CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-28709 – Apache Tomcat: Fix for CVE-2023-24998 is incomplete
https://notcve.org/view.php?id=CVE-2023-28709
The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur. A flaw was found in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. • http://www.openwall.com/lists/oss-security/2023/05/22/1 https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j https://security.gentoo.org/glsa/202305-37 https://security.netapp.com/advisory/ntap-20230616-0004 https://www.debian.org/security/2023/dsa-5521 https://access.redhat.com/security/cve/CVE-2023-28709 https://bugzilla.redhat.com/show_bug.cgi?id=2210321 • CWE-193: Off-by-one Error •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-33204 – sysstat: check_overflow() function can work incorrectly that lead to an overflow
https://notcve.org/view.php?id=CVE-2023-33204
sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. A vulnerability was found in sysstat. This security flaw happens because it allows a multiplication integer overflow in check_overflow in common.c. This issue exists due to an incomplete fix for CVE-2022-39377. • https://github.com/sysstat/sysstat/pull/360 https://lists.debian.org/debian-lts-announce/2023/05/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7UUEKMNDMC6RZTI4O367ZD2YKCOX5THX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NUBFX3UNOSM7KFUIB3J32ASYT5ZRXJQV https://access.redhat.com/security/cve/CVE-2023-33204 https://bugzilla.redhat.com/show_bug.cgi?id=2208270 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 1CVE-2023-24805 – Command injection in cups-filters
https://notcve.org/view.php?id=CVE-2023-24805
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. • https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65 https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x https://lists.debian.org/debian-lts-announce/2023/05/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNCGL2ZTAS2GFF23QFT55UFWIDMI4ZJK https://security.gentoo.org/glsa/202401-06 https:/ • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-2726
https://notcve.org/view.php?id=CVE-2023-2726
Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html https://crbug.com/1442018 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/73XUIHJ6UT75VFPDPLJOXJON7MVIKVZI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXFL4TDAH72PRCPD5UPZMJMKIMVOPLTI https://security.gentoo.org/glsa/202309-17 https://security.gentoo.org/glsa/202311-11 https://www.debian.org/security/2023/dsa-5404 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-2725
https://notcve.org/view.php?id=CVE-2023-2725
Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html https://crbug.com/1442516 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/73XUIHJ6UT75VFPDPLJOXJON7MVIKVZI https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXFL4TDAH72PRCPD5UPZMJMKIMVOPLTI https://security.gentoo.org/glsa/202309-17 https://security.gentoo.org/glsa/202311-11 https://www.debian.org/security/2023/dsa-5404 • CWE-416: Use After Free •