Page 31 of 282 results (0.011 seconds)

CVSS: 7.4EPSS: 0%CPEs: 10EXPL: 0

CVE-2023-5380 – Xorg-x11-server: use-after-free bug in destroywindow

https://notcve.org/view.php?id=CVE-2023-5380

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed. Se encontró una falla de use-after-free en el servidor xorg-x11. Puede ocurrir una falla del servidor X en una configuración muy específica y heredada (una configuración de múltiples pantallas con múltiples pantallas de protocolo, también conocida como modo Zaphod) si el puntero se deforma desde dentro de una ventana en una pantalla a la ventana raíz de la otra pantalla y si la ventana original se destruye y luego se destruye otra ventana. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. • https://access.redhat.com/errata/RHSA-2023:7428 https://access.redhat.com/errata/RHSA-2024:2169 https://access.redhat.com/errata/RHSA-2024:2298 https://access.redhat.com/errata/RHSA-2024:2995 https://access.redhat.com/errata/RHSA-2024:3067 https://access.redhat.com/security/cve/CVE-2023-5380 https://bugzilla.redhat.com/show_bug.cgi?id=2244736 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D https://lists.fedoraprojec • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0

CVE-2023-5367 – Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty

https://notcve.org/view.php?id=CVE-2023-5367

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service. Se encontró una falla de escritura fuera de los límites en el servidor xorg-x11. Este problema ocurre debido a un cálculo incorrecto de un desplazamiento del búfer al copiar datos almacenados en el montón en la función XIChangeDeviceProperty en Xi/xiproperty.c y en la función RRChangeOutputProperty en randr/rrproperty.c, lo que permite una posible escalada de privilegios o Denegación de Servicio (DoS). . This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. • https://access.redhat.com/errata/RHSA-2023:6802 https://access.redhat.com/errata/RHSA-2023:6808 https://access.redhat.com/errata/RHSA-2023:7373 https://access.redhat.com/errata/RHSA-2023:7388 https://access.redhat.com/errata/RHSA-2023:7405 https://access.redhat.com/errata/RHSA-2023:7428 https://access.redhat.com/errata/RHSA-2023:7436 https://access.redhat.com/errata/RHSA-2023:7526 https://access.redhat.com/errata/RHSA-2023:7533 https://access.redhat.com/errata/RHSA • CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0

CVE-2023-41983 – webkitgtk: Processing web content may lead to a denial of service

https://notcve.org/view.php?id=CVE-2023-41983

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1. • http://seclists.org/fulldisclosure/2023/Oct/19 http://seclists.org/fulldisclosure/2023/Oct/23 http://seclists.org/fulldisclosure/2023/Oct/24 http://seclists.org/fulldisclosure/2023/Oct/27 http://www.openwall.com/lists/oss-security/2023/11/15/1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM https://lists.fedora • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 3.6EPSS: 0%CPEs: 8EXPL: 0

CVE-2023-45145 – Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.

https://notcve.org/view.php?id=CVE-2023-45145

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. • https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1 https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx https://lists.debian.org/debian-lts-announce/2023/10/msg00032.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/464JPNBWE433ZGYXO3KN72VR3KJPWHAW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BNEK2K4IE7MPKRD6H36JXZMJKYS6I5GQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-41914

https://notcve.org/view.php?id=CVE-2023-41914

SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files. SchedMD Slurm 23.02.x anterior al 23.02.6 y 22.05.x anterior al 22.05.10 permite condiciones de ejecución del sistema de archivos para obtener la propiedad de un archivo, sobrescribir un archivo o eliminar archivos. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OWKTCYZT3DXEH66QXQJYB7NI7ONDRS4M https://lists.schedmd.com/pipermail/slurm-announce/2023/000100.html https://schedmd.com/security.php • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •