Page 85 of 5157 results (0.009 seconds)

CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0

CVE-2023-33170 – ASP.NET and Visual Studio Security Feature Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2023-33170

ASP.NET and Visual Studio Security Feature Bypass Vulnerability A vulnerability was found in dotNET applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords and bypass security restrictions. This flaw allows a remote attacker to bypass security features, causing an impact on confidentiality, integrity, and availability. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

CVE-2023-3354 – Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service

https://notcve.org/view.php?id=CVE-2023-3354

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service. • https://access.redhat.com/security/cve/CVE-2023-3354 https://bugzilla.redhat.com/show_bug.cgi?id=2216478 https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R • CWE-476: NULL Pointer Dereference •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-36824 – Heap overflow in COMMAND GETKEYS and ACL evaluation in Redis

https://notcve.org/view.php?id=CVE-2023-36824

Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12. • https://github.com/redis/redis/releases/tag/7.0.12 https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIF5MAGYARYUMRFK7PQI7HYXMK2HZE5T https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDNNH2ONMVNBQ6LUIAOAGDNFPKXNST5K https://security.netapp.com/advisory/ntap-20230814-0009 • CWE-122: Heap-based Buffer Overflow CWE-131: Incorrect Calculation of Buffer Size •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1

CVE-2023-1672 – Race condition exists in the key generation and rotation functionality

https://notcve.org/view.php?id=CVE-2023-1672

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host. • https://access.redhat.com/security/cve/CVE-2023-1672 https://bugzilla.redhat.com/show_bug.cgi?id=2180999 https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096 https://lists.debian.org/debian-lts-announce/2023/11/msg00004.html https://www.openwall.com/lists/oss-security/2023/06/15/1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1

CVE-2023-34432 – Heap-buffer-overflow in src/formats_i.c

https://notcve.org/view.php?id=CVE-2023-34432

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure. • https://access.redhat.com/security/cve/CVE-2023-34432 https://bugzilla.redhat.com/show_bug.cgi?id=2212291 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •