CVSS: 8.1EPSS: 0%CPEs: 14EXPL: 0CVE-2023-2585 – Keycloak: client access via device auth request spoof
https://notcve.org/view.php?id=CVE-2023-2585
Keycloak's device authorization grant does not correctly validate the device code and client ID. An attacker client could abuse the missing validation to spoof a client consent request and trick an authorization admin into granting consent to a malicious OAuth client or possible unauthorized access to an existing OAuth client. La concesión de autorización del dispositivo de Keycloak no valida correctamente el código del dispositivo y la identificación del cliente. Un cliente atacante podría abusar de la validación faltante para falsificar una solicitud de consentimiento del cliente y engañar a un administrador de autorización para que otorgue el consentimiento a un cliente OAuth malicioso o un posible acceso no autorizado a un cliente OAuth existente. • https://access.redhat.com/errata/RHSA-2023:3883 https://access.redhat.com/errata/RHSA-2023:3884 https://access.redhat.com/errata/RHSA-2023:3885 https://access.redhat.com/errata/RHSA-2023:3888 https://access.redhat.com/errata/RHSA-2023:3892 https://access.redhat.com/security/cve/CVE-2023-2585 https://bugzilla.redhat.com/show_bug.cgi?id=2196335 • CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 4.4EPSS: 0%CPEs: 18EXPL: 0CVE-2023-3212 – kernel: gfs2: NULL pointer dereference in gfs2_evict_inode()
https://notcve.org/view.php?id=CVE-2023-3212
A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic. A NULL pointer dereference flaw was found in the gfs2 file system in the Linux kernel. This issue occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. • https://bugzilla.redhat.com/show_bug.cgi?id=2214348 https://github.com/torvalds/linux/commit/504a10d9e46bc37b23d0a1ae2f28973c8516e636 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.netapp.com/advisory/ntap-20230929-0005 https://www.debian.org/security/2023/dsa-5448 https://www.debian.org/security/2023/dsa-5480 https://access.redhat.com/security/cve/CVE-2023-3212 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-1183 – Arbitrary file write
https://notcve.org/view.php?id=CVE-2023-1183
A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker. • http://www.openwall.com/lists/oss-security/2023/12/28/4 http://www.openwall.com/lists/oss-security/2024/01/03/4 https://access.redhat.com/security/cve/CVE-2023-1183 https://bugzilla.redhat.com/show_bug.cgi?id=2208506 https://www.libreoffice.org/about-us/security/advisories/cve-2023-1183 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-3138 – libX11: InitExt.c can overwrite unintended portions of the Display structure if the extension request leads to a buffer overflow
https://notcve.org/view.php?id=CVE-2023-3138
A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption. • https://access.redhat.com/security/cve/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.netapp.com/advisory/ntap-20231208-0008 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-3161 – kernel: fbcon: shift-out-of-bounds in fbcon_set_font()
https://notcve.org/view.php?id=CVE-2023-3161
A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing a font->width and font->height greater than 32 to the fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs, leading to undefined behavior and possible denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=2213485 https://github.com/torvalds/linux/commit/2b09d5d364986f724f17001ccfe4126b9b43a0be https://access.redhat.com/security/cve/CVE-2023-3161 • CWE-682: Incorrect Calculation CWE-1335: Incorrect Bitwise Shift of Integer •