CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-4004 – Kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove()
https://notcve.org/view.php?id=CVE-2023-4004
A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. Se encontró una falla de use-after-free en el netfilter del kernel de Linux en la forma en que un usuario activa la función nft_pipapo_remove con el elemento, sin un NFT_SET_EXT_KEY_END. Este problema podría permitir que un usuario local bloquee el sistema o potencialmente aumente sus privilegios en el sistema. • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://access.redhat.com/errata/RHSA-2023:4961 https://access.redhat.com/errata/RHSA-2023:4962 https://access.redhat.com/errata/RHSA-2023:4967 https://access.redhat.com/errata/RHSA-2023:5069 https://access.redhat.com/errata/RHSA-2023:5091 https://access.redhat.com/errata/RHSA-2023:5093 https:// • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-4907
https://notcve.org/view.php?id=CVE-2022-4907
Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html https://crbug.com/1358168 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ https://www.debian.org/security/2023/dsa-5552 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-3773 – Kernel: xfrm: out-of-bounds read of xfrma_mtimer_thresh nlattr
https://notcve.org/view.php?id=CVE-2023-3773
A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace. • https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/security/cve/CVE-2023-3773 https://bugzilla.redhat.com/show_bug.cgi?id=2218944 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://www.debian.org/security/2023/dsa-5492 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2023-3772 – Kernel: xfrm: null pointer dereference in xfrm_update_ae_params()
https://notcve.org/view.php?id=CVE-2023-3772
A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. • http://www.openwall.com/lists/oss-security/2023/08/10/1 http://www.openwall.com/lists/oss-security/2023/08/10/3 https://access.redhat.com/errata/RHSA-2023:6583 https://access.redhat.com/errata/RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2024:0412 https://access.redhat.com/errata/RHSA-2024:0575 https://access.redhat.com/security/cve/CVE-2023-3772 https://bugzilla.redhat.com/show_bug.cgi?id=2218943 https&# • CWE-476: NULL Pointer Dereference •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38745
https://notcve.org/view.php?id=CVE-2023-38745
Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of the process running Pandoc. It only affects systems that pass untrusted user input to Pandoc and allow Pandoc to be used to produce a PDF or with the --extract-media option. NOTE: this issue exists because of an incomplete fix for CVE-2023-35936 (failure to properly account for double encoded path names). • https://github.com/jgm/pandoc/commit/eddedbfc14916aa06fc01ff04b38aeb30ae2e625 https://github.com/jgm/pandoc/compare/3.1.5...3.1.6 https://lists.debian.org/debian-lts-announce/2023/07/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JGRJHU2FTSGTHHRTNDF7STEKLKKA25JN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYP3FKDS3KAYMQUZVVL73IUI4CWSKLKP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.o •