βΌ CVE-2022-30280 βΌ
π Read
via "National Vulnerability Database".
/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application (even if it implements a CSRF token for the random GET request) does not ever verify a CSRF token. With a little help of social engineering/phishing (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.π Read
via "National Vulnerability Database".
β Hacking police radios: 30-year-old crypto flaws in the spotlight β
π Read
via "Naked Security".
"Three may keep a secret, if two of them are dead."π Read
via "Naked Security".
Sophos News
Hacking police radios: 30-year-old crypto flaws in the spotlight
βThree may keep a secret, if two of them are dead.β
βΌ CVE-2023-3384 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation isnot performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to a public registry containing a script that can be executed via Cross-site scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2023-3748 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32258 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-3640 βΌ
π Read
via "National Vulnerability Database".
A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1386 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3567 βΌ
π Read
via "National Vulnerability Database".
A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This flaw allows an attacker with local user access to cause a system crash or leak internal kernel information.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32252 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-33952 βΌ
π Read
via "National Vulnerability Database".
A double-free vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of vmw_buffer_object objects. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. This flaw allows a local privileged user to escalate privileges and execute code in the context of the kernel.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3745 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3019 βΌ
π Read
via "National Vulnerability Database".
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32257 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26078 βΌ
π Read
via "National Vulnerability Database".
Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32247 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3812 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds memory access flaw was found in the Linux kernelΓ’β¬β’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3750 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38200 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3870 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32248 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2860 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This flaw allows a privileged local user to disclose sensitive information on affected installations of the Linux kernel.π Read
via "National Vulnerability Database".