Page 52 of 8983 results (0.011 seconds)

CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-39945 – Malformed serialized data in a data submessage leads to unhandled exception

https://notcve.org/view.php?id=CVE-2023-39945

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue. eprosima Fast DDS es una implementación en C++ del estándar Data Distribution Service del Object Management Group. Antes de las versiones 2.11.0, 2.10.2, 2.9.2, y 2.6.5, un submensaje de datos enviado al puerto PDP lanzaba una `BadParamException` no manejada en fastcdr, que a su vez bloqueaba fastdds. Las versiones 2.11.0, 2.10.2, 2.9.2 y 2.6.5 contienen un parche para este problema. • https://bombshell.gtisc.gatech.edu/ddsfuzz/pcap/fastdds-exception-20230509-02.pcap https://github.com/eProsima/Fast-CDR/blob/v1.0.26/src/cpp/Cdr.cpp#L72-L79 https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-2rq6-8j7x-frr9 https://www.debian.org/security/2023/dsa-5481 • CWE-248: Uncaught Exception •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-39534 – Malformed GAP submessage triggers assertion failure

https://notcve.org/view.php?id=CVE-2023-39534

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue. eprosima Fast DDS es una implementación en C++ del estándar Data Distribution Service del Object Management Group. Antes de las versiones 2.10.0, 2.9.2 y 2.6.5, un submensaje GAP malformado podía provocar un fallo de aserción, bloqueando FastDDS. Las versiones 2.10.0, 2.9.2 y 2.6.5 contienen un parche para este problema. • https://bombshell.gtisc.gatech.edu/ddsfuzz/pcap/fastdds-assert-230509.pcap https://github.com/eProsima/Fast-DDS/blob/v2.9.1/include/fastdds/rtps/common/SequenceNumber.h#L238-L252 https://github.com/eProsima/Fast-DDS/blob/v2.9.1/src/cpp/rtps/reader/StatefulReader.cpp#L863 https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fcr6-x23w-94wp https://www.debian.org/security/2023/dsa-5481 • CWE-617: Reachable Assertion •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-39418 – Postgresql: merge fails to enforce update or select row security policies

https://notcve.org/view.php?id=CVE-2023-39418

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows. Se encontró una vulnerabilidad en PostgreSQL con el uso del comando MERGE, que no puede probar nuevas filas con las políticas de seguridad de filas definidas para ACTUALIZAR y SELECCIONAR. Si las políticas ACTUALIZAR y SELECCIONAR prohíben algunas filas que las políticas INSERTAR no prohíben, un usuario podría almacenar dichas filas. • https://access.redhat.com/errata/RHSA-2023:7785 https://access.redhat.com/errata/RHSA-2023:7883 https://access.redhat.com/errata/RHSA-2023:7884 https://access.redhat.com/errata/RHSA-2023:7885 https://access.redhat.com/security/cve/CVE-2023-39418 https://bugzilla.redhat.com/show_bug.cgi?id=2228112 https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229 https://security.netapp.com/advisory/ntap-20230915-0002 https://www.debian.org/security •

CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0

CVE-2023-39417 – Postgresql: extension script @substitutions@ within quoting allow sql injection

https://notcve.org/view.php?id=CVE-2023-39417

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. EN EL SCRIPT DE EXTENSIÓN, se encontró una vulnerabilidad de inyección SQL en PostgreSQL si usa @extowner@, @extschema@ o @extschema:...@ dentro de una construcción de cotización (cotización en dólares, '' o ""). Si un administrador ha instalado archivos de una extensión vulnerable, de confianza y no empaquetada, un atacante con privilegios CREATE de nivel de base de datos puede ejecutar código arbitrario como superusuario de arranque. • https://access.redhat.com/errata/RHSA-2023:7545 https://access.redhat.com/errata/RHSA-2023:7579 https://access.redhat.com/errata/RHSA-2023:7580 https://access.redhat.com/errata/RHSA-2023:7581 https://access.redhat.com/errata/RHSA-2023:7616 https://access.redhat.com/errata/RHSA-2023:7656 https://access.redhat.com/errata/RHSA-2023:7666 https://access.redhat.com/errata/RHSA-2023:7667 https://access.redhat.com/errata/RHSA-2023:7694 https://access.redhat.com/errata/RHSA • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 4

CVE-2023-3824 – Buffer overflow and overread in phar_dir_read()

https://notcve.org/view.php?id=CVE-2023-3824

In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. En PHP versión 8.0.* antes de 8.0.30, 8.1.* antes de 8.1.22, y 8.2.* antes de 8.2.8, al cargar el archivo phar, mientras se leen las entradas del directorio PHAR, una comprobación de longitud insuficiente puede conducir a un desbordamiento del búfer de pila, llevando potencialmente a corrupción de memoria o RCE. A flaw was found in PHP that can lead to a buffer overflow and a stack information leak due to improper bounds checking within the phar_dir_read() function. This issue may allow an attacker to initiate memory corruption by compelling the application to open a specially crafted .phar archive, allowing the attacker to corrupt memory or cause a denial of service condition. • https://github.com/jhonnybonny/CVE-2023-3824 https://github.com/m1sn0w/CVE-2023-3824 https://github.com/Starla2u/CVE-2023-3824-PHP-to-RCE-LockBit-LEAK https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA https://security.netapp.com/advisory/ntap-20230825-0001 https://access.redhat.com/se • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •