CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-0004 – PAN-OS: Local File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2023-0004
A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges. These files can include logs and system components that impact the integrity and availability of PAN-OS software. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fe • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-1906
https://notcve.org/view.php?id=CVE-2023-1906
A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. • https://access.redhat.com/security/cve/CVE-2023-1906 https://bugzilla.redhat.com/show_bug.cgi?id=2185714 https://github.com/ImageMagick/ImageMagick/commit/d7a8bdd7bb33cf8e58bc01b4a4f2ea5466f8c6b3 https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247 https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6655G3GPS42WQM32DJHUCZALI2URQSCO • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2023-1992
https://notcve.org/view.php?id=CVE-2023-1992
RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file El fallo del disector RPCoRDMA en Wireshark 4.0.0 a 4.0.4 y 3.6.0 a 3.6.12 permite la denegación de servicio mediante la inyección de paquetes o un archivo de captura manipulado. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1992.json https://gitlab.com/wireshark/wireshark/-/issues/18852 https://lists.debian.org/debian-lts-announce/2023/04/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EHLTD25WNQSPQNELX52UH6YLP4TBLKTT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZA7IMATNNQPLIM6WMRPM3T5ZY24NRR2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2023-1993
https://notcve.org/view.php?id=CVE-2023-1993
LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file El bucle grande del disector LISP en Wireshark 4.0.0 a 4.0.4 y 3.6.0 a 3.6.12 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1993.json https://gitlab.com/wireshark/wireshark/-/issues/18900 https://lists.debian.org/debian-lts-announce/2023/04/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EHLTD25WNQSPQNELX52UH6YLP4TBLKTT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZA7IMATNNQPLIM6WMRPM3T5ZY24NRR2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora • CWE-834: Excessive Iteration •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2023-1994
https://notcve.org/view.php?id=CVE-2023-1994
GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file El fallo del disector GQUIC en Wireshark 4.0.0 a 4.0.4 y 3.6.0 a 3.6.12 permite la denegación de servicio mediante la inyección de paquetes o un archivo de captura manipulado. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1994.json https://gitlab.com/wireshark/wireshark/-/issues/18947 https://lists.debian.org/debian-lts-announce/2023/04/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EHLTD25WNQSPQNELX52UH6YLP4TBLKTT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZA7IMATNNQPLIM6WMRPM3T5ZY24NRR2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora • CWE-400: Uncontrolled Resource Consumption •