CVSS: 9.8EPSS: 4%CPEs: 3EXPL: 0CVE-2023-42464
https://notcve.org/view.php?id=CVE-2023-42464
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967. Se encontró una vulnerabilidad de Confusión de Tipos en las funciones Spotlight RPC en afpd en Netatalk 3.1.x anterior a 3.1.17. • https://github.com/Netatalk/netatalk/issues/486 https://lists.debian.org/debian-lts-announce/2023/09/msg00031.html https://netatalk.io/security/CVE-2023-42464 https://netatalk.sourceforge.io https://netatalk.sourceforge.io/3.1/htmldocs/afpd.8.html https://netatalk.sourceforge.io/CVE-2023-42464.php https://www.debian.org/security/2023/dsa-5503 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 1CVE-2023-41900 – Jetty's OpenId Revoked authentication allows one request
https://notcve.org/view.php?id=CVE-2023-41900
Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenticated user, then the current request will still treat the user as authenticated. The authentication is then cleared from the session and subsequent requests will not be treated as authenticated. So a request on a previously authenticated session could be allowed to bypass authentication after it had been rejected by the `LoginService`. • https://github.com/eclipse/jetty.project/pull/9528 https://github.com/eclipse/jetty.project/pull/9660 https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48 https://security.netapp.com/advisory/ntap-20231110-0004 https://www.debian.org/security/2023/dsa-5507 https://access.redhat.com/security/cve/CVE-2023-41900 https://bugzilla.redhat.com/show_bug.cgi?id=2247052 • CWE-287: Improper Authentication CWE-1390: Weak Authentication •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-40167 – Jetty accepts "+" prefixed value in Content-Length
https://notcve.org/view.php?id=CVE-2023-40167
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. • https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6 https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html https://www.debian.org/security/2023/dsa-5507 https://www.rfc-editor.org/rfc/rfc9110#section-8.6 https://access.redhat.com/security/cve/CVE-2023-40167 https://bugzilla.redhat.com/show_bug.cgi?id=2239634 • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 1CVE-2023-36479 – Jetty vulnerable to errant command quoting in CGI Servlet
https://notcve.org/view.php?id=CVE-2023-36479
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. • https://github.com/eclipse/jetty.project/pull/9516 https://github.com/eclipse/jetty.project/pull/9888 https://github.com/eclipse/jetty.project/pull/9889 https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html https://www.debian.org/security/2023/dsa-5507 https://access.redhat.com/security/cve/CVE-2023-36479 https://bugzilla.redhat.com/show_bug.cgi?id=2239630 • CWE-149: Improper Neutralization of Quoting Syntax •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-4909
https://notcve.org/view.php?id=CVE-2023-4909
Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) La implementación inadecuada en Interstitials en Google Chrome anteriores a 117.0.5938.62 permitió a un atacante remoto ofuscar la interfaz de usuario de seguridad a través de una página HTML manipulada. (Severidad de seguridad de Chrome: baja) • https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html https://crbug.com/1463293 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I https://security.gentoo.org/glsa/202401-34 https://www& •