CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2023-0003 – Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server
https://notcve.org/view.php?id=CVE-2023-0003
A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE https://lists.fedoraproject.org/archives/list/package-announce@lists.fe • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2023-0494 – X.Org Server DeepCopyPointerClasses Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-0494
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DeepCopyPointerClasses function. • https://bugzilla.redhat.com/show_bug.cgi?id=2165995 https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec https://lists.x.org/archives/xorg-announce/2023-February/003320.html https://security.gentoo.org/glsa/202305-30 https://access.redhat.com/security/cve/CVE-2023-0494 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-46663 – less: crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal
https://notcve.org/view.php?id=CVE-2022-46663
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal. A vulnerability was found in less. This flaw allows crafted data to result in "less -R" not filtering ANSI escape sequences sent to the terminal. • http://www.greenwoodsoftware.com/less/news.609.html http://www.openwall.com/lists/oss-security/2023/02/07/7 https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LR7AUWB34JD4PCW3HHASBEDGGHFWPAQP https://security.gentoo.org/glsa/202310-11 https://www.openwall.com/lists/oss-security/2023/02/07/7 https://access.redhat.com/security/cve/CVE-2022-46663 https://bugzilla.redhat.com/show_bug&# •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 11CVE-2023-25136 – openssh: the functions order_hostkeyalgs() and list_hostkey_types() leads to double-free vulnerability
https://notcve.org/view.php?id=CVE-2023-25136
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." OpenSSH server (sshd) v9.1 introdujo una vulnerabilidad de doble liberación durante el manejo de "options.key_algorithms". • https://github.com/Christbowel/CVE-2023-25136 https://github.com/nhakobyan685/CVE-2023-25136 https://github.com/adhikara13/CVE-2023-25136 https://github.com/jfrog/jfrog-CVE-2023-25136-OpenSSH_Double-Free https://github.com/H4K6/CVE-2023-25136 https://github.com/ticofookfook/CVE-2023-25136 https://github.com/malvika-thakur/CVE-2023-25136 https://github.com/Business1sg00d/CVE-2023-25136 http://www.openwall.com/lists/oss-security/2023/02/13/1 http://www.openwall.com/lists • CWE-401: Missing Release of Memory after Effective Lifetime CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3560 – pesign: Local privilege escalation on pesign systemd service
https://notcve.org/view.php?id=CVE-2022-3560
A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack. • https://bugzilla.redhat.com/show_bug.cgi?id=2135420#c0 https://access.redhat.com/security/cve/CVE-2022-3560 https://bugzilla.redhat.com/show_bug.cgi?id=2135420 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •