CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 1CVE-2023-21400
https://notcve.org/view.php?id=CVE-2023-21400
In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation. • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html http://www.openwall.com/lists/oss-security/2023/07/14/2 http://www.openwall.com/lists/oss-security/2023/07/19/2 http://www.openwall.com/lists/oss-security/2023/07/19/7 http://www.openwall.com/lists/oss-security/2023/07/25/7 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20240119-0012 https://source.android.com • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21255
https://notcve.org/view.php?id=CVE-2023-21255
In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/kernel/common/+/1ca1130ec62d https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20240119-0010 https://source.android.com/security/bulletin/2023-07-01 https://www.debian.org/security/2023/dsa-5480 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-3618 – Segmentation fault in fax3encode in libtiff/tif_fax3.c
https://notcve.org/view.php?id=CVE-2023-3618
A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service. • https://access.redhat.com/security/cve/CVE-2023-3618 https://bugzilla.redhat.com/show_bug.cgi?id=2215865 https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html https://security.netapp.com/advisory/ntap-20230824-0012 https://support.apple.com/kb/HT214036 https://support.apple.com/kb/HT214037 https://support.apple.com/kb/HT214038 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-36823 – Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content
https://notcve.org/view.php?id=CVE-2023-36823
Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed" config or when using a custom config that allows `style` elements and one or more CSS at-rules. This could result in cross-site scripting or other undesired behavior when the malicious HTML and CSS are rendered in a browser. Sanitize 6.0.2 performs additional escaping of CSS in `style` element content, which fixes this issue. Users who are unable to upgrade can prevent this issue by using a Sanitize config that doesn't allow `style` elements, using a Sanitize config that doesn't allow CSS at-rules, or by manually escaping the character sequence `</` as `<\/` in `style` element content. • https://github.com/rgrove/sanitize/commit/76ed46e6dc70820f38efe27de8dabd54dddb5220 https://github.com/rgrove/sanitize/releases/tag/v6.0.2 https://github.com/rgrove/sanitize/security/advisories/GHSA-f5ww-cq3m-q3g7 https://lists.debian.org/debian-lts-announce/2023/11/msg00008.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2023-35936 – Arbitrary file write is possible in Pandoc when using PDF output or --extract-media with untrusted input
https://notcve.org/view.php?id=CVE-2023-35936
Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files using the `--extract-media` option or outputting to PDF format. This vulnerability allows an attacker to create or overwrite arbitrary files on the system ,depending on the privileges of the process running pandoc. It only affects systems that pass untrusted user input to pandoc and allow pandoc to be used to produce a PDF or with the `--extract-media` option. The fix is to unescape the percent-encoding prior to checking that the resource is not above the working directory, and prior to extracting the extension. Some code for checking that the path is below the working directory was flawed in a similar way and has also been fixed. • https://github.com/jgm/pandoc/security/advisories/GHSA-xj5q-fv23-575g https://lists.debian.org/debian-lts-announce/2023/07/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JGRJHU2FTSGTHHRTNDF7STEKLKKA25JN https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYP3FKDS3KAYMQUZVVL73IUI4CWSKLKP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QI6RBP6ZKVC2OOCV6SU2FUHPMAXDDJFU • CWE-20: Improper Input Validation •