Page 4 of 80 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2023-5625 – Python-eventlet: patch regression for cve-2021-21419 in some red hat builds

https://notcve.org/view.php?id=CVE-2023-5625

A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products. Se introdujo una regresión en la compilación de Red Hat de python-eventlet debido a un cambio en la estrategia de aplicación del parche, lo que provocó que no se aplicara un parche para CVE-2021-21419 para todas las compilaciones de todos los productos. • https://access.redhat.com/errata/RHSA-2023:6128 https://access.redhat.com/errata/RHSA-2024:0188 https://access.redhat.com/errata/RHSA-2024:0213 https://access.redhat.com/security/cve/CVE-2023-5625 https://bugzilla.redhat.com/show_bug.cgi?id=2244717 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0

CVE-2023-5367 – Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty

https://notcve.org/view.php?id=CVE-2023-5367

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service. Se encontró una falla de escritura fuera de los límites en el servidor xorg-x11. Este problema ocurre debido a un cálculo incorrecto de un desplazamiento del búfer al copiar datos almacenados en el montón en la función XIChangeDeviceProperty en Xi/xiproperty.c y en la función RRChangeOutputProperty en randr/rrproperty.c, lo que permite una posible escalada de privilegios o Denegación de Servicio (DoS). . This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. • https://access.redhat.com/errata/RHSA-2023:6802 https://access.redhat.com/errata/RHSA-2023:6808 https://access.redhat.com/errata/RHSA-2023:7373 https://access.redhat.com/errata/RHSA-2023:7388 https://access.redhat.com/errata/RHSA-2023:7405 https://access.redhat.com/errata/RHSA-2023:7428 https://access.redhat.com/errata/RHSA-2023:7436 https://access.redhat.com/errata/RHSA-2023:7526 https://access.redhat.com/errata/RHSA-2023:7533 https://access.redhat.com/errata/RHSA • CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 0

CVE-2023-42669 – Samba: "rpcecho" development server allows denial of service via sleep() call on ad dc

https://notcve.org/view.php?id=CVE-2023-42669

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. • https://access.redhat.com/errata/RHSA-2023:6209 https://access.redhat.com/errata/RHSA-2023:6744 https://access.redhat.com/errata/RHSA-2023:7371 https://access.redhat.com/errata/RHSA-2023:7408 https://access.redhat.com/errata/RHSA-2023:7464 https://access.redhat.com/errata/RHSA-2023:7467 https://access.redhat.com/security/cve/CVE-2023-42669 https://bugzilla.redhat.com/show_bug.cgi?id=2241884 https://bugzilla.samba.org/show_bug.cgi?id=15474 https://security.netapp.com& • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.8EPSS: 2%CPEs: 18EXPL: 19

CVE-2023-4911 – GNU C Library Buffer Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2023-4911

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. Se descubrió un desbordamiento del búfer en el cargador dinámico ld.so de la librería GNU C mientras se procesaba la variable de entorno GLIBC_TUNABLES. Este problema podría permitir que un atacante local utilice variables de entorno GLIBC_TUNABLES manipuladas con fines malintencionados al iniciar archivos binarios con permiso SUID para ejecutar código con privilegios elevados. Dubbed Looney Tunables, Qualys discovered a buffer overflow vulnerability in the glibc dynamic loader's processing of the GLIBC_TUNABLES environment variable. • https://github.com/leesh3288/CVE-2023-4911 https://github.com/ruycr4ft/CVE-2023-4911 https://github.com/guffre/CVE-2023-4911 https://github.com/NishanthAnand21/CVE-2023-4911-PoC https://github.com/RickdeJager/CVE-2023-4911 https://github.com/hadrian3689/looney-tunables-CVE-2023-4911 https://github.com/Green-Avocado/CVE-2023-4911 https://github.com/xiaoQ1z/CVE-2023-4911 https://github.com/Diego-AltF4/CVE-2023-4911 https://github.com/KernelKrise/CVE-2023-4911 https:/&# • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 4.7EPSS: 0%CPEs: 10EXPL: 0

CVE-2023-4732 – Kernel: race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode bug in include/linux/swapops.h

https://notcve.org/view.php?id=CVE-2023-4732

A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x. Se encontró una falla en pfn_swap_entry_to_page en el subsistema de administración de memoria del kernel de Linux. En esta falla, un atacante con privilegios de usuario local puede causar un problema de denegación de servicio debido a una declaración de ERROR que hace referencia a pmd_t x. • https://access.redhat.com/errata/RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2023:7539 https://access.redhat.com/errata/RHSA-2024:0412 https://access.redhat.com/security/cve/CVE-2023-4732 https://bugzilla.redhat.com/show_bug.cgi?id=2236982 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-366: Race Condition within a Thread •