Main Vulnerability Database SB20230418188

SB20230418188 - Multiple vulnerabilities in Oracle Solaris third-party software

Published: April 18, 2023 Updated: December 6, 2024

Security Bulletin ID SB20230418188

Severity

High

Patch available

YES

Number of vulnerabilities 155

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 155 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2023-25739)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in mozilla::dom::ScriptLoadContext::~ScriptLoadContext(). Module load requests that failed were not being checked as to whether or not they were cancelled in ScriptLoadContext. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

2) HTTP response splitting (CVE-ID: CVE-2023-23936)

The vulnerability allows a remote attacker to perform HTTP splitting attacks.

The vulnerability exists due to software does not correctly process CRLF character sequences when handling HTTP "Host" header. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.

Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.

3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-23920)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to application insecurely loads ICU data through ICU_DATA environment variable with elevated privileges. A remote user can gain access to potentially sensitive information.

4) Resource management error (CVE-ID: CVE-2023-23919)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to in some cases Node.js does does not clear the OpenSSL error stack after operations that may set it. A remote attacker can trigger false positive errors during subsequent cryptographic operations on the same thread and perform a denial of service (DoS) attack.

5) Buffer overflow (CVE-ID: CVE-2023-25746)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing web content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

6) Buffer overflow (CVE-ID: CVE-2023-25744)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

7) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2023-25743)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to notification is not displayed when the browser is entering the fullscreen mode. A remote attacker can trick the victim to visit a malicious website and perform spoofing attack.

8) Input validation error (CVE-ID: CVE-2023-25742)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Web Crypto ImportKey when importing SPKI RSA public key as ECDSA P-256. A remote attacker can trick the victim to import the public key and crash the browser tab.

9) Out-of-bounds read (CVE-ID: CVE-2023-25738)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a missing validation of members of the DEVMODEW struct set by the printer device driver while printing web page in Windows. A remote attacker can trick the victim to print a specially crafted web page and crash the browser.

Note, the vulnerability affects Windows installations only.

10) HTTP response splitting (CVE-ID: CVE-2023-27522)

The vulnerability allows a remote attacker to perform HTTP splitting attacks.

The vulnerability exists due to software does not correclty process CRLF character sequences in mod_proxy_uwsgi. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.

Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.

11) Type conversion (CVE-ID: CVE-2023-25737)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an invalid downcast from nsTextNode to SVGElement in SVGUtils::SetupStrokeGeometry(). A remote attacker can trigger type conversion error and potentially execute arbitrary code.

12) Use-after-free (CVE-ID: CVE-2023-25735)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in SpiderMonkey when in the way cross-compartment wrappers wrapping a scripted proxy. A remote attacker can execute arbitrary code on the target system.

13) Security features bypass (CVE-ID: CVE-2023-25734)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error when handling Windows .url shortcuts that are opened by the browser from the local filesystem. A remote attacker can trick the victim into launching a specially crafted shortcut that then initiates network requests from the operating system to the malicious server. A remote attacker can obtain potentially sensitive information including NTLM credentials.

Note, the vulnerability affects Windows installations only.

14) Out-of-bounds write (CVE-ID: CVE-2023-25732)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within EncodeInputStream when encoding data from an inputStream in xpcom. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds write and execute arbitrary code on the target system.

15) Spoofing attack (CVE-ID: CVE-2023-25730)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to the possibility of screen hijacking. A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks.

16) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2023-25729)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to missing permissions prompts for opening external schemes were only shown for ContentPrincipals. A malicious extension can open external schemes without user interaction via ExpandedPrincipals and perform other potentially dangerous actions, such as downloading files or interacting with software already installed on the system.

17) Input validation error (CVE-ID: CVE-2022-46874)

The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of long filenames during drag and drop actions, which causes filename truncation to a potentially malicious extension. A remote attacker can trick the victim to download a file with a long filename, which can be automatically truncated by the browser into an executable file.

18) Incorrect Regular Expression (CVE-ID: CVE-2023-24807)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when user-supplied input within the `Headers.set()` and `Headers.append()` methods. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

19) Use of insufficiently random values (CVE-ID: CVE-2023-0567)

The vulnerability allows a remote attacker to bypass authentication.

The vulnerability exists due to an error within the Password_verify() function, which always returns true with some hashes. A remote attacker can bypass authentication process and gain unauthorized access to the application.

20) Incorrect Regular Expression (CVE-ID: CVE-2023-23603)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to usage of an incorrect regular expression when filtering out forbidden properties and values from style directives in calls to console.log. A remote attacker can exfiltrate data from the victim's browser.

21) Out-of-bounds read (CVE-ID: CVE-2023-0798)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

22) Link following (CVE-ID: CVE-2023-22490)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insecure processing of symbolic links when using local clone optimization. Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, however the `objects` directory itself may still be a symbolic link. A remote attacker can trick the victim into using the local clone optimization to exfiltrate arbitrary files from the victim's system.

23) Input validation error (CVE-ID: CVE-2022-39253)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to the way Git handles hardlinks when performing a local clone. A remote attacker can trick the victim into clocking a malicious repository and create or copy hardlinks to critical files on the system, which can result in sensitive information exposure.

24) Out-of-bounds write (CVE-ID: CVE-2023-0804)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds write and perform a denial of service (DoS) attack.

25) Out-of-bounds write (CVE-ID: CVE-2023-0803)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

26) Out-of-bounds read (CVE-ID: CVE-2023-0802)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

27) Out-of-bounds read (CVE-ID: CVE-2023-0801)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

28) Out-of-bounds read (CVE-ID: CVE-2023-0799)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

29) Out-of-bounds read (CVE-ID: CVE-2023-0797)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

30) Input validation error (CVE-ID: CVE-2023-0662)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when parsing multipart request body. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

31) Out-of-bounds read (CVE-ID: CVE-2023-0796)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

32) Sensitive cookie in HTTPS session without Secure attribute (CVE-ID: CVE-2023-28708)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to Apache Tomcat does not set the "Secure" attribute for the JSESSIONID session cookie when using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https. A remote attacker can force the application to transmit cookie via an insecure channel and intercept it.

33) Buffer overflow (CVE-ID: CVE-2023-28176)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML conent. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

34) Spoofing attack (CVE-ID: CVE-2023-28164)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data when dragging a URL from a cross-origin iframe. A remote attacker can spoof page content.

35) Information disclosure (CVE-ID: CVE-2023-28163)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application when downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names. A remote attacker can gain unauthorized access to sensitive information on the system.

Note, the vulnerability affects only Windows installations.

36) Type conversion (CVE-ID: CVE-2023-28162)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an invalid downcast in AudioWorklets. A remote attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the system.

37) Out-of-bounds read (CVE-ID: CVE-2023-25752)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when accessing throttled streams. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.

38) Buffer overflow (CVE-ID: CVE-2023-23605)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

39) Security features bypass (CVE-ID: CVE-2023-23602)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect processing of CSP. A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers.

40) Integer overflow (CVE-ID: CVE-2022-24963)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the apr_encode() function. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

41) Out-of-bounds write (CVE-ID: CVE-2023-0767)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PKCS 12 Safe Bag attributes. A remote attacker can create a specially crafted PKCS 12 cert bundle, trick the victim into loading it, trigger an out-of-bounds write and execute arbitrary code on the target system.

42) Type Confusion (CVE-ID: CVE-2023-0286)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error related to X.400 address processing inside an X.509 GeneralName. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and perform a denial of service (DoS) attack or read memory contents.

In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

43) Resource management error (CVE-ID: CVE-2023-0616)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application. If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack.

44) Code Injection (CVE-ID: CVE-2023-25751)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation when invalidating JIT code while following an iterator. A remote attacker can trick the victim to visit a specially crafted website and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

45) Out-of-bounds write (CVE-ID: CVE-2023-0568)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in fopen_wrappers.c. A remote attacker can pass a specially crafted filename to the affected application, trigger a one-byte buffer overflow and crash the application or potentially execute arbitrary code.

46) HTTP response splitting (CVE-ID: CVE-2023-25690)

The vulnerability allows a remote attacker to perform HTTP splitting attacks.

The vulnerability exists due to software does not correclty process CRLF character sequences in mod_rewrite and mod_proxy. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.

Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.

47) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-23918)

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions within the process.mainModule.require() method. A remote user can access non authorized modules.

48) Information disclosure (CVE-ID: CVE-2023-25728)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the Content-Security-Policy-Report-Only header can leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. A remote attacker can gain access to potentially sensitive information.

49) Resource exhaustion (CVE-ID: CVE-2023-24580)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can certain inputs to multipart forms, trigger memory exhaustion and perform a denial of service (DoS) attack.

50) Out-of-bounds read (CVE-ID: CVE-2023-0795)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

51) Input validation error (CVE-ID: CVE-2023-23969)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the Accept-Language headers. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

52) Use-after-free (CVE-ID: CVE-2023-0215)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the BIO_new_NDEF function. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.

53) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2023-0430)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to application does not check certificate OCSP revocation status when verifying S/Mime signatures. A remote attacker can sign their emails with a revoked certificate and they will be displayed as having a valid signature.

54) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-23598)

The vulnerability allows a remote attacker to read arbitrary files on the system.

The vulnerability exists due to improperly imposed security restrictions with the Firefox GTK wrapper. A remote attacker can trick the victim to perform certain actions on the web page, such as drag objects and read arbitrary files on the system via a call to DataTransfer.setData.

55) Integer overflow (CVE-ID: CVE-2022-23521)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input when parsing the .gitattributes attributes. A remote attacker can trick the victim into cloning a specially crafted repository and execute arbitrary code on the system.

56) Expected behavior violation (CVE-ID: CVE-2022-32221)

The vulnerability allows a remote attacker to force unexpected application behavior.

The vulnerability exists due to a logic error for a reused handle when processing subsequent HTTP PUT and POST requests. The libcurl can erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request, which used that callback. As a result, such behavior can influence application flow and force unpredictable outcome.

57) Integer overflow (CVE-ID: CVE-2022-25147)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the apr_base64() function. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

58) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2023-24998)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to Apache Commons FileUpload does not limit the number of request parts. A remote attacker can initiate a series of uploads and perform a denial of service (DoS) attack.

59) Out-of-bounds read (CVE-ID: CVE-2023-0800)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

60) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-23601)

The vulnerability allows a remote attacker to perform spoofing attacks.

The vulnerability exists due to the way browser treats dragging of URL from the cross-origin iframe into the same tab. A remote attacker can perform spoofing attack.

61) Out-of-bounds read (CVE-ID: CVE-2017-12613)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an out-of-bounds array dereference in the apr_time_exp_get() function. A remote attacker can access prior out-of-bounds memory, reveal the contents of a different static heap value and read arbitrary files or cause the application to crash.

62) OS Command Injection (CVE-ID: CVE-2023-23599)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when copying a network request from the developer tools panel as a curl command in devtools on Windows. A remote attacker can trick the victim to copy and paste data from the network request into a console and execute arbitrary commands.

63) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2022-46877)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to the way fullscreen notifications are displayed by the browser. A remote attacker can confuse browser to delay or suppress fullscreen notifications and perform spoofing attack.

64) Buffer overflow (CVE-ID: CVE-2022-46871)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in libusrsctp. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

65) Heap-based buffer overflow (CVE-ID: CVE-2022-41903)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error during git archive invocation. A remote attacker can trick the victim into using the application against a specially crafted archive, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

66) Improper input validation (CVE-ID: CVE-2023-21840)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: PS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

67) Stack-based buffer overflow (CVE-ID: CVE-2022-28331)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the apr_socket_sendv() function. A remote attacker can pass specially crafted input to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Note, the vulnerability affects Windows installations only.

68) Out-of-bounds read (CVE-ID: CVE-2021-35940)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a boundary condition in the "apr_time_exp*()" functions. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.

Note, the vulnerability exists due to a missing patch for #VU9477 (CVE-2017-12613).

69) Out-of-bounds read (CVE-ID: CVE-2022-4203)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when performing name constraint checking of the X.509 certificates. A remote attacker can pass a specially crafted X.509 certificate to the affected server, trigger an out-of-bounds read error and read contents of memory on the system.

