8294474)
https://notcve.org/view.php?id=CVE-2023-21930
18 Apr 2023 — Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation,... • https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 1CVE-2023-1992 – Debian Security Advisory 5429-1
https://notcve.org/view.php?id=CVE-2023-1992
12 Apr 2023 — RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file El fallo del disector RPCoRDMA en Wireshark 4.0.0 a 4.0.4 y 3.6.0 a 3.6.12 permite la denegación de servicio mediante la inyección de paquetes o un archivo de captura manipulado. Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1992.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 1CVE-2023-1993 – Debian Security Advisory 5429-1
https://notcve.org/view.php?id=CVE-2023-1993
12 Apr 2023 — LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file El bucle grande del disector LISP en Wireshark 4.0.0 a 4.0.4 y 3.6.0 a 3.6.12 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1993.json • CWE-834: Excessive Iteration •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 1CVE-2023-1994 – Debian Security Advisory 5429-1
https://notcve.org/view.php?id=CVE-2023-1994
12 Apr 2023 — GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file El fallo del disector GQUIC en Wireshark 4.0.0 a 4.0.4 y 3.6.0 a 3.6.12 permite la denegación de servicio mediante la inyección de paquetes o un archivo de captura manipulado. Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1994.json • CWE-400: Uncontrolled Resource Consumption CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0CVE-2023-1989 – kernel: Use after free bug in btsdio_remove due to race condition
https://notcve.org/view.php?id=CVE-2023-1989
11 Apr 2023 — A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. A call to btsdio_remove with an unfinished job may cause a race problem which leads to a UAF on hdev devices. It was discovered that the Traffic-Control Index implementation in the Linux kern... • https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-29415
https://notcve.org/view.php?id=CVE-2023-29415
06 Apr 2023 — An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais. • https://github.com/kspalaiologos/bzip3/compare/1.2.3...1.3.0 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 1CVE-2022-36440 – frr: Reachable assertion in peek_for_as4_capability function
https://notcve.org/view.php?id=CVE-2022-36440
03 Apr 2023 — A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS. Se encontró una afirmación accesible en Frrouting frr-bgpd 8.3.0 en la función peek_for_as4_capability. Los atacantes pueden construir maliciosamente paquetes abiertos BGP y enviarlos a pares BGP que ejecutan frr-bgpd, lo que resulta en DoS. A reachable assertion flaw was found in Frrouting frr... • https://github.com/spwpun/pocs • CWE-617: Reachable Assertion •
CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-28686 – Debian Security Advisory 5379-1
https://notcve.org/view.php?id=CVE-2023-28686
24 Mar 2023 — Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information. Kim Alvefur discovered that insufficient message sender validation in dino-im, a modern XMPP/Jabber client, may result in manipulation of entries in the personal bookmark store without user interaction via a spe... • https://dino.im/security/cve-2023-28686 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1161 – Debian Security Advisory 5429-1
https://notcve.org/view.php?id=CVE-2023-1161
06 Mar 2023 — ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file El fallo del disector ISO 15765 e ISO 10681 en Wireshark 4.0.0 a 4.0.3 y 3.6.0 a 3.6.11 permite la denegación de servicio mediante la inyección de paquetes o un archivo de captura manipulado. Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code... • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1161.json • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •