CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-43785 – Libx11: out-of-bounds memory access in _xkbreadkeysyms()
https://notcve.org/view.php?id=CVE-2023-43785
A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system. Se encontró una vulnerabilidad en libX11 debido a una condición de los límite dentro de la función _XkbReadKeySyms(). Esta falla permite a un usuario local desencadenar un error de lectura fuera de los límites y leer el contenido de la memoria del sistema. • https://access.redhat.com/errata/RHSA-2024:2145 https://access.redhat.com/errata/RHSA-2024:2973 https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://security.netapp.com/advisory/ntap-20231103-0006 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-43787 – Libx11: integer overflow in xcreateimage() leading to a heap overflow
https://notcve.org/view.php?id=CVE-2023-43787
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. Se encontró una vulnerabilidad en libX11 debido a un desbordamiento de enteros dentro de la función XCreateImage(). Esta falla permite a un usuario local desencadenar un desbordamiento de enteros y ejecutar código arbitrario con privilegios elevados. • http://www.openwall.com/lists/oss-security/2024/01/24/9 https://access.redhat.com/errata/RHSA-2024:2145 https://access.redhat.com/errata/RHSA-2024:2973 https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two https://security.netapp.com/advisory/ntap-20231103-0006 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-43789 – Libxpm: out of bounds read on xpm with corrupted colormap
https://notcve.org/view.php?id=CVE-2023-43789
A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system. Se encontró una vulnerabilidad en libXpm donde existe una vulnerabilidad debido a una condición de los límite, un usuario local puede desencadenar un error de lectura fuera de los límites y leer el contenido de la memoria en el sistema. • https://access.redhat.com/errata/RHSA-2024:2146 https://access.redhat.com/errata/RHSA-2024:2217 https://access.redhat.com/errata/RHSA-2024:2974 https://access.redhat.com/errata/RHSA-2024:3022 https://access.redhat.com/security/cve/CVE-2023-43789 https://bugzilla.redhat.com/show_bug.cgi?id=2242249 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject. • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-43786 – Libx11: stack exhaustion from infinite recursion in putsubimage()
https://notcve.org/view.php?id=CVE-2023-43786
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. Se encontró una vulnerabilidad en libX11 debido a un bucle infinito dentro de la función PutSubImage(). Esta falla permite que un usuario local consuma todos los recursos disponibles del sistema y provoque una condición de denegación de servicio. • https://github.com/jfrog/jfrog-CVE-2023-43786-libX11_DoS http://www.openwall.com/lists/oss-security/2024/01/24/9 https://access.redhat.com/errata/RHSA-2024:2145 https://access.redhat.com/errata/RHSA-2024:2973 https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ https://security.netapp.com/advisory/ntap-20231103-000 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4237 – Platform: ec2_key module prints out the private key directly to the standard output
https://notcve.org/view.php?id=CVE-2023-4237
A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability. Se encontró una falla en la plataforma de automatización Ansible. Al crear un nuevo par de claves, el módulo ec2_key imprime la clave privada directamente en la salida estándar. • https://access.redhat.com/errata/RHBA-2023:5653 https://access.redhat.com/errata/RHBA-2023:5666 https://access.redhat.com/security/cve/CVE-2023-4237 https://bugzilla.redhat.com/show_bug.cgi?id=2229979 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •