CVSS: 3.3EPSS: 0%CPEs: 10EXPL: 1CVE-2023-2602 – libcap: Memory Leak on pthread_create() Error
https://notcve.org/view.php?id=CVE-2023-2602
A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. • https://bugzilla.redhat.com/show_bug.cgi?id=2209114 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://access.redhat.com/security/cve/CVE-2023-2602 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2023-32373 – Apple Multiple Products WebKit Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2023-32373
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. A use after free vulnerability was found in the webkitgtk package. • https://security.gentoo.org/glsa/202401-04 https://support.apple.com/en-us/HT213757 https://support.apple.com/en-us/HT213758 https://support.apple.com/en-us/HT213761 https://support.apple.com/en-us/HT213762 https://support.apple.com/en-us/HT213764 https://support.apple.com/en-us/HT213765 https://access.redhat.com/security/cve/CVE-2023-32373 https://bugzilla.redhat.com/show_bug.cgi?id=2209214 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2023-34151
https://notcve.org/view.php?id=CVE-2023-34151
A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). • https://access.redhat.com/security/cve/CVE-2023-34151 https://bugzilla.redhat.com/show_bug.cgi?id=2210657 https://github.com/ImageMagick/ImageMagick/issues/6341 https://lists.debian.org/debian-lts-announce/2024/02/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 2CVE-2023-34152
https://notcve.org/view.php?id=CVE-2023-34152
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. • https://github.com/SudoIndividual/CVE-2023-34152 https://access.redhat.com/security/cve/CVE-2023-34152 https://bugzilla.redhat.com/show_bug.cgi?id=2210659 https://github.com/ImageMagick/ImageMagick/issues/6339 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2023-34153
https://notcve.org/view.php?id=CVE-2023-34153
A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. • https://access.redhat.com/security/cve/CVE-2023-34153 https://bugzilla.redhat.com/show_bug.cgi?id=2210660 https://github.com/ImageMagick/ImageMagick/issues/6338 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •