CVSS: 9.3EPSS: 1%CPEs: 19EXPL: 0CVE-2023-46846 – Squid: request/response smuggling in http/1.1 and icap
https://notcve.org/view.php?id=CVE-2023-46846
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. SQUID es vulnerable al contrabando de solicitudes HTTP, causado por la indulgencia de los decodificadores fragmentados, lo que permite a un atacante remoto realizar el contrabando de solicitudes/respuestas a través del firewall y los sistemas de seguridad frontales. • https://access.redhat.com/errata/RHSA-2023:6266 https://access.redhat.com/errata/RHSA-2023:6267 https://access.redhat.com/errata/RHSA-2023:6268 https://access.redhat.com/errata/RHSA-2023:6748 https://access.redhat.com/errata/RHSA-2023:6801 https://access.redhat.com/errata/RHSA-2023:6803 https://access.redhat.com/errata/RHSA-2023:6804 https://access.redhat.com/errata/RHSA-2023:6810 https://access.redhat.com/errata/RHSA-2023:7213 https://access.redhat.com/security/cve&# • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 0%CPEs: 51EXPL: 0CVE-2023-3972 – Insights-client: unsafe handling of temporary files and directories
https://notcve.org/view.php?id=CVE-2023-3972
A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide). Se encontró una vulnerabilidad en insights-client. • https://access.redhat.com/errata/RHSA-2023:6264 https://access.redhat.com/errata/RHSA-2023:6282 https://access.redhat.com/errata/RHSA-2023:6283 https://access.redhat.com/errata/RHSA-2023:6284 https://access.redhat.com/errata/RHSA-2023:6795 https://access.redhat.com/errata/RHSA-2023:6796 https://access.redhat.com/errata/RHSA-2023:6798 https://access.redhat.com/errata/RHSA-2023:6811 https://access.redhat.com/security/cve/CVE-2023-3972 https://bugzilla.redhat.com/show • CWE-379: Creation of Temporary File in Directory with Insecure Permissions CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0CVE-2023-42669 – Samba: "rpcecho" development server allows denial of service via sleep() call on ad dc
https://notcve.org/view.php?id=CVE-2023-42669
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. • https://access.redhat.com/errata/RHSA-2023:6209 https://access.redhat.com/errata/RHSA-2023:6744 https://access.redhat.com/errata/RHSA-2023:7371 https://access.redhat.com/errata/RHSA-2023:7408 https://access.redhat.com/errata/RHSA-2023:7464 https://access.redhat.com/errata/RHSA-2023:7467 https://access.redhat.com/security/cve/CVE-2023-42669 https://bugzilla.redhat.com/show_bug.cgi?id=2241884 https://bugzilla.samba.org/show_bug.cgi?id=15474 https://security.netapp.com& • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2023-5157 – Mariadb: node crashes with transport endpoint is not connected mysqld got signal 6
https://notcve.org/view.php?id=CVE-2023-5157
A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. Se encontró una vulnerabilidad en MariaDB. Un escaneo de puertos OpenVAS en los puertos 3306 y 4567 permite que un cliente remoto malicioso provoque una denegación de servicio. • https://access.redhat.com/errata/RHSA-2023:5683 https://access.redhat.com/errata/RHSA-2023:5684 https://access.redhat.com/errata/RHSA-2023:6821 https://access.redhat.com/errata/RHSA-2023:6822 https://access.redhat.com/errata/RHSA-2023:6883 https://access.redhat.com/errata/RHSA-2023:7633 https://access.redhat.com/security/cve/CVE-2023-5157 https://bugzilla.redhat.com/show_bug.cgi?id=2240246 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 29EXPL: 0CVE-2023-4806 – Glibc: potential use-after-free in getaddrinfo()
https://notcve.org/view.php?id=CVE-2023-4806
A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags. Se encontró una falla en glibc. • http://www.openwall.com/lists/oss-security/2023/10/03/4 http://www.openwall.com/lists/oss-security/2023/10/03/5 http://www.openwall.com/lists/oss-security/2023/10/03/6 http://www.openwall.com/lists/oss-security/2023/10/03/8 https://access.redhat.com/errata/RHSA-2023:5453 https://access.redhat.com/errata/RHSA-2023:5455 https://access.redhat.com/errata/RHSA-2023:7409 https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/sho • CWE-416: Use After Free •