Page 86 of 5157 results (0.008 seconds)

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-34318 – Heap-buffer-overflow in src/hcom.c

https://notcve.org/view.php?id=CVE-2023-34318

A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure. • https://access.redhat.com/security/cve/CVE-2023-34318 https://bugzilla.redhat.com/show_bug.cgi?id=2212283 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-32627 – Floating point exception in src/voc.c

https://notcve.org/view.php?id=CVE-2023-32627

A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service. • https://access.redhat.com/security/cve/CVE-2023-32627 https://bugzilla.redhat.com/show_bug.cgi?id=2212282 https://lists.debian.org/debian-lts-announce/2023/08/msg00015.html • CWE-697: Incorrect Comparison CWE-1077: Floating Point Comparison with Incorrect Operator •

CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-26590 – Floating point exception in src/aiff.c

https://notcve.org/view.php?id=CVE-2023-26590

A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service. • https://access.redhat.com/security/cve/CVE-2023-26590 https://bugzilla.redhat.com/show_bug.cgi?id=2212279 • CWE-697: Incorrect Comparison CWE-1077: Floating Point Comparison with Incorrect Operator •

CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-35934 – yt-dlp File Downloader cookie leak

https://notcve.org/view.php?id=CVE-2023-35934

yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host. This vulnerable behavior is present in yt-dlp prior to 2023.07.06 and nightly 2023.07.06.185519. All native and external downloaders are affected, except for `curl` and `httpie` (version 3.1.0 or later). At the file download stage, all cookies are passed by yt-dlp to the file downloader as a `Cookie` header, thereby losing their scope. This also occurs in yt-dlp's info JSON output, which may be used by external tools. • https://github.com/yt-dlp/yt-dlp-nightly-builds/releases/tag/2023.07.06.185519 https://github.com/yt-dlp/yt-dlp/commit/1ceb657bdd254ad961489e5060f2ccc7d556b729 https://github.com/yt-dlp/yt-dlp/commit/3121512228487c9c690d3d39bfd2579addf96e07 https://github.com/yt-dlp/yt-dlp/commit/f8b4bcc0a791274223723488bfbfc23ea3276641 https://github.com/yt-dlp/yt-dlp/releases/tag/2023.07.06 https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj https://lists.fedoraproject.org/archives/list/package • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0

CVE-2023-3269 – Distros-[dirtyvma] privilege escalation via non-rcu-protected vma traversal

https://notcve.org/view.php?id=CVE-2023-3269

A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges. • http://seclists.org/fulldisclosure/2023/Jul/43 http://www.openwall.com/lists/oss-security/2023/07/28/1 http://www.openwall.com/lists/oss-security/2023/08/25/1 http://www.openwall.com/lists/oss-security/2023/08/25/4 https://access.redhat.com/security/cve/CVE-2023-3269 https://bugzilla.redhat.com/show_bug.cgi?id=2215268 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6AAA64CUPSMBW6XDTXPQJ3KQWYQ4K7L https://security.netapp.com/advisory • CWE-416: Use After Free •