CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 2CVE-2023-2598
https://notcve.org/view.php?id=CVE-2023-2598
A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation. Se encontró una falla en el código de registro de búfer fijo para io_uring (io_sqe_buffer_register en io_uring/rsrc.c) en el kernel de Linux que permite el acceso fuera de los límites a la memoria física más allá del final del búfer. Esta falla permite la escalada completa de privilegios locales. • https://github.com/ysanatomic/io_uring_LPE-CVE-2023-2598 https://github.com/cainiao159357/CVE-2023-2598 http://www.openwall.com/lists/oss-security/2024/04/24/3 https://security.netapp.com/advisory/ntap-20230703-0006 https://www.openwall.com/lists/oss-security/2023/05/08/3 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 1CVE-2022-48502
https://notcve.org/view.php?id=CVE-2022-48502
An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c. Se ha descubierto un problema en el kernel de Linux en las versiones anteriores a v6.2. El subsistema "ntfs3" no comprueba correctamente la corrección durante las lecturas de disco, lo que provoca una lectura fuera de los límites en "ntfs_set_ea" en "fs/ntfs3/xattr.c". • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0e8235d28f3a0e9eda9f02ff67ee566d5f42b66b https://security.netapp.com/advisory/ntap-20230703-0004 https://syzkaller.appspot.com/bug?extid=8778f030156c6cd16d72 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2023-2953 – openldap: null pointer dereference in ber_memalloc_x function
https://notcve.org/view.php?id=CVE-2023-2953
A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication. • http://seclists.org/fulldisclosure/2023/Jul/47 http://seclists.org/fulldisclosure/2023/Jul/48 http://seclists.org/fulldisclosure/2023/Jul/52 https://access.redhat.com/security/cve/CVE-2023-2953 https://bugs.openldap.org/show_bug.cgi?id=9904 https://security.netapp.com/advisory/ntap-20230703-0005 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845 https://bugzilla.redhat.com/show_bug.cgi?id=2210651 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27311
https://notcve.org/view.php?id=CVE-2023-27311
NetApp Blue XP Connector versions prior to 3.9.25 expose information via a directory listing. A new Connector architecture resolves this issue - obtaining the fix requires redeploying a fresh Connector. • https://security.netapp.com/advisory/ntap-20230525-0001 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 1CVE-2023-28319 – curl: use after free in SSH sha256 fingerprint check
https://notcve.org/view.php?id=CVE-2023-28319
A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed. A use-after-free flaw was found in the Curl package. This flaw risks inserting sensitive heap-based data into the error message that users might see or is otherwise leaked and revealed. • http://seclists.org/fulldisclosure/2023/Jul/47 http://seclists.org/fulldisclosure/2023/Jul/48 http://seclists.org/fulldisclosure/2023/Jul/52 https://hackerone.com/reports/1913733 https://security.gentoo.org/glsa/202310-12 https://security.netapp.com/advisory/ntap-20230609-0009 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845 https://access.redhat.com/security/cve/CVE-2023-28319 https://bugzilla.redhat.com/ • CWE-416: Use After Free •