CVE-2023-5539 – Moodle: authenticated remote code execution risk in lesson
https://notcve.org/view.php?id=CVE-2023-5539
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers. Se identificó un riesgo de ejecución remota de código en la actividad Lesson. Por defecto, esto sólo estaba disponible para profesores y directivos. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408 https://bugzilla.redhat.com/show_bug.cgi?id=2243352 https://moodle.org/mod/forum/discuss.php?d=451580 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-38253 – W3m: out of bounds read in growbuf_to_str() at w3m/indep.c
https://notcve.org/view.php?id=CVE-2023-38253
An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. • https://access.redhat.com/security/cve/CVE-2023-38253 https://bugzilla.redhat.com/show_bug.cgi?id=2222779 https://github.com/tats/w3m/issues/271 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C • CWE-125: Out-of-bounds Read •
CVE-2023-38252 – W3m: out of bounds read in strnew_size() at w3m/str.c
https://notcve.org/view.php?id=CVE-2023-38252
An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. • https://access.redhat.com/security/cve/CVE-2023-38252 https://bugzilla.redhat.com/show_bug.cgi?id=2222775 https://github.com/tats/w3m/issues/270 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C • CWE-125: Out-of-bounds Read •
CVE-2023-34432 – Heap-buffer-overflow in src/formats_i.c
https://notcve.org/view.php?id=CVE-2023-34432
A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure. • https://access.redhat.com/security/cve/CVE-2023-34432 https://bugzilla.redhat.com/show_bug.cgi?id=2212291 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-34318 – Heap-buffer-overflow in src/hcom.c
https://notcve.org/view.php?id=CVE-2023-34318
A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure. • https://access.redhat.com/security/cve/CVE-2023-34318 https://bugzilla.redhat.com/show_bug.cgi?id=2212283 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •