CVSS: 7.8EPSS: 7%CPEs: 8EXPL: 1CVE-2023-52160 – wpa_supplicant: potential authorization bypass
https://notcve.org/view.php?id=CVE-2023-52160
22 Feb 2024 — The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. La implementación de PEAP en wpa_supplicant hasta ... • https://github.com/Helica-core/eap_pwn • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 34%CPEs: 7EXPL: 1CVE-2023-51766 – Debian Security Advisory 5597-1
https://notcve.org/view.php?id=CVE-2023-51766
24 Dec 2023 — Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not. Exim hasta 4.97 permite el contrabando SMTP en ciertas configuraciones. • http://www.openwall.com/lists/oss-security/2023/12/24/1 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.9EPSS: 2%CPEs: 3EXPL: 0CVE-2023-7008 – Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes
https://notcve.org/view.php?id=CVE-2023-7008
23 Dec 2023 — A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. Se encontró una vulnerabilidad en systemd-resolved. Este problema puede permitir que systemd-resolved acepte registros de dominios firmados por DNSSEC incluso cuando no tienen firma, lo que permite que los intermediarios (o el solucionador de DNS ascendente) manipulen... • https://access.redhat.com/errata/RHSA-2024:2463 • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 5.9EPSS: 85%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2023-6377 – Xorg-x11-server: out-of-bounds memory reads/writes in xkb button actions
https://notcve.org/view.php?id=CVE-2023-6377
13 Dec 2023 — A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved. Se encontró una falla en xorg-server. Consultar o cambiar las acciones de los botones XKB, como pasar de un panel táctil a un mouse, puede provocar lecturas y escrituras de memoria fuera de los límites. • http://www.openwall.com/lists/oss-security/2023/12/13/1 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 3%CPEs: 17EXPL: 0CVE-2023-6478 – Xorg-x11-server: out-of-bounds memory read in rrchangeoutputproperty and rrchangeproviderproperty
https://notcve.org/view.php?id=CVE-2023-6478
13 Dec 2023 — A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information. Se encontró una falla en xorg-server. Una solicitud especialmente manipulada a RRChangeProviderProperty o RRChangeOutputProperty puede desencadenar un desbordamiento de enteros que puede provocar la divulgación de información confidencial. This vulnerability allows local attackers to disclose sensitive info... • http://www.openwall.com/lists/oss-security/2023/12/13/1 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.4EPSS: 0%CPEs: 10EXPL: 0CVE-2023-5380 – Xorg-x11-server: use-after-free bug in destroywindow
https://notcve.org/view.php?id=CVE-2023-5380
25 Oct 2023 — A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed. Se encontró una falla de use-after-free en el servidor xorg-x11. Puede ocurrir una falla del servidor X en una configura... • https://access.redhat.com/errata/RHSA-2023:7428 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2023-5367 – Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty
https://notcve.org/view.php?id=CVE-2023-5367
25 Oct 2023 — A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service. Se encontró una falla de escritura fuera de los límites en el servidor xorg-x11. Este problema ocurre debido a un cálculo incorrecto de un desplazamiento de... • https://access.redhat.com/errata/RHSA-2023:6802 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2023-5115 – Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files
https://notcve.org/view.php?id=CVE-2023-5115
17 Oct 2023 — An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path. Existe un ataque de path traversal absoluto en la plataforma de automatización Ansible. Esta falla permite a un atacante crear un rol de Ansible malicioso y hacer que la víctima ejecute el rol. • https://access.redhat.com/errata/RHSA-2023:5701 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-36: Absolute Path Traversal •
CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •