8 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0

CVE-2023-6536 – Kernel: null pointer dereference in __nvmet_req_complete

https://notcve.org/view.php?id=CVE-2023-6536

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. Se encontró una falla en el controlador NVMe del kernel de Linux. Este problema puede permitir que un actor malicioso no autenticado envíe un conjunto de paquetes TCP manipulados cuando usa NVMe sobre TCP, lo que lleva al controlador NVMe a una desreferencia del puntero NULL en el controlador NVMe, lo que provoca pánico en el kernel y una denegación de servicio. • https://access.redhat.com/errata/RHSA-2024:0723 https://access.redhat.com/errata/RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0725 https://access.redhat.com/errata/RHSA-2024:0881 https://access.redhat.com/errata/RHSA-2024:0897 https://access.redhat.com/errata/RHSA-2024:1248 https://access.redhat.com/errata/RHSA-2024:2094 https://access.redhat.com/errata/RHSA-2024:3810 https://access.redhat.com/security/cve/CVE-2023-6536 https://bugzilla.redhat.com/show • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0

CVE-2023-6535 – Kernel: null pointer dereference in nvmet_tcp_execute_request

https://notcve.org/view.php?id=CVE-2023-6535

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. Se encontró una falla en el controlador NVMe del kernel de Linux. Este problema puede permitir que un actor malicioso no autenticado envíe un conjunto de paquetes TCP manipulados cuando usa NVMe sobre TCP, lo que lleva al controlador NVMe a una desreferencia del puntero NULL en el controlador NVMe, lo que provoca pánico en el kernel y una denegación de servicio. • https://access.redhat.com/errata/RHSA-2024:0723 https://access.redhat.com/errata/RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0725 https://access.redhat.com/errata/RHSA-2024:0881 https://access.redhat.com/errata/RHSA-2024:0897 https://access.redhat.com/errata/RHSA-2024:1248 https://access.redhat.com/errata/RHSA-2024:2094 https://access.redhat.com/errata/RHSA-2024:3810 https://access.redhat.com/security/cve/CVE-2023-6535 https://bugzilla.redhat.com/show • CWE-476: NULL Pointer Dereference •

CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0

CVE-2023-6356 – Kernel: null pointer dereference in nvmet_tcp_build_iovec

https://notcve.org/view.php?id=CVE-2023-6356

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service. Se encontró una falla en el controlador NVMe del kernel de Linux. Este problema puede permitir que un actor malicioso no autenticado envíe un conjunto de paquetes TCP manipulados cuando usa NVMe sobre TCP, lo que lleva al controlador NVMe a una desreferencia del puntero NULL en el controlador NVMe y provoca un pánico en el kernel y una denegación de servicio. • https://access.redhat.com/errata/RHSA-2024:0723 https://access.redhat.com/errata/RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0725 https://access.redhat.com/errata/RHSA-2024:0881 https://access.redhat.com/errata/RHSA-2024:0897 https://access.redhat.com/errata/RHSA-2024:1248 https://access.redhat.com/errata/RHSA-2024:2094 https://access.redhat.com/errata/RHSA-2024:3810 https://access.redhat.com/security/cve/CVE-2023-6356 https://bugzilla.redhat.com/show • CWE-476: NULL Pointer Dereference •

CVSS: 4.3EPSS: 0%CPEs: 42EXPL: 0

CVE-2023-5868 – Postgresql: memory disclosure in aggregate function calls

https://notcve.org/view.php?id=CVE-2023-5868

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory. Se encontró una vulnerabilidad de divulgación de memoria en PostgreSQL que permite a usuarios remotos acceder a información confidencial explotando ciertas llamadas a funciones agregadas con argumentos de tipo "desconocido". El manejo de valores de tipo "desconocido" de cadenas literales sin designación de tipo puede revelar bytes, lo que potencialmente revela información importante y confidencial. • https://access.redhat.com/errata/RHSA-2023:7545 https://access.redhat.com/errata/RHSA-2023:7579 https://access.redhat.com/errata/RHSA-2023:7580 https://access.redhat.com/errata/RHSA-2023:7581 https://access.redhat.com/errata/RHSA-2023:7616 https://access.redhat.com/errata/RHSA-2023:7656 https://access.redhat.com/errata/RHSA-2023:7666 https://access.redhat.com/errata/RHSA-2023:7667 https://access.redhat.com/errata/RHSA-2023:7694 https://access.redhat.com/errata/RHSA • CWE-686: Function Call With Incorrect Argument Type •

CVSS: 8.8EPSS: 1%CPEs: 49EXPL: 0

CVE-2023-5869 – Postgresql: buffer overrun from integer overflow in array modification

https://notcve.org/view.php?id=CVE-2023-5869

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory. Se encontró una falla en PostgreSQL que permite a los usuarios de bases de datos autenticados ejecutar código arbitrario al faltar verificaciones de desbordamiento durante la modificación del valor de la matriz SQL. Este problema existe debido a un desbordamiento de enteros durante la modificación de la matriz, donde un usuario remoto puede desencadenar el desbordamiento proporcionando datos especialmente manipulados. • https://access.redhat.com/errata/RHSA-2023:7545 https://access.redhat.com/errata/RHSA-2023:7579 https://access.redhat.com/errata/RHSA-2023:7580 https://access.redhat.com/errata/RHSA-2023:7581 https://access.redhat.com/errata/RHSA-2023:7616 https://access.redhat.com/errata/RHSA-2023:7656 https://access.redhat.com/errata/RHSA-2023:7666 https://access.redhat.com/errata/RHSA-2023:7667 https://access.redhat.com/errata/RHSA-2023:7694 https://access.redhat.com/errata/RHSA • CWE-190: Integer Overflow or Wraparound •