Page 29 of 2305 results (0.012 seconds)

CVSS: 5.9EPSS: 0%CPEs: 14EXPL: 1

CVE-2023-28320

https://notcve.org/view.php?id=CVE-2023-28320

A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. • http://seclists.org/fulldisclosure/2023/Jul/47 http://seclists.org/fulldisclosure/2023/Jul/48 http://seclists.org/fulldisclosure/2023/Jul/52 https://hackerone.com/reports/1929597 https://security.gentoo.org/glsa/202310-12 https://security.netapp.com/advisory/ntap-20230609-0009 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.9EPSS: 0%CPEs: 17EXPL: 1

CVE-2023-28321 – curl: IDN wildcard match may lead to Improper Cerificate Validation

https://notcve.org/view.php?id=CVE-2023-28321

An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. A flaw was found in the Curl package. • http://seclists.org/fulldisclosure/2023/Jul/47 http://seclists.org/fulldisclosure/2023/Jul/48 http://seclists.org/fulldisclosure/2023/Jul/52 https://hackerone.com/reports/1950627 https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK https://security.gentoo • CWE-295: Improper Certificate Validation •

CVSS: 3.7EPSS: 0%CPEs: 16EXPL: 1

CVE-2023-28322 – curl: more POST-after-PUT confusion

https://notcve.org/view.php?id=CVE-2023-28322

An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application. • http://seclists.org/fulldisclosure/2023/Jul/47 http://seclists.org/fulldisclosure/2023/Jul/48 http://seclists.org/fulldisclosure/2023/Jul/52 https://hackerone.com/reports/1954658 https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK https://security.gentoo • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-440: Expected Behavior Violation •

CVSS: 4.7EPSS: 0%CPEs: 14EXPL: 0

CVE-2023-2898

https://notcve.org/view.php?id=CVE-2023-2898

There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem. • https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lore.kernel.org/linux-f2fs-devel/20230522124203.3838360-1-chao%40kernel.org https://security.netapp.com/advisory/ntap-20230929-0002 https://www.debian.org/security/2023/dsa-5480 https://www.debian.org/security/2023/dsa-5492 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2023-28709 – Apache Tomcat: Fix for CVE-2023-24998 is incomplete

https://notcve.org/view.php?id=CVE-2023-28709

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur. A flaw was found in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. • http://www.openwall.com/lists/oss-security/2023/05/22/1 https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j https://security.gentoo.org/glsa/202305-37 https://security.netapp.com/advisory/ntap-20230616-0004 https://www.debian.org/security/2023/dsa-5521 https://access.redhat.com/security/cve/CVE-2023-28709 https://bugzilla.redhat.com/show_bug.cgi?id=2210321 • CWE-193: Off-by-one Error •