CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2023-2455 – postgresql: row security policies disregard user ID changes after inlining.
https://notcve.org/view.php?id=CVE-2023-2455
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. • https://access.redhat.com/security/cve/CVE-2023-2455 https://security.netapp.com/advisory/ntap-20230706-0006 https://www.postgresql.org/support/security/CVE-2023-2455 https://bugzilla.redhat.com/show_bug.cgi?id=2207569 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2023-2454 – postgresql: schema_element defeats protective search_path changes
https://notcve.org/view.php?id=CVE-2023-2454
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code. A flaw was found in PostgreSQL. Certain database calls could permit an attacker with elevated database-level privileges to execute arbitrary code. • https://access.redhat.com/security/cve/CVE-2023-2454 https://security.netapp.com/advisory/ntap-20230706-0006 https://www.postgresql.org/support/security/CVE-2023-2454 https://bugzilla.redhat.com/show_bug.cgi?id=2207568 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-2203 – webkitgtk: Regression of CVE-2023-28205 fixes in the Red Hat Enterprise Linux
https://notcve.org/view.php?id=CVE-2023-2203
A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. • https://access.redhat.com/errata/RHSA-2023:2653 https://access.redhat.com/errata/RHSA-2023:3108 https://access.redhat.com/security/cve/CVE-2023-2203 https://bugzilla.redhat.com/show_bug.cgi?id=2188543 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-32573 – qt: Uninitialized variable usage in m_unitsPerEm
https://notcve.org/view.php?id=CVE-2023-32573
In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. A vulnerability was found in qt. The security flaw occurs due to uninitialized variable usage in m_unitsPerEm. • https://codereview.qt-project.org/c/qt/qtsvg/+/474093 https://lists.debian.org/debian-lts-announce/2023/08/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UE3IHQZCEUFVOPWG75V2HDKXNUZBB4FX https://access.redhat.com/security/cve/CVE-2023-32573 https://bugzilla.redhat.com/show_bug.cgi?id=2208135 • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2023-2491 – emacs: Regression of CVE-2023-28617 fixes in the Red Hat Enterprise Linux
https://notcve.org/view.php?id=CVE-2023-2491
A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. • https://access.redhat.com/errata/RHSA-2023:2626 https://access.redhat.com/errata/RHSA-2023:3104 https://access.redhat.com/security/cve/CVE-2023-2491 https://bugzilla.redhat.com/show_bug.cgi?id=2192873 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •