CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2023-4147 – Kernel: netfilter: nf_tables_newrule when adding a rule with nfta_rule_chain_id leads to use-after-free
https://notcve.org/view.php?id=CVE-2023-4147
07 Aug 2023 — A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system. Se encontró una falla de use-after-free en la funcionalidad Netfilter del kernel de Linux al agregar una regla con NFTA_RULE_CHAIN_ID. Esta falla permite a un usuario local bloquear o escalar sus privilegios en el sistema. This update for the Linux Kernel 5.14.21-150400_15_18 fixes several issues. • https://github.com/murdok1982/Exploit-en-Python-para-CVE-2023-4147 • CWE-416: Use After Free •
CVSS: 5.9EPSS: 1%CPEs: 10EXPL: 0CVE-2022-2127 – Samba: out-of-bounds read in winbind auth_crap
https://notcve.org/view.php?id=CVE-2022-2127
20 Jul 2023 — An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash. It was discovered that Samba incorrectly... • https://access.redhat.com/errata/RHSA-2023:6667 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2023-34432 – Heap-buffer-overflow in src/formats_i.c
https://notcve.org/view.php?id=CVE-2023-34432
10 Jul 2023 — A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure. An update that fixes 10 vulnerabilities is now available. This update for sox fixes the following issues. • https://access.redhat.com/security/cve/CVE-2023-34432 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-34318 – Heap-buffer-overflow in src/hcom.c
https://notcve.org/view.php?id=CVE-2023-34318
10 Jul 2023 — A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure. An update that fixes 10 vulnerabilities is now available. This update for sox fixes the following issues. • https://access.redhat.com/security/cve/CVE-2023-34318 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-32627 – Floating point exception in src/voc.c
https://notcve.org/view.php?id=CVE-2023-32627
10 Jul 2023 — A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service. It was discovered that SoX incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, an attacker could possibly use this issue to cause a denial of service. • https://access.redhat.com/security/cve/CVE-2023-32627 • CWE-697: Incorrect Comparison CWE-1077: Floating Point Comparison with Incorrect Operator •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-26590 – Floating point exception in src/aiff.c
https://notcve.org/view.php?id=CVE-2023-26590
10 Jul 2023 — A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service. • https://access.redhat.com/security/cve/CVE-2023-26590 • CWE-697: Incorrect Comparison CWE-1077: Floating Point Comparison with Incorrect Operator •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 1CVE-2023-3269 – Distros-[dirtyvma] privilege escalation via non-rcu-protected vma traversal
https://notcve.org/view.php?id=CVE-2023-3269
06 Jul 2023 — A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges. Ruihan Li discovered that the memory management subsystem in the Linux kernel contained a race condition when accessing VMAs in certain conditions, leading to a use-after-free vulnerabilit... • https://github.com/lrh2000/StackRot • CWE-416: Use After Free •
CVSS: 3.3EPSS: 0%CPEs: 10EXPL: 1CVE-2023-2602 – libcap: Memory Leak on pthread_create() Error
https://notcve.org/view.php?id=CVE-2023-2602
06 Jun 2023 — A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts... • https://bugzilla.redhat.com/show_bug.cgi?id=2209114 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 10.0EPSS: 68%CPEs: 6EXPL: 3CVE-2023-34152
https://notcve.org/view.php?id=CVE-2023-34152
30 May 2023 — A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. • https://github.com/SudoIndividual/CVE-2023-34152 • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2023-34151 – Debian Security Advisory 5628-1
https://notcve.org/view.php?id=CVE-2023-34151
30 May 2023 — A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. • https://access.redhat.com/security/cve/CVE-2023-34151 • CWE-190: Integer Overflow or Wraparound •