CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-39198 – Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create()
https://notcve.org/view.php?id=CVE-2023-39198
09 Nov 2023 — A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. Se encontró una condición de ejecución en el controlador QXL del kernel de Linux. La función qxl_mode_dumb_cr... • https://access.redhat.com/errata/RHSA-2024:2394 • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40661 – Opensc: multiple memory issues with pkcs15-init (enrollment tool)
https://notcve.org/view.php?id=CVE-2023-40661
06 Nov 2023 — Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment. Se id... • http://www.openwall.com/lists/oss-security/2023/12/13/3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40660 – Opensc: potential pin bypass when card tracks its own login state
https://notcve.org/view.php?id=CVE-2023-40660
06 Nov 2023 — A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromis... • http://www.openwall.com/lists/oss-security/2023/12/13/2 • CWE-287: Improper Authentication •
CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2023-5090 – Kernel: kvm: svm: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs
https://notcve.org/view.php?id=CVE-2023-5090
06 Nov 2023 — A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. Se encontró una falla en KVM. Una verificación incorrecta en svm_set_x2apic_msr_interception() puede permitir el acceso directo al host x2apic msrs cuando el invitado restablece su apic, lo que podría provocar una condición de denegación de servicio. Maxim Levitsky discovered that the KVM nested virtu... • https://access.redhat.com/errata/RHSA-2024:3854 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5088 – Qemu: improper ide controller reset can lead to mbr overwrite
https://notcve.org/view.php?id=CVE-2023-5088
03 Nov 2023 — A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot. Un error en QEMU podría causar que una operación de E/S de invitado que de otro modo estaría dirigida a... • https://access.redhat.com/errata/RHSA-2024:2135 • CWE-662: Improper Synchronization CWE-821: Incorrect Synchronization •
CVSS: 8.6EPSS: 85%CPEs: 21EXPL: 0CVE-2023-46847 – Squid: denial of service in http digest authentication
https://notcve.org/view.php?id=CVE-2023-46847
03 Nov 2023 — Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. Squid es vulnerable a una Denegación de Servicio, donde un atacante remoto puede realizar un ataque de desbordamiento de búfer escribiendo hasta 2 MB de datos arbitrarios en la memoria acumulada cuando Squid está configurado para aceptar la autenticación implícita HTTP. Joshua Rogers discov... • https://access.redhat.com/errata/RHSA-2023:6266 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 8%CPEs: 5EXPL: 0CVE-2023-5824 – Squid: dos against http and https
https://notcve.org/view.php?id=CVE-2023-5824
03 Nov 2023 — Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug. Squid es vulnerable a ataques de Denegación de Servicio contra clientes HTTP y HTTPS debido a un error en el manejo inadecuado de elementos estructurales. A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or... • https://access.redhat.com/errata/RHSA-2023:7465 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.3EPSS: 27%CPEs: 19EXPL: 0CVE-2023-46846 – Squid: request/response smuggling in http/1.1 and icap
https://notcve.org/view.php?id=CVE-2023-46846
03 Nov 2023 — SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. SQUID es vulnerable al contrabando de solicitudes HTTP, causado por la indulgencia de los decodificadores fragmentados, lo que permite a un atacante remoto realizar el contrabando de solicitudes/respuestas a través del firewall y los sistemas de seguridad frontales. Joshua Rogers discovered that Squid incorrectly handle... • https://access.redhat.com/errata/RHSA-2023:6266 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-38473 – Reachable assertion in avahi_alternative_host_name
https://notcve.org/view.php?id=CVE-2023-38473
02 Nov 2023 — A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. Se encontró una vulnerabilidad en Avahi. Existe una afirmación alcanzable en la función avahi_alternative_host_name(). Evgeny Vereshchagin discovered that Avahi contained several reachable assertions, which could lead to intentional assertion failures when specially crafted user input was given. • https://access.redhat.com/security/cve/CVE-2023-38473 • CWE-617: Reachable Assertion •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-38472 – Reachable assertion in avahi_rdata_parse
https://notcve.org/view.php?id=CVE-2023-38472
02 Nov 2023 — A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function. Se encontró una vulnerabilidad en Avahi. Existe una afirmación alcanzable en la función avahi_rdata_parse(). Evgeny Vereshchagin discovered that Avahi contained several reachable assertions, which could lead to intentional assertion failures when specially crafted user input was given. • https://access.redhat.com/security/cve/CVE-2023-38472 • CWE-617: Reachable Assertion •