Page 39 of 3085 results (0.026 seconds)

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-3268 – kernel: out-of-bounds access in relay_file_read

https://notcve.org/view.php?id=CVE-2023-3268

An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. An out-of-bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw allows a local attacker to crash the system or leak kernel internal information. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43ec16f1450f4936025a9bdf1a273affdb9732c1 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lore.kernel.org/lkml/1682238502-1892-1-git-send-email-yangpc%40wangsu.com/T https://security.netapp.com/advisory/ntap-20230824-0006 https://www.debian.org/security/ • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2023-30631 – Apache Traffic Server: Configuration option to block the PUSH method in ATS didn't work

https://notcve.org/view.php?id=CVE-2023-30631

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.  The configuration option proxy.config.http.push_method_enabled didn't function.  However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions • https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs https://lists.debian.org/debian-lts-announce/2023/06/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6GDCBNFDDW6ULW7CACJCPENI7BVDHM5O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWXNAEEVRUZ5JG4EJAIIFC3CI7LFETV https://www.debian.org/security/2023/dsa-5435 • CWE-20: Improper Input Validation •

CVSS: 3.9EPSS: 0%CPEs: 7EXPL: 0

CVE-2023-20867 – VMware Tools Authentication Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2023-20867

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. Un host ESXi totalmente comprometido puede obligar a VMware Tools a no poder autenticar las operaciones de host a invitado, lo que afecta la confidencialidad y la integridad de la máquina virtual invitada. A flaw was found in the open-vm-tools package. An attacker with root access privileges over ESXi may be able to cause an authentication bypass in the vgauth module. This may lead to compromised confidentiality and integrity. • http://www.openwall.com/lists/oss-security/2023/10/16/11 http://www.openwall.com/lists/oss-security/2023/10/16/2 https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message • CWE-287: Improper Authentication •

CVSS: 7.1EPSS: 0%CPEs: 13EXPL: 0

CVE-2023-3141 – kernel: Use after free bug in r592_remove

https://notcve.org/view.php?id=CVE-2023-3141

A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This issue may allow a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63264422785021704c39b38f65a78ab9e4a186d7 https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lore.kernel.org/lkml/CAPDyKFoV9aZObZ5GBm0U_-UVeVkBN_rAG-kH3BKoP4EXdYM4bw%40mail.gmail.com/t https://security.netapp.com/advisory/ntap-20230706-0004 https://access.redhat.com • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1

CVE-2023-34969 – dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered

https://notcve.org/view.php?id=CVE-2023-34969

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemon can cause a dbus-daemon crash under some circumstances via an unreplyable message. When done on the well-known system bus, this is a denial-of-service vulnerability. The fixed versions are 1.12.28, 1.14.8, and 1.15.6. D-Bus en versiones anteriores a v1.15.6 a veces permite a usuarios sin privilegios bloquear el "dbus-daemon". • https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP https://security.netapp.com/advisory/ntap-20231208-0007 https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 • CWE-617: Reachable Assertion •