Page 36 of 1394 results (0.011 seconds)

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-3618 – Segmentation fault in fax3encode in libtiff/tif_fax3.c

https://notcve.org/view.php?id=CVE-2023-3618

A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service. • https://access.redhat.com/security/cve/CVE-2023-3618 https://bugzilla.redhat.com/show_bug.cgi?id=2215865 https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html https://security.netapp.com/advisory/ntap-20230824-0012 https://support.apple.com/kb/HT214036 https://support.apple.com/kb/HT214037 https://support.apple.com/kb/HT214038 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

CVE-2023-3354 – Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service

https://notcve.org/view.php?id=CVE-2023-3354

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service. • https://access.redhat.com/security/cve/CVE-2023-3354 https://bugzilla.redhat.com/show_bug.cgi?id=2216478 https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R • CWE-476: NULL Pointer Dereference •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1

CVE-2023-1672 – Race condition exists in the key generation and rotation functionality

https://notcve.org/view.php?id=CVE-2023-1672

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host. • https://access.redhat.com/security/cve/CVE-2023-1672 https://bugzilla.redhat.com/show_bug.cgi?id=2180999 https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096 https://lists.debian.org/debian-lts-announce/2023/11/msg00004.html https://www.openwall.com/lists/oss-security/2023/06/15/1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0

CVE-2023-3269 – Distros-[dirtyvma] privilege escalation via non-rcu-protected vma traversal

https://notcve.org/view.php?id=CVE-2023-3269

A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges. • http://seclists.org/fulldisclosure/2023/Jul/43 http://www.openwall.com/lists/oss-security/2023/07/28/1 http://www.openwall.com/lists/oss-security/2023/08/25/1 http://www.openwall.com/lists/oss-security/2023/08/25/4 https://access.redhat.com/security/cve/CVE-2023-3269 https://bugzilla.redhat.com/show_bug.cgi?id=2215268 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6AAA64CUPSMBW6XDTXPQJ3KQWYQ4K7L https://security.netapp.com/advisory • CWE-416: Use After Free •

CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0

CVE-2023-3089 – Ocp & fips mode

https://notcve.org/view.php?id=CVE-2023-3089

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated. • https://access.redhat.com/security/cve/CVE-2023-3089 https://bugzilla.redhat.com/show_bug.cgi?id=2212085 https://access.redhat.com/security/vulnerabilities/RHSB-2023-001 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-521: Weak Password Requirements CWE-693: Protection Mechanism Failure •