CVSS: 3.9EPSS: 0%CPEs: 7EXPL: 0CVE-2023-20867 – VMware Tools Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-20867
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. Un host ESXi totalmente comprometido puede obligar a VMware Tools a no poder autenticar las operaciones de host a invitado, lo que afecta la confidencialidad y la integridad de la máquina virtual invitada. A flaw was found in the open-vm-tools package. An attacker with root access privileges over ESXi may be able to cause an authentication bypass in the vgauth module. This may lead to compromised confidentiality and integrity. • http://www.openwall.com/lists/oss-security/2023/10/16/11 http://www.openwall.com/lists/oss-security/2023/10/16/2 https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2023-31490 – frr: missing length check in bgp_attr_psid_sub() can lead do DoS
https://notcve.org/view.php?id=CVE-2023-31490
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function. Un problema encontrado en Frrouting bgpd v.8.4.2 permite a un atacante remoto causar una denegación de servicio a través de la función bgp_attr_psid_sub(). A flaw was found in frr that may allow a remote attacker to cause a denial of service via the bgp_attr_psid_sub function. • https://github.com/FRRouting/frr/issues/13099 https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4 https://www.debian.org/security/2023/dsa-5495 https • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-31489 – frr: incorrect length check in bgp_capability_llgr() can lead do DoS
https://notcve.org/view.php?id=CVE-2023-31489
An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function. A flaw was found in frr that may allow a remote attacker to cause a denial of service via the bgp_capability_llgr function. • https://github.com/FRRouting/frr/issues/13098 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JLG64IF3FU7V76K4TKCCXVNEE6P2VUDO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMJNX44SMJM25JZO7XWHDQCOB4SNJPIE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXR6PIVY4SWO7HDT4EY733H4X32SCPM4 https://access.redhat.com/security/cve/CVE-2023-31489 https://bugzilla.redhat.com/show_bug.cgi?id=2238990 • CWE-125: Out-of-bounds Read •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2023-21962 – mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023)
https://notcve.org/view.php?id=CVE-2023-21962
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN https://security.netapp.com/advisory/ntap-20230427-0007 https://www.oracle.com/security-alerts/cpuapr2023.html https://access.redhat.com/security/cve/CVE-2023-21962 https:&#x •
CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0CVE-2023-21955 – mysql: Server: Partition unspecified vulnerability (CPU Apr 2023)
https://notcve.org/view.php?id=CVE-2023-21955
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN https://security.netapp.com/advisory/ntap-20230427-0007 https://www.oracle.com/security-alerts/cpuapr2023.html https://access.redhat.com/security/cve/CVE-2023-21955 https:&#x •