CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6915 – Kernel: null pointer dereference vulnerability in ida_free in lib/idr.c
https://notcve.org/view.php?id=CVE-2023-6915
15 Jan 2024 — A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return. Se encontró un problema de desreferencia de puntero null en ida_free en lib/idr.c en el kernel de Linux. Este problema puede permitir que un atacante que utilice esta librería cause un problema de denegación de servicio debido a una verificación faltante en el retorno de una función. We... • https://access.redhat.com/errata/RHSA-2024:2394 • CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-6683 – Qemu: vnc: null pointer dereference in qemu_clipboard_request()
https://notcve.org/view.php?id=CVE-2023-6683
12 Jan 2024 — A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service. Se encontró una falla en el servidor QEMU built-in VNC al procesar mensajes ClientCutText. Se puede acceder a la función qemu_clipb... • https://access.redhat.com/errata/RHSA-2024:2135 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2024-23301 – rear: creates a world-readable initrd
https://notcve.org/view.php?id=CVE-2024-23301
12 Jan 2024 — Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. Relax-and-Recover (a.k.a ReaR) hasta 2.7 crea un initrd world-readable cuando se usa GRUB_RESCUE=y. Esto permite a los atacantes locales obtener acceso a secretos del sistema que de otro modo sólo serían legibles por root. A vulnerability has been identified in Relax-and-Recover (ReaR), where the use of GRUB_RESCUE=y ... • https://github.com/rear/rear/issues/3122 • CWE-276: Incorrect Default Permissions CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 2CVE-2024-0646 – Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination
https://notcve.org/view.php?id=CVE-2024-0646
12 Jan 2024 — An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system. Se encontró un fallo de escritura de memoria fuera de los límites en la funcionalidad Transport Layer Security del kernel de Linux en la forma en que un usuario llama a una función splice con un socket ktls como destino. este fallo pe... • https://packetstorm.news/files/id/176534 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-0443 – Kernel: blkio memory leakage due to blkcg and some blkgs are not freed after they are made offline.
https://notcve.org/view.php?id=CVE-2024-0443
11 Jan 2024 — A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.... • https://access.redhat.com/errata/RHSA-2023:6583 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 59EXPL: 0CVE-2023-5455 – Ipa: invalid csrf protection
https://notcve.org/view.php?id=CVE-2023-5455
10 Jan 2024 — A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing alrea... • https://access.redhat.com/errata/RHSA-2024:0137 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 42EXPL: 0CVE-2023-5388 – nss: timing attack against RSA decryption
https://notcve.org/view.php?id=CVE-2023-5388
10 Jan 2024 — NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. NSS era susceptible a un ataque de canal lateral de sincronización al realizar el descifrado RSA. Este ataque podría permitir potencialmente que un atacante recupere los datos privados. • https://bugzilla.mozilla.org/show_bug.cgi?id=1780432 • CWE-208: Observable Timing Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6476 – Cri-o: pods are able to break out of resource confinement on cgroupv2
https://notcve.org/view.php?id=CVE-2023-6476
09 Jan 2024 — A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node. Se encontró una falla en CRI-O que involucra una anotación experimental que lleva a que un contenedor no esté confinado. Esto puede permitir que un pod especifique y obtenga cualquier cantidad de memoria/CPU, eludiendo el programador de ... • https://access.redhat.com/errata/RHSA-2024:0195 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6944 – Rhdh: catalog-import function leaks credentials to frontend
https://notcve.org/view.php?id=CVE-2023-6944
04 Jan 2024 — A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately. Se encontró una falla... • https://access.redhat.com/security/cve/CVE-2023-6944 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-0217 – Packagekitd: use-after-free in idle function callback
https://notcve.org/view.php?id=CVE-2024-0217
03 Jan 2024 — A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost. Se encontró un fallo de use after free en PackageKitd. • https://access.redhat.com/security/cve/CVE-2024-0217 • CWE-416: Use After Free •