CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2023-4236 – named may terminate unexpectedly under high DNS-over-TLS query load
https://notcve.org/view.php?id=CVE-2023-4236
20 Sep 2023 — A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1. Una falla en el código de red que maneja consultas DNS sobre TLS puede causar que "named" finalice inesperadamente debido a una falla de aserción. Esto sucede cuando las estruct... • http://www.openwall.com/lists/oss-security/2023/09/20/2 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0CVE-2023-3341 – A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly
https://notcve.org/view.php?id=CVE-2023-3341
20 Sep 2023 — The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RND... • http://www.openwall.com/lists/oss-security/2023/09/20/2 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 8%CPEs: 3EXPL: 0CVE-2023-42464 – Debian Security Advisory 5503-1
https://notcve.org/view.php?id=CVE-2023-42464
20 Sep 2023 — A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of... • https://github.com/Netatalk/netatalk/issues/486 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 0CVE-2019-19450 – python-reportlab: code injection in paraparser.py allows code execution
https://notcve.org/view.php?id=CVE-2019-19450
20 Sep 2023 — paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with ' https://notcve.org/view.php?id=CVE-2023-40167 15 Sep 2023 — Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending suc... • https://github.com/uthrasri/Jetty-v9.4.31_CVE-2023-40167 • CWE-130: Improper Handling of Length Parameter Inconsistency • CVSS: 5.3EPSS: 3%CPEs: 12EXPL: 1CVE-2023-40167 – Jetty accepts "+" prefixed value in Content-Length
CVSS: 4.3EPSS: 2%CPEs: 11EXPL: 1CVE-2023-36479 – Jetty vulnerable to errant command quoting in CGI Servlet
https://notcve.org/view.php?id=CVE-2023-36479
15 Sep 2023 — Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided ... • https://github.com/eclipse/jetty.project/pull/9516 • CWE-149: Improper Neutralization of Quoting Syntax •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2023-4921 – Use-after-free in Linux kernel's net/sched: sch_qfq component
https://notcve.org/view.php?id=CVE-2023-4921
12 Sep 2023 — A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8. Una vulnerabilidad de use-after-free en el componente net/sched: sch_qfq del kernel... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8fc134fee27f2263988ae38920bc03da416b03d8 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 79%CPEs: 16EXPL: 16CVE-2023-4863 – Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-4863
12 Sep 2023 — Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) El desbordamiento del búfer de memoria en libwebp en Google Chrome anterior a 116.0.5845.187 y libwebp 1.3.2 permitía a un atacante remoto realizar una escritura en memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chromium: crítica) A heap-bas... • https://github.com/alsaeroth/CVE-2023-4863-POC • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2023-4874 – Undefined Behavior for Input to API in Mutt
https://notcve.org/view.php?id=CVE-2023-4874
09 Sep 2023 — Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 Eliminación de referencia del puntero nulo al ver un correo electrónico especialmente manipulado en Mutt versiones >1.5.2 y <2.2.12 A null pointer dereference flaw was found in mutt when handling specially crafted characters. This issue could allow an attacker to send a specially crafted email that causes the email client to crash when reading or processing the email. USN-6374-1 fixed vulnerabilities in Mutt. This u... • http://www.openwall.com/lists/oss-security/2023/09/26/6 • CWE-475: Undefined Behavior for Input to API CWE-476: NULL Pointer Dereference •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4875 – Undefined Behavior for Input to API in Mutt
https://notcve.org/view.php?id=CVE-2023-4875
09 Sep 2023 — Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 Eliminación de referencia del puntero nulo al redactar a partir de un mensaje de borrador especialmente manipulado en Mutt versiones >1.5.2 y <2.2.12 A null pointer dereference flaw was found in mutt when handling specially crafted characters. This issue could allow an attacker to send a specially crafted email that causes the email client to crash when reading or processing the email. Several NULL po... • http://www.openwall.com/lists/oss-security/2023/09/26/6 • CWE-475: Undefined Behavior for Input to API CWE-476: NULL Pointer Dereference •