CVSS: 7.7EPSS: 1%CPEs: 15EXPL: 1CVE-2023-6563 – Keycloak: offline session token dos
https://notcve.org/view.php?id=CVE-2023-6563
14 Dec 2023 — An unconstrained memory consumption vulnerability was discovered in Keycloak. It can be triggered in environments which have millions of offline tokens (> 500,000 users with each having at least 2 saved sessions). If an attacker creates two or more user sessions and then open the "consents" tab of the admin User Interface, the UI attempts to load a huge number of offline client sessions leading to excessive memory and CPU consumption which could potentially crash the entire system. Se descubrió una vulnerab... • https://access.redhat.com/errata/RHSA-2023:7854 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2023-6377 – Xorg-x11-server: out-of-bounds memory reads/writes in xkb button actions
https://notcve.org/view.php?id=CVE-2023-6377
13 Dec 2023 — A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved. Se encontró una falla en xorg-server. Consultar o cambiar las acciones de los botones XKB, como pasar de un panel táctil a un mouse, puede provocar lecturas y escrituras de memoria fuera de los límites. • http://www.openwall.com/lists/oss-security/2023/12/13/1 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 2%CPEs: 17EXPL: 0CVE-2023-6478 – Xorg-x11-server: out-of-bounds memory read in rrchangeoutputproperty and rrchangeproviderproperty
https://notcve.org/view.php?id=CVE-2023-6478
13 Dec 2023 — A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information. Se encontró una falla en xorg-server. Una solicitud especialmente manipulada a RRChangeProviderProperty o RRChangeOutputProperty puede desencadenar un desbordamiento de enteros que puede provocar la divulgación de información confidencial. This vulnerability allows local attackers to disclose sensitive info... • http://www.openwall.com/lists/oss-security/2023/12/13/1 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 3CVE-2023-6710 – Mod_cluster/mod_proxy_cluster: stored cross site scripting
https://notcve.org/view.php?id=CVE-2023-6710
12 Dec 2023 — A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page. Se encontró una falla en mod_proxy_cluster en el servidor Apache. Este problema puede permitir que un usuario malintencionado agregue un script en el parámetro 'ali... • https://packetstorm.news/files/id/178561 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-5764 – Ansible: template injection
https://notcve.org/view.php?id=CVE-2023-5764
12 Dec 2023 — A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data. Se encontró una falla de inyección de plantilla en Ansible donde las operaciones de creación de plantillas internas del controlador de un usuario pueden eliminar la designación insegura de los datos de la plantilla. Este ... • https://access.redhat.com/errata/RHSA-2023:7773 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-6679 – Kernel: null pointer dereference in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c
https://notcve.org/view.php?id=CVE-2023-6679
11 Dec 2023 — A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service. Se encontró una vulnerabilidad de desreferencia de puntero nulo en dpll_pin_parent_pin_set() en drivers/dpll/dpll_netlink.c en el subsistema Digital Phase Locked Loop (DPLL) en el kernel de Linux. Este problema podría aprovecharse para provocar una denegación de servi... • https://access.redhat.com/errata/RHSA-2024:0439 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-6622 – Kernel: null pointer dereference vulnerability in nft_dynset_init()
https://notcve.org/view.php?id=CVE-2023-6622
08 Dec 2023 — A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service. Se encontró una vulnerabilidad de desreferencia de puntero nulo en nft_dynset_init() en net/netfilter/nft_dynset.c en nf_tables en el kernel de Linux. Este problema puede permitir que un atacante local con privilegios de usuario CAP_NET_ADMIN active una denegación de serv... • https://access.redhat.com/errata/RHSA-2024:2394 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 2CVE-2023-6610 – Kernel: oob access in smb2_dump_detail
https://notcve.org/view.php?id=CVE-2023-6610
08 Dec 2023 — An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. Se encontró una vulnerabilidad de lectura fuera de los límites en smb2_dump_detail en fs/smb/client/smb2ops.c en el kernel de Linux. Este problema podría permitir que un atacante local bloquee el sistema o filtre información interna del kernel. It was discovered that the CIFS network file system impl... • https://access.redhat.com/errata/RHSA-2024:0723 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 2CVE-2023-6606 – Kernel: out-of-bounds read vulnerability in smbcalcsize
https://notcve.org/view.php?id=CVE-2023-6606
08 Dec 2023 — An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. Se encontró una vulnerabilidad de lectura fuera de los límites en smbCalcSize en fs/smb/client/netmisc.c en el kernel de Linux. Este problema podría permitir que un atacante local bloquee el sistema o filtre información interna del kernel. It was discovered that the CIFS network file system implementation... • https://access.redhat.com/errata/RHSA-2024:0723 • CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5871 – Libnbd: malicious nbd server may crash libnbd
https://notcve.org/view.php?id=CVE-2023-5871
27 Nov 2023 — A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service. Se encontró una falla en libnbd debido a un Network Block Device (NBD) malicioso, un protocolo para acceder a dispositivos de bloque, como discos duros, a través de una red. Este problema puede permitir que un servidor NBD malintencionado provoque una Denegación de Servicio. • https://access.redhat.com/errata/RHSA-2024:2204 • CWE-617: Reachable Assertion •