Page 3 of 20 results (0.006 seconds)

CVSS: 8.6EPSS: 3%CPEs: 21EXPL: 0

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. Squid es vulnerable a una Denegación de Servicio, donde un atacante remoto puede realizar un ataque de desbordamiento de búfer escribiendo hasta 2 MB de datos arbitrarios en la memoria acumulada cuando Squid está configurado para aceptar la autenticación implícita HTTP. • https://access.redhat.com/errata/RHSA-2023:6266 https://access.redhat.com/errata/RHSA-2023:6267 https://access.redhat.com/errata/RHSA-2023:6268 https://access.redhat.com/errata/RHSA-2023:6748 https://access.redhat.com/errata/RHSA-2023:6801 https://access.redhat.com/errata/RHSA-2023:6803 https://access.redhat.com/errata/RHSA-2023:6804 https://access.redhat.com/errata/RHSA-2023:6805 https://access.redhat.com/errata/RHSA-2023:6810 https://access.redhat.com/errata/RHSA • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.3EPSS: 1%CPEs: 19EXPL: 0

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. SQUID es vulnerable al contrabando de solicitudes HTTP, causado por la indulgencia de los decodificadores fragmentados, lo que permite a un atacante remoto realizar el contrabando de solicitudes/respuestas a través del firewall y los sistemas de seguridad frontales. • https://access.redhat.com/errata/RHSA-2023:6266 https://access.redhat.com/errata/RHSA-2023:6267 https://access.redhat.com/errata/RHSA-2023:6268 https://access.redhat.com/errata/RHSA-2023:6748 https://access.redhat.com/errata/RHSA-2023:6801 https://access.redhat.com/errata/RHSA-2023:6803 https://access.redhat.com/errata/RHSA-2023:6804 https://access.redhat.com/errata/RHSA-2023:6810 https://access.redhat.com/errata/RHSA-2023:7213 https://access.redhat.com/security/cve&# • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 7.8EPSS: 0%CPEs: 51EXPL: 0

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide). Se encontró una vulnerabilidad en insights-client. • https://access.redhat.com/errata/RHSA-2023:6264 https://access.redhat.com/errata/RHSA-2023:6282 https://access.redhat.com/errata/RHSA-2023:6283 https://access.redhat.com/errata/RHSA-2023:6284 https://access.redhat.com/errata/RHSA-2023:6795 https://access.redhat.com/errata/RHSA-2023:6796 https://access.redhat.com/errata/RHSA-2023:6798 https://access.redhat.com/errata/RHSA-2023:6811 https://access.redhat.com/security/cve/CVE-2023-3972 https://bugzilla.redhat.com/show • CWE-379: Creation of Temporary File in Directory with Insecure Permissions CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 7.8EPSS: 3%CPEs: 18EXPL: 18

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. Se descubrió un desbordamiento del búfer en el cargador dinámico ld.so de la librería GNU C mientras se procesaba la variable de entorno GLIBC_TUNABLES. Este problema podría permitir que un atacante local utilice variables de entorno GLIBC_TUNABLES manipuladas con fines malintencionados al iniciar archivos binarios con permiso SUID para ejecutar código con privilegios elevados. Dubbed Looney Tunables, Qualys discovered a buffer overflow vulnerability in the glibc dynamic loader's processing of the GLIBC_TUNABLES environment variable. • https://github.com/leesh3288/CVE-2023-4911 https://github.com/ruycr4ft/CVE-2023-4911 https://github.com/guffre/CVE-2023-4911 https://github.com/NishanthAnand21/CVE-2023-4911-PoC https://github.com/RickdeJager/CVE-2023-4911 https://github.com/hadrian3689/looney-tunables-CVE-2023-4911 https://github.com/Green-Avocado/CVE-2023-4911 https://github.com/xiaoQ1z/CVE-2023-4911 https://github.com/Diego-AltF4/CVE-2023-4911 https://github.com/KernelKrise/CVE-2023-4911 https:/&# • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0

A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. Se encontró una vulnerabilidad en MariaDB. Un escaneo de puertos OpenVAS en los puertos 3306 y 4567 permite que un cliente remoto malicioso provoque una denegación de servicio. • https://access.redhat.com/errata/RHSA-2023:5683 https://access.redhat.com/errata/RHSA-2023:5684 https://access.redhat.com/errata/RHSA-2023:6821 https://access.redhat.com/errata/RHSA-2023:6822 https://access.redhat.com/errata/RHSA-2023:6883 https://access.redhat.com/errata/RHSA-2023:7633 https://access.redhat.com/security/cve/CVE-2023-5157 https://bugzilla.redhat.com/show_bug.cgi?id=2240246 • CWE-400: Uncontrolled Resource Consumption •