CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1206 – kernel: hash collisions in the IPv6 connection lookup table
https://notcve.org/view.php?id=CVE-2023-1206
A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. • https://bugzilla.redhat.com/show_bug.cgi?id=2175903 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.netapp.com/advisory/ntap-20230929-0006 https://www.debian.org/security/2023/dsa-5480 https://www.debian.org/security/2023/dsa-5492 https://access.redhat.com/security/cve/CVE-2023-1206 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-3432 – Server-Side Request Forgery (SSRF) in plantuml/plantuml
https://notcve.org/view.php?id=CVE-2023-3432
Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9. • https://github.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797 https://huntr.dev/bounties/8ac3316f-431c-468d-87e4-3dafff2ecf51 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FV7XL3CY3K3K5ER3ASMEQA546MIQQ7QM • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-3431 – Improper Access Control in plantuml/plantuml
https://notcve.org/view.php?id=CVE-2023-3431
Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9. • https://github.com/plantuml/plantuml/commit/fbe7fa3b25b4c887d83927cffb1009ec6cb8ab1e https://huntr.dev/bounties/fa741f95-b53c-4ed7-b157-e32c5145164c https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FV7XL3CY3K3K5ER3ASMEQA546MIQQ7QM • CWE-284: Improper Access Control •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 3CVE-2023-36664 – ghostscript: vulnerable to OS command injection due to mishandles permission validation for pipe devices
https://notcve.org/view.php?id=CVE-2023-36664
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). Artifex Ghostscript a través de 10.01.2 maneja mal la validación de permisos para dispositivos pipe (con el prefijo %pipe% o el prefijo | pipe character). A vulnerability was found in Ghostscript. This flaw occurs due to a mishandled permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). • https://github.com/jakabakos/CVE-2023-36664-Ghostscript-command-injection https://github.com/jeanchpt/CVE-2023-36664 https://github.com/churamanib/CVE-2023-36664-Ghostscript-command-injection https://bugs.ghostscript.com/show_bug.cgi?id=706761 https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=505eab7782b429017eb434b2b95120855f2b0e3c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/ • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.4EPSS: 0%CPEs: 18EXPL: 0CVE-2023-3212 – kernel: gfs2: NULL pointer dereference in gfs2_evict_inode()
https://notcve.org/view.php?id=CVE-2023-3212
A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic. A NULL pointer dereference flaw was found in the gfs2 file system in the Linux kernel. This issue occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. • https://bugzilla.redhat.com/show_bug.cgi?id=2214348 https://github.com/torvalds/linux/commit/504a10d9e46bc37b23d0a1ae2f28973c8516e636 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html https://security.netapp.com/advisory/ntap-20230929-0005 https://www.debian.org/security/2023/dsa-5448 https://www.debian.org/security/2023/dsa-5480 https://access.redhat.com/security/cve/CVE-2023-3212 • CWE-476: NULL Pointer Dereference •