70) Information Exposure Through Timing Discrepancy (CVE-ID: CVE-2022-4304)

The vulnerability allows a remote attacker to obtain sensitive information.

The vulnerability exists due to a timing based side channel exists in the OpenSSL RSA Decryption implementation. A remote attacker can perform a Bleichenbacher style attack and decrypt data sent over the network.

To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.

71) Heap-based buffer overflow (CVE-ID: CVE-2022-48281)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the processCropSelections() function in tools/tiffcrop.c in LibTIFF. A remote attacker can pass a specially crafted TIFF image to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

72) Improper input validation (CVE-ID: CVE-2021-37519)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Patches (memcached) component in Oracle Communications User Data Repository. A local non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.

73) Link following (CVE-ID: CVE-2023-23946)

The vulnerability allows an attacker to compromise the affected system.

The vulnerability exists due to application allows to overwrite files outside the working tree via the "git apply" command. A remote attacker can trick the victim to run the affected command against a malicious or compromised repository and overwrite arbitrary files on the system.

74) NULL pointer dereference (CVE-ID: CVE-2023-0401)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error during PKCS7 data verification. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

75) NULL pointer dereference (CVE-ID: CVE-2023-0217)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when validating the DSA public key. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

76) Release of invalid pointer or reference (CVE-ID: CVE-2023-0216)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to invalid pointer dereference in d2i_PKCS7 functions. A remote attacker can perform a denial of service (DoS) attack.

77) Double Free (CVE-ID: CVE-2022-4450)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the PEM_read_bio_ex() function. A remote attacker can pass specially crafted PEM file to the application, trigger a double free error and perform a denial of service (DoS) attack.

78) Division by zero (CVE-ID: CVE-2020-23903)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error when handling .wav files. A remote attacker can trick the victim into opening a specially crafted .wav file and crash the application.

79) Input validation error (CVE-ID: CVE-2020-23904)

The vulnerability allows attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of .wav file in speexenc.c. A remote attacker can cause a denial of service (DoS) via a crafted WAV file.

80) HTTP response splitting (CVE-ID: CVE-2021-33621)

The vulnerability allows a remote attacker to perform HTTP splitting attacks.

The vulnerability exists due to software does not corrector process CRLF character sequences when handling cookies. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.

Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.

81) Out-of-bounds write (CVE-ID: CVE-2021-33657)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing .BMP files in video/SDL_pixels.c. A remote attacker can create a specially crafted BMP file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

82) Origin validation error (CVE-ID: CVE-2021-3618)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to a logic error in TLS implementation when handling different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A remote attacker with ability to perform TCP/IP layer MitM attack can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

This attack technique was dubbed ALPACA (application layer protocol content confusion attack).

83) Integer overflow (CVE-ID: CVE-2021-43618)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in mpz/inp_raw.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.

84) Missing Encryption of Sensitive Data (CVE-ID: CVE-2022-2097)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error in AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation. Under specific circumstances OpenSSL does not encrypt the entire message and can reveal sixteen bytes of data that was preexisting in the memory that wasn't written. A remote attacker can gain access to potentially sensitive information.

85) Information disclosure (CVE-ID: CVE-2022-21123)

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.

86) Information disclosure (CVE-ID: CVE-2022-21125)

The vulnerability allows an attacker to gain access to potentially sensitive information.

87) Incomplete cleanup (CVE-ID: CVE-2022-21127)

The vulnerability allows a local user to gain access to sensitive information on the system.

The vulnerability exists due to incomplete cleanup in specific special register read operations. A local user can enable information disclosure.

88) Information disclosure (CVE-ID: CVE-2022-21166)

The vulnerability allows an attacker to gain access to potentially sensitive information.

89) Improper input validation (CVE-ID: CVE-2022-21589)

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.

90) Improper input validation (CVE-ID: CVE-2022-21592)

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.

91) Improper input validation (CVE-ID: CVE-2022-21608)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

92) Improper input validation (CVE-ID: CVE-2022-21617)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Connection Handling component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

93) Heap-based buffer overflow (CVE-ID: CVE-2022-28805)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the singlevar function in lparser.c. A remote attacker can use a specially crafted luaK_exp2anyregup call, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

94) Cleartext transmission of sensitive information (CVE-ID: CVE-2022-30115)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error in HSTS implementation that can allow curl to continue using HTTP protocol instead of HTTPS if the host name in the given URL used a trailing dot while not using one when it built the HSTS cache. A remote attacker with ability to intercept traffic can obtain potentially sensitive information.

95) Heap-based buffer overflow (CVE-ID: CVE-2022-33099)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the luaG_runerror component. A remote attacker can send specially crafted data to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.

96) Cross-site scripting (CVE-ID: CVE-2022-39348)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied datawithin "NameVirtualHost". A remote user can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

97) Incorrect Regular Expression (CVE-ID: CVE-2022-40897)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing HTML content. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

98) Resource exhaustion (CVE-ID: CVE-2022-41723)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in the HPACK decoder. A remote attacker can send a specially crafted HTTP/2 stream to the application, cause resource exhaustion and perform a denial of service (DoS) attack.

99) Resource management error (CVE-ID: CVE-2022-41724)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in crypto/tls when handling large TLS handshake records. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.

The vulnerability affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).

100) Resource exhaustion (CVE-ID: CVE-2022-41725)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper control over internal resources in net/http and mime/multipart. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

101) Integer overflow (CVE-ID: CVE-2022-42898)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to an integer overflow within the S4U2Proxy handler on 32-bit systems. A remote user can send specially crafted request to the KDC server, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

102) Cleartext transmission of sensitive information (CVE-ID: CVE-2022-42916)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error when parsing URL with IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. A remote attacker can bypass curl's HSTS check and trick it into using unencrypted HTTP protocol.

103) Security features bypass (CVE-ID: CVE-2022-43551)

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists in the way curl handles IDN characters in hostnames. The HSTS mechanism could be bypassed if the hostname in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Then in a subsequent request it does not detect the HSTS state and makes a clear text transfer.

104) Use-after-free (CVE-ID: CVE-2022-43552)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error while processing denied requests from HTTP proxies when using SMB or TELNET protocols. A remote attacker can trigger a use-after-free error and crash the application.

105) Infinite loop (CVE-ID: CVE-2022-44617)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the ParsePixels() function when handling XPM files with width set to 0 and a very large height value. A remote attacker can trick the victim to open a specially crafted XPM file and perform a denial of service (DoS) attack.

106) NULL pointer dereference (CVE-ID: CVE-2022-44792)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the handle_ipDefaultTTL() function in agent/mibgroup/ip-mib/ip_scalars.c. A remote non-authenticated attacker can send specially crafted UDP to the application and perform a denial of service (DoS) attack.

107) NULL pointer dereference (CVE-ID: CVE-2022-44793)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the handle_ipv6IpForwarding() function in agent/mibgroup/ip-mib/ip_scalars.c. A remote attacker can send specially crafted UDP packets to the application and perform a denial of service (DoS) attack.

108) Infinite loop (CVE-ID: CVE-2022-46285)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when handling unclosed comments in XPM images within the ParseComment() function. A remote attacker can trick the victim to open a specially crafted image and cause denial of service conditions.

109) Input validation error (CVE-ID: CVE-2022-46663)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of the ANSI escape sequences in the "less -R" output. A remote attacker can trick the victim to run the command against the specially crafted data and perform a denial of service (DoS) attack.

110) Security features bypass (CVE-ID: CVE-2022-46908)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper implementation of the azProhibitedFunctions protection mechanism, which allows UDF functions such as WRITEFILE when relying on --safe for execution of an untrusted CLI script. A local user can escalate privileges on the system.

111) Memory leak (CVE-ID: CVE-2022-4743)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within the GLES_CreateTexture() function in render/opengles/SDL_render_gles.c. A remote attacker can force the application to leak memory and perform denial of service attack.

112) Heap-based buffer overflow (CVE-ID: CVE-2022-48303)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the from_header() function in list.c when handling V7 archives. A remote attacker can trick the victim to open a specially crafted V7 archive, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

113) Untrusted search path (CVE-ID: CVE-2022-4883)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to libXpm relies on the $PATH variable to run the command responsible for decompressing .Z or .gz files. A local user can execute arbitrary code with elevated privileges.

