CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-30631 – Apache Traffic Server: Configuration option to block the PUSH method in ATS didn't work
https://notcve.org/view.php?id=CVE-2023-30631
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions • https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs https://lists.debian.org/debian-lts-announce/2023/06/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6GDCBNFDDW6ULW7CACJCPENI7BVDHM5O https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWXNAEEVRUZ5JG4EJAIIFC3CI7LFETV https://www.debian.org/security/2023/dsa-5435 • CWE-20: Improper Input Validation •
CVSS: 3.9EPSS: 0%CPEs: 7EXPL: 0CVE-2023-20867 – VMware Tools Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-20867
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. Un host ESXi totalmente comprometido puede obligar a VMware Tools a no poder autenticar las operaciones de host a invitado, lo que afecta la confidencialidad y la integridad de la máquina virtual invitada. A flaw was found in the open-vm-tools package. An attacker with root access privileges over ESXi may be able to cause an authentication bypass in the vgauth module. This may lead to compromised confidentiality and integrity. • http://www.openwall.com/lists/oss-security/2023/10/16/11 http://www.openwall.com/lists/oss-security/2023/10/16/2 https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32732 – Denial-of-Service in gRPC
https://notcve.org/view.php?id=CVE-2023-32732
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309 https://www.google.com/url gRPC contiene una vulnerabilidad por la que un cliente puede provocar la finalización de la conexión entre un proxy HTTP2 y un servidor gRPC. Un error de codificación en base64 para cabeceras con sufijo "-bin" provocará la desconexión por parte del servidor gRPC, pero suele estar permitido por los proxies HTTP2. Se recomienda actualizar más allá del commit "https://github.com/grpc/grpc/pull/32309". • https://github.com/grpc/grpc/pull/32309 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37IDNVY5AWVH7JDMM2SDTL24ZPPZJNSY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VWE44J5FG7THHL7XVEVTNIGEYBNKJBLL • CWE-440: Expected Behavior Violation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2023-2603 – libcap: Integer Overflow in _libcap_strdup()
https://notcve.org/view.php?id=CVE-2023-2603
A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB. • https://bugzilla.redhat.com/show_bug.cgi?id=2209113 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://access.redhat.com/security/cve/CVE-2023-2603 • CWE-190: Integer Overflow or Wraparound •
CVSS: 3.3EPSS: 0%CPEs: 10EXPL: 1CVE-2023-2602 – libcap: Memory Leak on pthread_create() Error
https://notcve.org/view.php?id=CVE-2023-2602
A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. • https://bugzilla.redhat.com/show_bug.cgi?id=2209114 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://access.redhat.com/security/cve/CVE-2023-2602 • CWE-401: Missing Release of Memory after Effective Lifetime •