CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-38403 – iperf3: memory allocation hazard and crash
https://notcve.org/view.php?id=CVE-2023-38403
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted sequence of bytes on the iperf3 control channel with a specified JSON message length of 0xffffffff to trigger an integer overflow leading the receiving process to abort due to heap corruption. This flaw allows an attacker to use a malicious client to cause a denial of service of an iperf3 server or potentially use a malicious server to cause connecting clients to crash. • http://seclists.org/fulldisclosure/2023/Oct/24 http://seclists.org/fulldisclosure/2023/Oct/26 https://bugs.debian.org/1040830 https://cwe.mitre.org/data/definitions/130.html https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc https://github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9 https://github.com/esnet/iperf/issues/1542 https://lists.debian.org/debian-lts-announce/2023/07/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce% • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 1CVE-2023-21400
https://notcve.org/view.php?id=CVE-2023-21400
In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation. • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html http://www.openwall.com/lists/oss-security/2023/07/14/2 http://www.openwall.com/lists/oss-security/2023/07/19/2 http://www.openwall.com/lists/oss-security/2023/07/19/7 http://www.openwall.com/lists/oss-security/2023/07/25/7 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20240119-0012 https://source.android.com • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21255
https://notcve.org/view.php?id=CVE-2023-21255
In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/kernel/common/+/1ca1130ec62d https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://security.netapp.com/advisory/ntap-20240119-0010 https://source.android.com/security/bulletin/2023-07-01 https://www.debian.org/security/2023/dsa-5480 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-3618 – Segmentation fault in fax3encode in libtiff/tif_fax3.c
https://notcve.org/view.php?id=CVE-2023-3618
A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service. • https://access.redhat.com/security/cve/CVE-2023-3618 https://bugzilla.redhat.com/show_bug.cgi?id=2215865 https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html https://security.netapp.com/advisory/ntap-20230824-0012 https://support.apple.com/kb/HT214036 https://support.apple.com/kb/HT214037 https://support.apple.com/kb/HT214038 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-36823 – Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content
https://notcve.org/view.php?id=CVE-2023-36823
Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed" config or when using a custom config that allows `style` elements and one or more CSS at-rules. This could result in cross-site scripting or other undesired behavior when the malicious HTML and CSS are rendered in a browser. Sanitize 6.0.2 performs additional escaping of CSS in `style` element content, which fixes this issue. Users who are unable to upgrade can prevent this issue by using a Sanitize config that doesn't allow `style` elements, using a Sanitize config that doesn't allow CSS at-rules, or by manually escaping the character sequence `</` as `<\/` in `style` element content. • https://github.com/rgrove/sanitize/commit/76ed46e6dc70820f38efe27de8dabd54dddb5220 https://github.com/rgrove/sanitize/releases/tag/v6.0.2 https://github.com/rgrove/sanitize/security/advisories/GHSA-f5ww-cq3m-q3g7 https://lists.debian.org/debian-lts-announce/2023/11/msg00008.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •