SB2025011634 - Multiple vulnerabilities in Dell RecoverPoint for Virtual Machines
Published: January 16, 2025 Updated: January 9, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 273 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2023-4016)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
2) Out-of-bounds write (CVE-ID: CVE-2023-35001)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the nft_byteorder() function. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.
3) Use-after-free (CVE-ID: CVE-2023-3567)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vc_screen() function in vcs_read in drivers/tty/vt/vc_screen.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
4) Use-after-free (CVE-ID: CVE-2023-3609)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the Linux kernel net/sched: cls_u32 component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
5) Out-of-bounds write (CVE-ID: CVE-2023-3611)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the qfq_change_agg() function in net/sched/sch_qfq.c within the Linux kernel net/sched: sch_qfq component. A local user trigger an out-of-bounds write and execute arbitrary code on the target system.
6) Use-after-free (CVE-ID: CVE-2023-3776)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the Linux kernel's net/sched: cls_fw component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
7) Out-of-bounds write (CVE-ID: CVE-2023-3812)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the TUN/TAP device driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
8) Improper input validation (CVE-ID: CVE-2023-22045)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM for JDK. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
9) Improper input validation (CVE-ID: CVE-2023-22049)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM for JDK. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
10) Division by zero (CVE-ID: CVE-2023-1127)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a divide by zero error within the scrolldown() function in move.c. A remote attacker can trick the victim to open a specially crafted file and crash the editor.
11) NULL pointer dereference (CVE-ID: CVE-2023-1264)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the utfc_ptr2len() function in mbyte.c.c. A remote attacker can trick the victim to open a specially crafted file and crash the editor.
12) NULL pointer dereference (CVE-ID: CVE-2023-1355)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in within the class_object_index() function in vim9class.c in Vim. A remote attacker can perform a denial of service (DoS) attack.
13) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2023-2426)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to an out-of-range pointer offset within the mb_charlen() function in mbyte.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
14) NULL pointer dereference (CVE-ID: CVE-2023-2609)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the get_register() function in register.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
15) Integer overflow (CVE-ID: CVE-2023-2610)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the regtilde() function in regexp.c. A remote attacker can trick the victim to open a specially crafted file, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Cryptographic issues (CVE-ID: CVE-2023-20900)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper verification of SAML token signature. A remote attacker can bypass SAML token signature verification and perform man-in-the-middle (MITM) network positioning between vCenter server and the virtual machine.
17) Use-after-free (CVE-ID: CVE-2023-31248)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in nft_chain_lookup_byid() function, which failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace. A local user ca trigger a use-after-free error and execute arbitrary code with elevated privileges.
18) Security features bypass (CVE-ID: CVE-2023-4039)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the GCC's stack smashing protection does not detect or defend against overflows of dynamically-sized local variables on AArch64 targets. A remote attacker can bypass expected security restrictions and successfully exploit buffer overflow vulnerabilities.
19) Cross-site scripting (CVE-ID: CVE-2016-3709)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
20) Out-of-bounds read (CVE-ID: CVE-2023-39615)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the xmlSAX2StartElement() function in /libxml2/SAX2.c. A remote attacker can pass specially crafted XML input to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
21) Resource exhaustion (CVE-ID: CVE-2023-38039)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not limit the size of received headers from a single request that are stored for future reference. A remote attacker can send overly large HTTP responses to the application and consume all memory resources.
22) Buffer overflow (CVE-ID: CVE-2020-19726)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in libbfd.c when handling the auxiliary symbol data. A remote attacker can trick the victim to pass specially crafted data to the application and perform a denial of service (DoS) attack.
23) Out-of-bounds write (CVE-ID: CVE-2021-32256)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a boundary error when processing untrusted input in demangle_type in rust-demangle.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and perform a denial of service attack.
24) Reachable Assertion (CVE-ID: CVE-2022-35205)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the display_debug_names() function. A remote attacker can trick the victim to pass specially crafted input to the application and crash it.
25) NULL pointer dereference (CVE-ID: CVE-2022-35206)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A local user can trigger denial of service conditions via function read_and_display_attr_value in file dwarf.c.
26) NULL pointer dereference (CVE-ID: CVE-2022-4285)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when parsing an ELF file containing corrupt symbol version information. A remote attacker can pass a specially crafted file to the application and perform a denial of service (DoS) attack.
27) Heap-based buffer overflow (CVE-ID: CVE-2022-44840)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the find_section_in_set() function in readelf.c. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
28) Heap-based buffer overflow (CVE-ID: CVE-2022-45703)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the display_debug_section() function in readelf.c. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
29) Out-of-bounds read (CVE-ID: CVE-2022-47673)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the parse_module() function in addr2line. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
30) Input validation error (CVE-ID: CVE-2022-47695)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the bfd_mach_o_get_synthetic_symtab() function in match-o.c in objdump. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
31) Input validation error (CVE-ID: CVE-2022-47696)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the compare_symbols() function in objdump. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
32) Use-after-free (CVE-ID: CVE-2023-3390)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within net/netfilter/nf_tables_api.c in the Linux kernel netfilter subsystem. A local user can trigger a use-after-fee error and escalate privileges on the system.
