Page 7 of 5554 results (0.006 seconds)

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-40550 – Shim: out-of-bound read in verify_buffer_sbat()

https://notcve.org/view.php?id=CVE-2023-40550

An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase. Se encontró un fallo de lectura fuera de los límites en Shim cuando intentó validar la información SBAT. Este problema puede exponer datos confidenciales durante la fase de inicio del sistema. • https://access.redhat.com/errata/RHSA-2024:1834 https://access.redhat.com/errata/RHSA-2024:1835 https://access.redhat.com/errata/RHSA-2024:1873 https://access.redhat.com/errata/RHSA-2024:1876 https://access.redhat.com/errata/RHSA-2024:1883 https://access.redhat.com/errata/RHSA-2024:1902 https://access.redhat.com/errata/RHSA-2024:1903 https://access.redhat.com/errata/RHSA-2024:1959 https://access.redhat.com/errata/RHSA-2024:2086 https://access.redhat.com/security/cve&# • CWE-125: Out-of-bounds Read •

CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-40548 – Shim: interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems

https://notcve.org/view.php?id=CVE-2023-40548

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase. Se encontró un desbordamiento de búfer en Shim en el sistema de 32 bits. • https://access.redhat.com/errata/RHSA-2024:1834 https://access.redhat.com/errata/RHSA-2024:1835 https://access.redhat.com/errata/RHSA-2024:1873 https://access.redhat.com/errata/RHSA-2024:1876 https://access.redhat.com/errata/RHSA-2024:1883 https://access.redhat.com/errata/RHSA-2024:1902 https://access.redhat.com/errata/RHSA-2024:1903 https://access.redhat.com/errata/RHSA-2024:1959 https://access.redhat.com/errata/RHSA-2024:2086 https://access.redhat.com/security/cve&# • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2024-0841 – Kernel: hugetlbfs: null pointer dereference in hugetlbfs_fill_super function

https://notcve.org/view.php?id=CVE-2024-0841

A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. Se encontró un fallo de desreferencia de puntero null en la función Hugetlbfs_fill_super en la funcionalidad Hugetlbfs (páginas HugeTLB) del kernel de Linux. Este problema puede permitir que un usuario local bloquee el sistema o potencialmente aumente sus privilegios en el sistema. • https://access.redhat.com/errata/RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:3138 https://access.redhat.com/security/cve/CVE-2024-0841 https://bugzilla.redhat.com/show_bug.cgi?id=2256490 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html • CWE-476: NULL Pointer Dereference •

CVSS: 7.1EPSS: 0%CPEs: 17EXPL: 0

CVE-2023-6291 – Keycloak: redirect_uri validation bypass

https://notcve.org/view.php?id=CVE-2023-6291

A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. Se encontró un fallo en la lógica de validación de redirect_uri en Keycloak. Este problema puede permitir la omisión de hosts permitidos explícitamente. • https://access.redhat.com/errata/RHSA-2023:7854 https://access.redhat.com/errata/RHSA-2023:7855 https://access.redhat.com/errata/RHSA-2023:7856 https://access.redhat.com/errata/RHSA-2023:7857 https://access.redhat.com/errata/RHSA-2023:7858 https://access.redhat.com/errata/RHSA-2023:7860 https://access.redhat.com/errata/RHSA-2023:7861 https://access.redhat.com/errata/RHSA-2024:0798 https://access.redhat.com/errata/RHSA-2024:0799 https://access.redhat.com/errata/RHSA • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-52356 – Libtiff: segment fault in libtiff in tiffreadrgbatileext() leading to denial of service

https://notcve.org/view.php?id=CVE-2023-52356

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. Se encontró un fallo de falla de segmento (SEGV) en libtiff que podría activarse al pasar un archivo tiff diseñado a la API TIFFReadRGBATileExt(). Este fallo permite que un atacante remoto provoque un desbordamiento de búfer en la región Heap de la memoria, lo que lleva a una denegación de servicio. • https://access.redhat.com/security/cve/CVE-2023-52356 https://bugzilla.redhat.com/show_bug.cgi?id=2251344 https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html https://access.redhat.com/errata/RHSA-2024:5079 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •