CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-26590 – Floating point exception in src/aiff.c
https://notcve.org/view.php?id=CVE-2023-26590
10 Jul 2023 — A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service. • https://access.redhat.com/security/cve/CVE-2023-26590 • CWE-697: Incorrect Comparison CWE-1077: Floating Point Comparison with Incorrect Operator •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 1CVE-2023-3269 – Distros-[dirtyvma] privilege escalation via non-rcu-protected vma traversal
https://notcve.org/view.php?id=CVE-2023-3269
06 Jul 2023 — A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges. Ruihan Li discovered that the memory management subsystem in the Linux kernel contained a race condition when accessing VMAs in certain conditions, leading to a use-after-free vulnerabilit... • https://github.com/lrh2000/StackRot • CWE-416: Use After Free •
CVSS: 4.4EPSS: 0%CPEs: 18EXPL: 0CVE-2023-3212 – kernel: gfs2: NULL pointer dereference in gfs2_evict_inode()
https://notcve.org/view.php?id=CVE-2023-3212
23 Jun 2023 — A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic. A NULL pointer dereference flaw was found in the gfs2 file system in the Linux kernel. This issue occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structu... • https://bugzilla.redhat.com/show_bug.cgi?id=2214348 • CWE-476: NULL Pointer Dereference •
CVSS: 3.3EPSS: 0%CPEs: 10EXPL: 1CVE-2023-2602 – libcap: Memory Leak on pthread_create() Error
https://notcve.org/view.php?id=CVE-2023-2602
06 Jun 2023 — A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts... • https://bugzilla.redhat.com/show_bug.cgi?id=2209114 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2023-34153 – Gentoo Linux Security Advisory 202405-02
https://notcve.org/view.php?id=CVE-2023-34153
30 May 2023 — A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution. Versions greater than or equal to 6.9.13.0 are affected. • https://access.redhat.com/security/cve/CVE-2023-34153 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 68%CPEs: 6EXPL: 3CVE-2023-34152
https://notcve.org/view.php?id=CVE-2023-34152
30 May 2023 — A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. • https://github.com/SudoIndividual/CVE-2023-34152 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2023-34151 – Debian Security Advisory 5628-1
https://notcve.org/view.php?id=CVE-2023-34151
30 May 2023 — A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. • https://access.redhat.com/security/cve/CVE-2023-34151 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2023-32373 – Apple Multiple Products WebKit Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2023-32373
30 May 2023 — A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. A use after free vulnerability was found in the webkitgtk package. • https://security.gentoo.org/glsa/202401-04 • CWE-416: Use After Free •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 1CVE-2023-1981 – avahi: avahi-daemon can be crashed via DBus
https://notcve.org/view.php?id=CVE-2023-1981
26 May 2023 — A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash. USN-6129-1 fixed a vulnerability in Avahi. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Avahi incorrectly handled certain DBus messages. • https://access.redhat.com/security/cve/CVE-2023-1981 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-2513 – kernel: ext4: use-after-free in ext4_xattr_set_entry()
https://notcve.org/view.php?id=CVE-2023-2513
08 May 2023 — A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw allows a privileged local user to cause a system crash or other undefined behaviors. Jordy Zomer and Alexand... • https://bugzilla.redhat.com/show_bug.cgi?id=2193097 • CWE-416: Use After Free •