114) Buffer overflow (CVE-ID: CVE-2022-4904)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the config_sortlist() function. A local user can trigger memory corruption and perform a denial of service (DoS) attack.

115) Use-after-free (CVE-ID: CVE-2023-0494)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within DeepCopyPointerClasses. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

116) Security features bypass (CVE-ID: CVE-2023-0547)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error when processing revocation status of S/mime recipient certificates. OCSP revocation status of recipient certificates is not checked when sending S/Mime encrypted email, as a result revoked certificates are accepted.

117) Input validation error (CVE-ID: CVE-2023-1161)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within ISO 15765 and ISO 10681 dissectors. A remote attacker can pass specially crafted traffic to the application and perform a denial of service (DoS) attack.

118) Buffer overflow (CVE-ID: CVE-2023-1945)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the Safe Browsing API. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

119) Input validation error (CVE-ID: CVE-2023-1992)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in RPC over RDMA dissector. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

120) Resource exhaustion (CVE-ID: CVE-2023-1993)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in LISP dissector. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

121) Input validation error (CVE-ID: CVE-2023-1994)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in GQUIC dissector. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

122) Error Handling (CVE-ID: CVE-2023-23931)

The vulnerability allows an attacker to misuse Python API.

The vulnerability exists due to a soundness bug within the Cipher.update_into function, which can allow immutable objects (such as bytes) to be mutated. A malicious programmer can misuse Python API to introduce unexpected behavior into the application.

123) Buffer overflow (CVE-ID: CVE-2023-24021)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when executing rules that read the FILES_TMP_CONTENT collection. A remote attacker can upload a specially crafted file on the system, trigger memory corruption and execute arbitrary code on the target system or bypass implemented WAF protection rules.

124) Incorrect calculation (CVE-ID: CVE-2023-24532)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars.

125) Resource exhaustion (CVE-ID: CVE-2023-24534)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when parsing HTTP and MIME headers in net/textproto. A remote attacker can cause an HTTP server to allocate large amounts of memory from a small request and perform a denial of service (DoS) attack.

126) Resource management error (CVE-ID: CVE-2023-24536)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within mime/multipart and net/textproto components when parsing multipart forms. A remote attacker can pass specially crafted request to the application and perform a denial of service (DoS) attack.

127) Infinite loop (CVE-ID: CVE-2023-24537)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when calling any of the Parse functions on Go source code which contains //line directives with very large line numbers. A remote attacker can consume all available system resources and cause denial of service conditions.

128) Code Injection (CVE-ID: CVE-2023-24538)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in html/template when handling JavaScript templates that contain backticks in code. If a template contains a Go template action within a JavaScript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary JavaScript code into the Go template.

129) Double Free (CVE-ID: CVE-2023-27320)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when matching a sudoers rule that contains a per-command chroot directive (CHROOT=dir). A local user can trigger a double free error and execute arbitrary code with elevated privileges.

130) OS Command Injection (CVE-ID: CVE-2023-28486)

The vulnerability allows a local user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when processing control characters in the log messages. A local user can inject specially crafted characters to the log messages and execute arbtirary OS commands on the system when the command is executed from the log (e.g. via the "sudoreplay -l").

131) OS Command Injection (CVE-ID: CVE-2023-28487)

The vulnerability allows a local user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation when processing control characters in the sudoreplay output. A local user can inject specially crafted characters to the log messages and execute arbitrary OS commands on the system.

132) Incorrect Regular Expression (CVE-ID: CVE-2023-28755)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing URLs. A remote attacker can pass specially crafted URL to the application and perform regular expression denial of service (ReDos) attack.

133) Incorrect Regular Expression (CVE-ID: CVE-2023-28756)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing strings that have specific characters. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

134) Input validation error (CVE-ID: CVE-2023-29479)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the Ribose RNP library when parsing PKESK/SKESK packets. A remote attacker can send specially crafted OpenPGP messages to the application and perform a denial of service (DoS) attack.

135) Out-of-bounds write (CVE-ID: CVE-2023-29531)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in WebGL API. A remote attacker can trick the victim to visit a specially crafted website, trigger an out-of-bounds write and execute arbitrary code on the target system.

Note, the vulnerability affects only Firefox for macOS.

136) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-29532)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the way Mozilla Maintenance Service handles write-locks when downloading updates from a SMB server. A local user can apply an unsigned update file by pointing the service at an update file on a malicious SMB server.

The vulnerability affects only Firefox for Windows.

137) Spoofing attack (CVE-ID: CVE-2023-29533)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can hide the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls.

138) Buffer overflow (CVE-ID: CVE-2023-29535)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error during Garbage Collector compaction. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

139) Release of invalid pointer or reference (CVE-ID: CVE-2023-29536)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to an invalid free operation from JavaScript code. A remote attacker can trick the victim to visit a specially crafted web page, trigger memory corruption and execute arbitrary code.

140) Security features bypass (CVE-ID: CVE-2023-29539)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper handling of filename directive in the Content-Disposition header, which leads to filename truncation if it contains a NULL character. A remote attacker can abuse such behavior and trick the victim into downloading a malicious file.

141) Security features bypass (CVE-ID: CVE-2023-29541)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper handling of filenames ending with .desktop. A remote attacker can trick the victim into downloading a malicious file and execute it on the system.

The vulnerability affects Firefox on Linux only.

142) Security features bypass (CVE-ID: CVE-2023-29542)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper handling of newline in a filename. A remote attacker can bypass the file extension security mechanisms that replaces dangerous file extensions such as .lnk with .download and potentially compromise the affected system.

143) Information disclosure (CVE-ID: CVE-2023-29545)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application when downloading files through the "Save Link As" on Windows with suggested filenames containing environment variable names. A remote attacker can gain unauthorized access to sensitive information on the system.

Note, the vulnerability affects only Windows installations.

144) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2023-29548)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to usage of a wrong lowering instruction in the ARM64 Ion compiler. A remote attacker can gain access to sensitive information.

145) Buffer overflow (CVE-ID: CVE-2023-29550)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when parsing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

146) Arbitrary file upload (CVE-ID: CVE-2023-31047)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to the application does not perform validation of files when using one form field for uploading multiple files. A remote attacker can upload a malicious file and execute it on the server.

147) Out-of-bounds write (CVE-ID: CVE-2023-31284)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in /dev/net when handling an overly long filename. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

148) Spoofing attack (CVE-ID: CVE-2023-32205)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can obscure browser prompts and perform spoofing attack.

149) Out-of-bounds read (CVE-ID: CVE-2023-32206)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the RLBox Expat driver. A remote attacker can trick the victim to open a specially crafted website, trigger an out-of-bounds read error and crash the browser.

150) Security features bypass (CVE-ID: CVE-2023-32207)

The vulnerability allows a remote attacker to perform clickjacking attack.

The vulnerability exists due to a missing delay in popup notifications. A remote attacker can trick a victim into granting permissions.

151) Type Confusion (CVE-ID: CVE-2023-32211)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error when processing HTML content. A remote attacker can trick the victim to open a specially crafted website, trigger a type confusion error and crash the browser.

152) Spoofing attack (CVE-ID: CVE-2023-32212)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can spoof the address bar using the datalist element.

153) Buffer overflow (CVE-ID: CVE-2023-32213)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within FileReader::DoReadData() when reading a file. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

154) Improper Authorization in Handler for Custom URL Scheme (CVE-ID: CVE-2023-32214)

The vulnerability allows a remote attacker to crash the browser.

The vulnerability exists due to incorrect processing of the ms-cxh and ms-cxh-full handlers. A remote attacker can trick the victim to visit a specially crafted web page and crash the browser.

Note, the vulnerability affects Windows installations only.

155) Buffer overflow (CVE-ID: CVE-2023-32215)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim to open a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

https://www.oracle.com/security-alerts/bulletinapr2023.html

SB20230418188 - Multiple vulnerabilities in Oracle Solaris third-party software

Breakdown by Severity

Description

Remediation

References

Please verify you're human