CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2023-42753 – Kernel: netfilter: potential slab-out-of-bound access due to integer underflow
https://notcve.org/view.php?id=CVE-2023-42753
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. Se encontró una vulnerabilidad de indexación de matrices en el subsistema netfilter del kernel de Linux. Una macro faltante podría provocar un error de cálculo del desplazamiento de la matriz `h->nets`, proporcionando a los atacantes la primitiva de incrementar/disminuir arbitrariamente un búfer de memoria fuera de límites. • http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://access.redhat.com/errata/RHSA-2023:7370 https://access.redhat.com/errata/RHSA-2023:7379 https://access.redhat.com/errata/RHSA-2023:7382 https://access.redhat.com/errata/RHSA-2023:7389 https://access.redhat.com/errata/RHSA-2023:7411 https://access.redhat.com/errata/RHSA-2023:7418 https://access.redhat.com/errata/RHSA-2023:7539 https://access.redhat.com/errata/RHSA-2023:7558 h • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-3550 – Stored XSS leads to privilege escalation in MediaWiki v1.40.0
https://notcve.org/view.php?id=CVE-2023-3550
Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator. Mediawiki v1.40.0 no valida los espacios de nombres utilizados en archivos XML. Por lo tanto, si el administrador de la instancia permite la carga de archivos XML, un atacante remoto con una cuenta de usuario con pocos privilegios puede utilizar este exploit para convertirse en administrador enviando un enlace malicioso al administrador de la instancia. • https://fluidattacks.com/advisories/blondie https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FU2FGUXXK6TMV6R52VRECLC6XCSQQISY https://www.debian.org/security/2023/dsa-5520 https://www.mediawiki.org/wiki/MediaWiki • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 16%CPEs: 4EXPL: 2CVE-2023-43770 – Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2023-43770
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. Roundcube anterior a 1.4.14, 1.5.x anterior a 1.5.4 y 1.6.x anterior a 1.6.3 permiten XSS a través de mensajes de texto/correo electrónico plano con enlaces manipuados debido al comportamiento de program/lib/Roundcube/rcube_string_replacer.php. Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that can lead to information disclosure via malicious link references in plain/text messages. • https://github.com/s3cb0y/CVE-2023-43770-POC https://github.com/knight0x07/CVE-2023-43770-PoC https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b https://lists.debian.org/debian-lts-announce/2023/09/msg00024.html https://roundcube.net/news/2023/09/15/security-update-1.6.3-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 2CVE-2023-41993 – Apple Multiple Products WebKit Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41993
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. El problema se solucionó con controles mejorados. • https://github.com/po6ix/POC-for-CVE-2023-41993 https://github.com/J3Ss0u/CVE-2023-41993 https://security.gentoo.org/glsa/202401-33 https://security.netapp.com/advisory/ntap-20240426-0004 https://support.apple.com/en-us/HT213940 https://access.redhat.com/security/cve/CVE-2023-41993 https://bugzilla.redhat.com/show_bug.cgi?id=2240522 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 3CVE-2023-4504 – OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow
https://notcve.org/view.php?id=CVE-2023-4504
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. Debido a un error al validar la longitud proporcionada por un documento PPD PostScript creado por un atacante, CUPS y libppd son susceptibles a un desbordamiento del búfer y posiblemente a la ejecución de código. Este problema se solucionó en la versión 2.4.7 de CUPS, lanzada en septiembre de 2023. • https://github.com/OpenPrinting/cups/releases/tag/v2.4.7 https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h https://github.com/OpenPrinting/libppd/security/advisories/GHSA-4f65-6ph5-qwh6 https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •