CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26157
https://notcve.org/view.php?id=CVE-2023-26157
Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c. Las versiones del paquete libredwg anteriores a 0.12.5.6384 son vulnerables a la Denegación de Servicio (DoS) debido a una lectura fuera de los límites que involucra section->num_pages en decode_r2007.c. • https://github.com/LibreDWG/libredwg/commit/c8cf03ce4c2315b146caf582ea061c0460193bcc https://github.com/LibreDWG/libredwg/issues/850 https://security.snyk.io/vuln/SNYK-UNMANAGED-LIBREDWG-6070730 • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5981 – Gnutls: timing side-channel in the rsa-psk authentication
https://notcve.org/view.php?id=CVE-2023-5981
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Se encontró una vulnerabilidad en la que los tiempos de respuesta a textos cifrados con formato incorrecto en RSA-PSK ClientKeyExchange difieren de los tiempos de respuesta de textos cifrados con el relleno PKCS#1 v1.5 correcto. • http://www.openwall.com/lists/oss-security/2024/01/19/3 https://access.redhat.com/errata/RHSA-2024:0155 https://access.redhat.com/errata/RHSA-2024:0319 https://access.redhat.com/errata/RHSA-2024:0399 https://access.redhat.com/errata/RHSA-2024:0451 https://access.redhat.com/errata/RHSA-2024:0533 https://access.redhat.com/errata/RHSA-2024:1383 https://access.redhat.com/errata/RHSA-2024:2094 https://access.redhat.com/security/cve/CVE-2023-5981 https://bugzilla.red • CWE-203: Observable Discrepancy •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4949 – Memory Corruption Vulnerability in Grub-Legacy's XFS Implementation
https://notcve.org/view.php?id=CVE-2023-4949
An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation. Un atacante con acceso local a un sistema (ya sea a través de un disco o una unidad externa) puede presentar una partición XFS modificada a grub-legacy de tal manera que aproveche una corrupción de memoria en la implementación del sistema de archivos XFS de grub. • https://xenbits.xenproject.org/xsa/advisory-443.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-4692 – Grub2: out-of-bounds write at fs/ntfs.c may lead to unsigned code execution
https://notcve.org/view.php?id=CVE-2023-4692
An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved. Se encontró una falla de escritura fuera de los límites en el controlador del sistema de archivos NTFS de grub2. • https://access.redhat.com/errata/RHSA-2024:2456 https://access.redhat.com/errata/RHSA-2024:3184 https://access.redhat.com/security/cve/CVE-2023-4692 https://bugzilla.redhat.com/show_bug.cgi?id=2236613 https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUU42E7CPYLATXOYVYNW6YTXXULAOV6L https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.or • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2023-4693 – Grub2: out-of-bounds read at fs/ntfs.c
https://notcve.org/view.php?id=CVE-2023-4693
An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk. Se encontró una falla de lectura fuera de los límites en el controlador del sistema de archivos NTFS de grub2. Este problema puede permitir que un atacante físicamente presente presente una imagen del sistema de archivos NTFS especialmente manipulada para leer ubicaciones de memoria arbitrarias. • https://access.redhat.com/errata/RHSA-2024:2456 https://access.redhat.com/errata/RHSA-2024:3184 https://access.redhat.com/security/cve/CVE-2023-4693 https://bugzilla.redhat.com/show_bug.cgi?id=2238343 https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUU42E7CPYLATXOYVYNW6YTXXULAOV6L https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.or • CWE-125: Out-of-bounds Read •