Page 62 of 487 results (0.016 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-1386 – Qemu: 9pfs: suid/sgid bits not dropped on file write

https://notcve.org/view.php?id=CVE-2023-1386

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host. • https://access.redhat.com/security/cve/CVE-2023-1386 https://bugzilla.redhat.com/show_bug.cgi?id=2223985 https://github.com/advisories/GHSA-ppj8-867g-rgjr https://github.com/v9fs/linux/issues/29 https://security.netapp.com/advisory/ntap-20230831-0005 • CWE-281: Improper Preservation of Permissions •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

CVE-2023-38200 – Keylime: registrar is subject to a dos against ssl connections

https://notcve.org/view.php?id=CVE-2023-38200

A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections. Se encontró una falla en Keylime. Debido a su naturaleza de bloqueo, el registrador de Keylime está sujeto a una denegación de servicio remota contra sus conexiones SSL. • https://access.redhat.com/errata/RHSA-2023:5080 https://access.redhat.com/security/cve/CVE-2023-38200 https://bugzilla.redhat.com/show_bug.cgi?id=2222692 https://github.com/keylime/keylime/pull/1421 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIZZB5NHNCS5D2AEH3ZAO6OQC72IK7WS • CWE-400: Uncontrolled Resource Consumption CWE-834: Excessive Iteration •

CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 3

CVE-2023-38633 – librsvg: Arbitrary file read when xinclude href has special characters

https://notcve.org/view.php?id=CVE-2023-38633

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. A directory traversal vulnerability was discovered in the URL decoder of Librsvg. This issue occurs when xinclude href has special characters; demonstrated by href=".?.. • http://seclists.org/fulldisclosure/2023/Jul/43 http://www.openwall.com/lists/oss-security/2023/07/27/1 http://www.openwall.com/lists/oss-security/2023/09/06/10 https://bugzilla.suse.com/show_bug.cgi?id=1213502 https://gitlab.gnome.org/GNOME/librsvg/-/issues/996 https://gitlab.gnome.org/GNOME/librsvg/-/releases/2.56.3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/422NTIHIEBRASIG2DWXYBH4ADYMHY626 https://lists.fedoraproject.org • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0

CVE-2023-34968 – Samba: spotlight server-side share path disclosure

https://notcve.org/view.php?id=CVE-2023-34968

A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. • https://access.redhat.com/errata/RHSA-2023:6667 https://access.redhat.com/errata/RHSA-2023:7139 https://access.redhat.com/errata/RHSA-2024:0423 https://access.redhat.com/errata/RHSA-2024:0580 https://access.redhat.com/security/cve/CVE-2023-34968 https://bugzilla.redhat.com/show_bug.cgi?id=2222795 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject. •

CVSS: 5.9EPSS: 29%CPEs: 9EXPL: 0

CVE-2023-34967 – Samba: type confusion in mdssvc rpc service for spotlight

https://notcve.org/view.php?id=CVE-2023-34967

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Samba. • https://access.redhat.com/errata/RHSA-2023:6667 https://access.redhat.com/errata/RHSA-2023:7139 https://access.redhat.com/errata/RHSA-2024:0423 https://access.redhat.com/errata/RHSA-2024:0580 https://access.redhat.com/security/cve/CVE-2023-34967 https://bugzilla.redhat.com/show_bug.cgi?id=2222794 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject. • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •