Page 31 of 3085 results (0.019 seconds)

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-38559 – Ghostscript: out-of-bound read in base/gdevdevn.c:1973 in devn_pcx_write_rle could result in dos

https://notcve.org/view.php?id=CVE-2023-38559

A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. Se ha encontrado un fallo de desbordamiento de búfer en base/gdevdevn.c:1973 en devn_pcx_write_rle() en ghostscript. Este problema puede permitir a un atacante local provocar una denegación de servicio mediante la salida de un archivo PDF manipulado para un dispositivo DEVN con gs. • https://access.redhat.com/errata/RHSA-2023:6544 https://access.redhat.com/errata/RHSA-2023:7053 https://access.redhat.com/security/cve/CVE-2023-38559 https://bugs.ghostscript.com/show_bug.cgi?id=706897 https://bugzilla.redhat.com/show_bug.cgi?id=2224367 https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1 https://lists.debian.org/debian-lts-announce/2023/08/msg00006.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-4056 – Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14

https://notcve.org/view.php?id=CVE-2023-4056

Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Fallos de seguridad de memoria presentes en Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0 y Thunderbird 102.13. Algunos de estos fallos mostraban evidencias de corrupción de memoria y suponemos que con el suficiente esfuerzo algunos de ellos podrían haber sido explotados para ejecutar código arbitrario. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1820587%2C1824634%2C1839235%2C1842325%2C1843847 https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html https://www.debian.org/security/2023/dsa-5464 https://www.debian.org/security/2023/dsa-5469 https://www.mozilla.org/security/advisories/mfsa2023-29 https://www.mozilla.org/security/advisories/mfsa2023-30 https://www.mozilla.org/security/advisories/mfsa2023-31 https& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-4048 – Mozilla: Crash in DOMParser due to out-of-memory conditions

https://notcve.org/view.php?id=CVE-2023-4048

An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. The Mozilla Foundation Security Advisory describes this flaw as: An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. • https://bugzilla.mozilla.org/show_bug.cgi?id=1841368 https://lists.debian.org/debian-lts-announce/2023/08/msg00008.html https://lists.debian.org/debian-lts-announce/2023/08/msg00010.html https://www.debian.org/security/2023/dsa-5464 https://www.debian.org/security/2023/dsa-5469 https://www.mozilla.org/security/advisories/mfsa2023-29 https://www.mozilla.org/security/advisories/mfsa2023-30 https://www.mozilla.org/security/advisories/mfsa2023-31 https://access.redhat.com/security • CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0

CVE-2023-4004 – Kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove()

https://notcve.org/view.php?id=CVE-2023-4004

A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. Se encontró una falla de use-after-free en el netfilter del kernel de Linux en la forma en que un usuario activa la función nft_pipapo_remove con el elemento, sin un NFT_SET_EXT_KEY_END. Este problema podría permitir que un usuario local bloquee el sistema o potencialmente aumente sus privilegios en el sistema. • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://access.redhat.com/errata/RHSA-2023:4961 https://access.redhat.com/errata/RHSA-2023:4962 https://access.redhat.com/errata/RHSA-2023:4967 https://access.redhat.com/errata/RHSA-2023:5069 https://access.redhat.com/errata/RHSA-2023:5091 https://access.redhat.com/errata/RHSA-2023:5093 https:// • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-3773 – Kernel: xfrm: out-of-bounds read of xfrma_mtimer_thresh nlattr

https://notcve.org/view.php?id=CVE-2023-3773

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace. • https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/security/cve/CVE-2023-3773 https://bugzilla.redhat.com/show_bug.cgi?id=2218944 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://www.debian.org/security/2023/dsa-5492 • CWE-125: Out-of-bounds Read •