Page 63 of 693 results (0.008 seconds)

CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0

CVE-2023-28755 – ruby: ReDoS vulnerability in URI

https://notcve.org/view.php?id=CVE-2023-28755

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. A flaw was found in the rubygem URI. • https://github.com/ruby/uri/releases https://lists.debian.org/debian-lts-announce/2023/04/msg00033.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/27LUWREIFTP3MQAW7QE4PJM4DPAQJWXF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFZANOQA4RYX7XCB42OO3P24DQKWHEKA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G76GZG3RAGYF4P75YY7J7TGYAU7Z5E2T https://lists.fedoraproject.org/archives/list/package-announce%40 • CWE-20: Improper Input Validation CWE-1333: Inefficient Regular Expression Complexity •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-1393 – X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2023-1393

A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. A vulnerability was found in X.Org Server. This flaw occurs if a client explicitly destroys the compositor overlay window (aka COW), where Xserver leaves a dangling pointer to that window in the CompScreen structure, which will later trigger a use-after-free issue. • https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3502f61ca722a7a3373507e88ef64110 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPNQYHUI63DB5FHK6EOI3Z4C6YQZGZKI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3EVO3OQV6T4BSABWZ2TU3PY5TJTEQZ2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEHSYYFGBN3G4RS2HJXKQ5NBMOAZ5F2F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-0664

https://notcve.org/view.php?id=CVE-2023-0664

A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system. • https://bugzilla.redhat.com/show_bug.cgi?id=2167423 https://gitlab.com/qemu-project/qemu/-/commit/07ce178a2b0768eb9e712bb5ad0cf6dc7fcf0158 https://gitlab.com/qemu-project/qemu/-/commit/88288c2a51faa7c795f053fc8b31b1c16ff804c5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEOC7SRJWLZSXCND2ADFW6C76ZMTZLE4 https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg01445 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •

CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-28447 – Cross site scripting vulnerability in Javascript escaping in smarty/smarty

https://notcve.org/view.php?id=CVE-2023-28447

Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. • https://github.com/smarty-php/smarty/commit/685662466f653597428966d75a661073104d713d https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSAUM3YHWHO4UCJXRGRLQGPJAO3MFOZZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBB35GLYTL6JL6EOM6BOZNYP47JKNNHT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7O7SKTATM6GAP45S64QFXNLWIY5I7HP • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-1073 – kernel: HID: check empty report_list in hid_validate_values()

https://notcve.org/view.php?id=CVE-2023-1073

A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. • http://www.openwall.com/lists/oss-security/2023/11/05/2 http://www.openwall.com/lists/oss-security/2023/11/05/3 https://bugzilla.redhat.com/show_bug.cgi?id=2173403 https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/id=b12fece4c64857e5fab4290bf01b2e0317a88456 https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html https://www.openwall.com/lists/osssecurity/2023/01/17/3 https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •