CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 1CVE-2023-24998 – Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive parts
https://notcve.org/view.php?id=CVE-2023-24998
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform. • https://github.com/nice1st/CVE-2023-24998 http://www.openwall.com/lists/oss-security/2023/05/22/1 https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://security.gentoo.org/glsa/202305-37 https://www.debian.org/security/2023/dsa-5522 https://access.redhat.com/security/cve/CVE-2023-24998 https://bugzilla.redhat.com/show_bug.cgi?id=2172298 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.4EPSS: 0%CPEs: 10EXPL: 1CVE-2023-0361 – gnutls: timing side-channel in the TLS RSA key exchange code
https://notcve.org/view.php?id=CVE-2023-0361
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. • https://access.redhat.com/security/cve/CVE-2023-0361 https://github.com/tlsfuzzer/tlsfuzzer/pull/679 https://gitlab.com/gnutls/gnutls/-/issues/1050 https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFIA3X4IZ3CW7SRQ2UHNHNPMRIAWF2FI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS4KVDOG6QTALWHC2QE4Y7VPDRMLTRWQ https://lists.fedoraproject.org/archives/list/package& • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-4283 – X.Org Server XkbCopyNames Double Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-4283
A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. Se encontró una vulnerabilidad en X.Org. Este fallo de seguridad se produce porque la función XkbCopyNames dejó un puntero colgante a la memoria liberada, lo que provocó un acceso a la memoria fuera de los límites en solicitudes posteriores de XkbGetKbdByName. • https://access.redhat.com/security/cve/CVE-2022-4283 https://bugzilla.redhat.com/show_bug.cgi?id=2151761 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA https://security.gentoo.org/glsa/202305-30 https://www • CWE-416: Use After Free •
CVSS: 8.8EPSS: 10%CPEs: 8EXPL: 0CVE-2022-46343 – X.Org Server ScreenSaverSetAttributes Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-46343
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. Se encontró una vulnerabilidad en X.Org. Este fallo de seguridad se produce porque el controlador de la solicitud ScreenSaverSetAttributes puede escribir en la memoria una vez liberada. • https://access.redhat.com/security/cve/CVE-2022-46343 https://bugzilla.redhat.com/show_bug.cgi?id=2151758 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA https://security.gentoo.org/glsa/202305-30 https://ww • CWE-416: Use After Free •
CVSS: 8.8EPSS: 4%CPEs: 8EXPL: 0CVE-2022-46344 – X.Org Server ProcXIChangeProperty Numeric Truncation Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-46344
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. Se encontró una vulnerabilidad en X.Org. Esta falla de seguridad se produce porque el controlador de la solicitud XIChangeProperty tiene problemas de validación de longitud, lo que genera lecturas de memoria fuera de los límites y una posible divulgación de información. • http://www.openwall.com/lists/oss-security/2023/12/13/1 https://access.redhat.com/security/cve/CVE-2022-46344 https://bugzilla.redhat.com/show_bug.cgi?id=2151760 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J36 • CWE-125: Out-of-bounds Read •