CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0CVE-2024-21885 – Xorg-x11-server: heap buffer overflow in xisenddevicehierarchyevent
https://notcve.org/view.php?id=CVE-2024-21885
17 Jan 2024 — A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments. Se encontró una falla en el servidor X.Org. En la función XISendDeviceHierarchyEvent, es posible exceder la longitud de la matriz asignada cuando se agregan cier... • https://access.redhat.com/errata/RHSA-2024:0320 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2024-21886 – Xorg-x11-server: heap buffer overflow in disabledevice
https://notcve.org/view.php?id=CVE-2024-21886
17 Jan 2024 — A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments. Se encontró una falla de desbordamiento de búfer de almacenamiento dinámico en la función DisableDevice en el servidor X.Org. Este problema puede provocar un bloqueo de la aplicación o, en algunas circunstancias, la ejecución remota de código en entornos de reenvío SSH X11. This vulnerability ... • https://access.redhat.com/errata/RHSA-2024:0320 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 1%CPEs: 59EXPL: 0CVE-2023-5455 – Ipa: invalid csrf protection
https://notcve.org/view.php?id=CVE-2023-5455
10 Jan 2024 — A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing alrea... • https://access.redhat.com/errata/RHSA-2024:0137 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 42EXPL: 0CVE-2023-5388 – nss: timing attack against RSA decryption
https://notcve.org/view.php?id=CVE-2023-5388
10 Jan 2024 — NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. NSS era susceptible a un ataque de canal lateral de sincronización al realizar el descifrado RSA. Este ataque podría permitir potencialmente que un atacante recupere los datos privados. • https://bugzilla.mozilla.org/show_bug.cgi?id=1780432 • CWE-208: Observable Timing Discrepancy •
CVSS: 7.0EPSS: 0%CPEs: 35EXPL: 0CVE-2023-51779 – kernel: bluetooth: bt_sock_ioctl race condition leads to use-after-free in bt_sock_recvmsg
https://notcve.org/view.php?id=CVE-2023-51779
25 Dec 2023 — bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition. bt_sock_recvmsg en net/bluetooth/af_bluetooth.c en el kernel de Linux hasta 6.6.8 tiene un use-after-free debido a una condición de ejecución bt_sock_ioctl. A flaw was found in the Bluetooth subsystem of the Linux kernel. A race condition between the bt_sock_recvmsg() and bt_sock_ioctl() functions could lead to a use-after-free on a socket buffer ("skb"). This fla... • https://github.com/torvalds/linux/commit/2e07e8348ea454615e268222ae3fc240421be768 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 39EXPL: 0CVE-2023-44446 – GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44446
15 Nov 2023 — GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • https://gstreamer.freedesktop.org/security/sa-2023-0010.html • CWE-416: Use After Free •
CVSS: 4.3EPSS: 3%CPEs: 42EXPL: 0CVE-2023-5868 – Postgresql: memory disclosure in aggregate function calls
https://notcve.org/view.php?id=CVE-2023-5868
14 Nov 2023 — A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory. Se encontró una vulnerabi... • https://access.redhat.com/errata/RHSA-2023:7545 • CWE-686: Function Call With Incorrect Argument Type •
CVSS: 9.0EPSS: 6%CPEs: 49EXPL: 0CVE-2023-5869 – Postgresql: buffer overrun from integer overflow in array modification
https://notcve.org/view.php?id=CVE-2023-5869
14 Nov 2023 — A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory. Se encontró una falla en PostgreS... • https://access.redhat.com/errata/RHSA-2023:7545 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.6EPSS: 6%CPEs: 42EXPL: 0CVE-2023-5870 – Postgresql: role pg_signal_backend can signal certain superuser processes.
https://notcve.org/view.php?id=CVE-2023-5870
14 Nov 2023 — A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack. Se encontró una falla en PostgreSQL que involucra la función pg_cancel_bac... • https://access.redhat.com/errata/RHSA-2023:7545 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 85%CPEs: 21EXPL: 0CVE-2023-46847 – Squid: denial of service in http digest authentication
https://notcve.org/view.php?id=CVE-2023-46847
03 Nov 2023 — Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. Squid es vulnerable a una Denegación de Servicio, donde un atacante remoto puede realizar un ataque de desbordamiento de búfer escribiendo hasta 2 MB de datos arbitrarios en la memoria acumulada cuando Squid está configurado para aceptar la autenticación implícita HTTP. Joshua Rogers discov... • https://access.redhat.com/errata/RHSA-2023:6266 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •