CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2023-52160 – wpa_supplicant: potential authorization bypass
https://notcve.org/view.php?id=CVE-2023-52160
22 Feb 2024 — The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. La implementación de PEAP en wpa_supplicant hasta ... • https://github.com/Helica-core/eap_pwn • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2023-6857 – Mozilla: Symlinks may resolve to smaller than expected buffers
https://notcve.org/view.php?id=CVE-2023-6857
19 Dec 2023 — When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Al resolver un enlace simbólico, puede ocurrir una ejecución en la que el búfer pase a "readlink" en realidad puede ser más pequeño de lo necesario. *Este error sólo afecta a Firefox en siste... • https://bugzilla.mozilla.org/show_bug.cgi?id=1796023 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-363: Race Condition Enabling Link Following •
CVSS: 6.3EPSS: 31%CPEs: 28EXPL: 8CVE-2023-45866 – bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution
https://notcve.org/view.php?id=CVE-2023-45866
07 Dec 2023 — Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. Bluetooth HID Hosts in BlueZ ... • https://github.com/pentestfunctions/BlueDucky • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2022-48464
https://notcve.org/view.php?id=CVE-2022-48464
04 Dec 2023 — In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed En wifi service, existe una posible escritura fuera de los límites debido a una verificación de los límites faltantes. Esto podría provocar una denegación de servicio local sin necesidad de privilegios de ejecución adicionales. • https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2022-48463
https://notcve.org/view.php?id=CVE-2022-48463
04 Dec 2023 — In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed En wifi service, existe una posible escritura fuera de los límites debido a una verificación de los límites faltantes. Esto podría provocar una denegación de servicio local sin necesidad de privilegios de ejecución adicionales. • https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2022-48462
https://notcve.org/view.php?id=CVE-2022-48462
04 Dec 2023 — In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed En wifi service, existe una posible escritura fuera de los límites debido a una verificación de los límites faltantes. Esto podría provocar una denegación de servicio local sin necesidad de privilegios de ejecución adicionales. • https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-42695
https://notcve.org/view.php?id=CVE-2023-42695
04 Dec 2023 — In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed En wifi service, existe una posible falta de verificación de permisos. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-42694
https://notcve.org/view.php?id=CVE-2023-42694
04 Dec 2023 — In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed En wifi service, existe una posible falta de verificación de permisos. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-42693
https://notcve.org/view.php?id=CVE-2023-42693
04 Dec 2023 — In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed En wifi service, existe una posible falta de verificación de permisos. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-42692
https://notcve.org/view.php?id=CVE-2023-42692
04 Dec 2023 — In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed En wifi service, existe una posible falta de verificación de permisos. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049 • CWE-862: Missing Authorization •