Show filters
1,862 Total Results
Displaying 81-90 of 1,862
Sort by:
Attacker Value
Unknown
CVE-2023-46847
Disclosure Date: November 03, 2023 (last updated April 25, 2024)
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
0
Attacker Value
Unknown
CVE-2022-4900
Disclosure Date: November 02, 2023 (last updated November 20, 2024)
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.
0
Attacker Value
Unknown
CVE-2023-3164
Disclosure Date: November 02, 2023 (last updated March 09, 2024)
A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.
0
Attacker Value
Unknown
CVE-2023-3972
Disclosure Date: November 01, 2023 (last updated April 25, 2024)
A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).
0
Attacker Value
Unknown
CVE-2023-5574
Disclosure Date: October 25, 2023 (last updated April 30, 2024)
A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.
0
Attacker Value
Unknown
CVE-2023-5380
Disclosure Date: October 25, 2023 (last updated May 22, 2024)
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.
0
Attacker Value
Unknown
CVE-2023-5367
Disclosure Date: October 25, 2023 (last updated April 25, 2024)
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
0
Attacker Value
Unknown
CVE-2023-5366
Disclosure Date: October 06, 2023 (last updated October 13, 2023)
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.
0
Attacker Value
Unknown
CVE-2023-42753
Disclosure Date: September 25, 2023 (last updated August 27, 2024)
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.
0
Attacker Value
Unknown
CVE-2023-4156
Disclosure Date: September 25, 2023 (last updated October 08, 2023)
A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.
0