CVSS: 10.0EPSS: 11%CPEs: 36EXPL: 3CVE-2024-28757 – expat: XML Entity Expansion
https://notcve.org/view.php?id=CVE-2024-28757
10 Mar 2024 — libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). libexpat hasta 2.6.1 permite un ataque de expansión de entidad XML cuando hay un uso aislado de analizadores externos (creados a través de XML_ExternalEntityParserCreate). An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers. • https://github.com/RenukaSelvar/expat_CVE-2024-28757 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 7.8EPSS: 5%CPEs: 13EXPL: 0CVE-2023-5363 – Incorrect cipher key & IV length processing
https://notcve.org/view.php?id=CVE-2023-5363
24 Oct 2023 — Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been establish... • http://www.openwall.com/lists/oss-security/2023/10/24/1 • CWE-325: Missing Cryptographic Step CWE-684: Incorrect Provision of Specified Functionality •
CVSS: 6.3EPSS: 0%CPEs: 9EXPL: 1CVE-2023-40791
https://notcve.org/view.php?id=CVE-2023-40791
16 Oct 2023 — extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page. extract_user_to_sg en lib/scatterlist.c en el kernel de Linux anterior a 6.4.12 no logra desanclar páginas en una situación determinada, como lo demuestra una ADVERTENCIA para try_grab_page. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12 •
CVSS: 7.8EPSS: 1%CPEs: 18EXPL: 0CVE-2023-4236 – named may terminate unexpectedly under high DNS-over-TLS query load
https://notcve.org/view.php?id=CVE-2023-4236
20 Sep 2023 — A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1. Una falla en el código de red que maneja consultas DNS sobre TLS puede causar que "named" finalice inesperadamente debido a una falla de aserción. Esto sucede cuando las estruct... • http://www.openwall.com/lists/oss-security/2023/09/20/2 • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 3%CPEs: 38EXPL: 1CVE-2023-4527 – Glibc: stack read overflow in getaddrinfo in no-aaaa mode
https://notcve.org/view.php?id=CVE-2023-4527
18 Sep 2023 — A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. Se encontró una falla en glibc. Cuando se llama a la función getaddrinfo con la familia de direcciones AF_UNSPEC y el sistema está configurado con el modo no-aaaa a través de /etc/resolv.co... • http://www.openwall.com/lists/oss-security/2023/09/25/1 • CWE-121: Stack-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 39%CPEs: 23EXPL: 1CVE-2023-4813 – Glibc: potential use-after-free in gaih_inet()
https://notcve.org/view.php?id=CVE-2023-4813
12 Sep 2023 — A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. Se encontró una falla en glibc. En una situación poco común, la función gaih_inet puede utilizar memoria que se ha liberado, lo que provoca un bloqueo de la aplicación. • https://github.com/tnishiox/cve-2023-4813 • CWE-416: Use After Free •
CVSS: 6.7EPSS: 0%CPEs: 18EXPL: 1CVE-2023-4273 – Kernel: exfat: stack overflow in exfat_get_uniname_from_ext_entry
https://notcve.org/view.php?id=CVE-2023-4273
09 Aug 2023 — A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack. Se ha encontrado un fallo en el controlador exFAT del núcleo de Linu... • https://access.redhat.com/errata/RHSA-2023:6583 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2023-4004 – Kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove()
https://notcve.org/view.php?id=CVE-2023-4004
31 Jul 2023 — A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. Se encontró una falla de use-after-free en el netfilter del kernel de Linux en la forma en que un usuario activa la función nft_pipapo_remove con el elemento, sin un NFT_SET_EXT_KEY_END. Este problema podría permitir que un usuar... • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html • CWE-416: Use After Free •
CVSS: 9.4EPSS: 1%CPEs: 9EXPL: 0CVE-2023-38426 – Ubuntu Security Notice USN-6338-2
https://notcve.org/view.php?id=CVE-2023-38426
17 Jul 2023 — An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length. Se descubrió un problema en el kernel de Linux antes de 6.3.4. KSMBD tiene una lectura fuera de los límites en smb2_find_context_vals cuando el name_len de create_context es mayor que la longitud de la etiqueta. Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A l... • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2023-38427 – Ubuntu Security Notice USN-6466-1
https://notcve.org/view.php?id=CVE-2023-38427
17 Jul 2023 — An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts. Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service or possibly expose sensitive information. Quentin Minster discovered that ... • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.8 • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) •