CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-0004 – PAN-OS: Local File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2023-0004
A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges. These files can include logs and system components that impact the integrity and availability of PAN-OS software. • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ https://lists.fedoraproject.org/archives/list/package-announce@lists.fe • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2023-1992
https://notcve.org/view.php?id=CVE-2023-1992
RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file El fallo del disector RPCoRDMA en Wireshark 4.0.0 a 4.0.4 y 3.6.0 a 3.6.12 permite la denegación de servicio mediante la inyección de paquetes o un archivo de captura manipulado. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1992.json https://gitlab.com/wireshark/wireshark/-/issues/18852 https://lists.debian.org/debian-lts-announce/2023/04/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EHLTD25WNQSPQNELX52UH6YLP4TBLKTT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZA7IMATNNQPLIM6WMRPM3T5ZY24NRR2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2023-1993
https://notcve.org/view.php?id=CVE-2023-1993
LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file El bucle grande del disector LISP en Wireshark 4.0.0 a 4.0.4 y 3.6.0 a 3.6.12 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1993.json https://gitlab.com/wireshark/wireshark/-/issues/18900 https://lists.debian.org/debian-lts-announce/2023/04/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EHLTD25WNQSPQNELX52UH6YLP4TBLKTT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZA7IMATNNQPLIM6WMRPM3T5ZY24NRR2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora • CWE-834: Excessive Iteration •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2023-1994
https://notcve.org/view.php?id=CVE-2023-1994
GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file El fallo del disector GQUIC en Wireshark 4.0.0 a 4.0.4 y 3.6.0 a 3.6.12 permite la denegación de servicio mediante la inyección de paquetes o un archivo de captura manipulado. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1994.json https://gitlab.com/wireshark/wireshark/-/issues/18947 https://lists.debian.org/debian-lts-announce/2023/04/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EHLTD25WNQSPQNELX52UH6YLP4TBLKTT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZA7IMATNNQPLIM6WMRPM3T5ZY24NRR2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2022-36440 – frr: Reachable assertion in peek_for_as4_capability function
https://notcve.org/view.php?id=CVE-2022-36440
A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS. Se encontró una afirmación accesible en Frrouting frr-bgpd 8.3.0 en la función peek_for_as4_capability. Los atacantes pueden construir maliciosamente paquetes abiertos BGP y enviarlos a pares BGP que ejecutan frr-bgpd, lo que resulta en DoS. A reachable assertion flaw was found in Frrouting frr-bgpd in the peek_for_as4_capability function. • https://github.com/spwpun/pocs https://github.com/spwpun/pocs/blob/main/frr-bgpd.md https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HU4PKLUVB5CTMOVQ2GV33TNUNMJCBGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBXEXL2ZQBWCBLNUP6P67FHECXQWSK3L https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GM66PNHGCXZU66LQCTP2FSJLFF6CVMSI https:&#x • CWE-617: Reachable Assertion •