33) Use-after-free (CVE-ID: CVE-2023-3117)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Netfilter subsystem. A local user with CAP_NET_ADMIN capability can trigger the use-after-free error and execute arbitrary code on the system.
34) Resource exhaustion (CVE-ID: CVE-2022-48064)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the bfd_dwarf2_find_nearest_line_with_alt() function in dwarf2.c. A remote attacker can trigger resource exhaustion via a crafted ELF file and perform a denial of service (DoS) attack.
35) Information Exposure Through Timing Discrepancy (CVE-ID: CVE-2022-4304)
The vulnerability allows a remote attacker to obtain sensitive information.
The vulnerability exists due to a timing based side channel exists in the OpenSSL RSA Decryption implementation. A remote attacker can perform a Bleichenbacher style attack and decrypt data sent over the network.
To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
36) Out-of-bounds read (CVE-ID: CVE-2023-0796)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.37) Out-of-bounds read (CVE-ID: CVE-2023-0797)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.38) Out-of-bounds read (CVE-ID: CVE-2023-0798)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.39) Out-of-bounds read (CVE-ID: CVE-2023-0799)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.40) Out-of-bounds read (CVE-ID: CVE-2023-0800)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.41) Out-of-bounds read (CVE-ID: CVE-2023-0801)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.42) Out-of-bounds read (CVE-ID: CVE-2023-0802)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.43) Out-of-bounds write (CVE-ID: CVE-2023-0803)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds write and perform a denial of service (DoS) attack.
44) Out-of-bounds write (CVE-ID: CVE-2023-0804)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
45) Resource management error (CVE-ID: CVE-2023-2650)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when processing OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS subsystems with no message size limit. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.
46) Heap-based buffer overflow (CVE-ID: CVE-2023-32324)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the format_log_line() function cups/string.c when the "loglevel" is set to "DEBUG". A remote attacker can pass specially crafted data to the daemon, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
47) Cleartext storage of sensitive information (CVE-ID: CVE-2022-45154)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exist due to iSCSI passwords are stored in clear text in supportconfig archive. A local user can view the archive and extract iSCSI passwords from it.
48) Improper Authentication (CVE-ID: CVE-2023-20867)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in the vgauth module. An attacker who compromised the ESXi host can bypass authentication process and execute privileged commands across Windows, Linux, and PhotonOS (vCenter) guest VMs without authentication of guest credentials from a compromised ESXi host and no default logging on guest VMs.
Note, the vulnerability is being actively exploited in the wild by the UNC3886 APT actor.
49) Out-of-bounds write (CVE-ID: CVE-2023-26555)
The vulnerability allows an attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within praecis_parse() function in ntpd/refclock_palisade.c. An attacker with physical proximity to device can trigger an out-of-bounds write error by manipulating the GPS receiver and execute arbitrary code on the target system.
50) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-34969)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in the dbus-daemon when sending a reply message from the "bus driver". If a local privileged user (e.g. root) is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, another unprivileged user with the ability to connect to the same dbus-daemon can force the service to send an unreplyable message and perform a denial of service (DoS) attack.
51) Use-after-free (CVE-ID: CVE-2023-2985)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the hfsplus_put_super() function in fs/hfsplus/super.c. A local user can trigger a use-after-free error and crash the kernel.
52) Information disclosure (CVE-ID: CVE-2023-20569)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to a side channel issue in AMD CPUs. A remote user can influence the return address prediction and gain unauthorized access to sensitive information on the system.
53) Reachable Assertion (CVE-ID: CVE-2023-2156)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when handling IPv6 RPL protocol. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
54) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2023-0459)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper implementation of speculative execution barriers in usercopy functions
in certain situations. A local user can gain access to sensitive information.
55) Access of Uninitialized Pointer (CVE-ID: CVE-2023-36054)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c does not validate the relationship between n_key_data and the key_data array count and frees an uninitialized pointer. A remote user can send a specially crafted request to the application and perform a denial of service (DoS) attack.
56) Improper access control (CVE-ID: CVE-2023-23908)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper access restrictions. A local privileged user can gain access to sensitive information.
57) Unauthorized error injection (CVE-ID: CVE-2022-41804)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to unauthorized error injection in some Intel Xeon Processors with Intel Software Guard Extensions (SGX). A local user can execute arbitrary code with elevated privileges.
58) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2022-40982)
The vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to the way data is shared between threads whereby the AVX GATHER instructions on Intel processors can forward the content of stale vector registers to dependent instructions. A malicious guest can infer data from different contexts on the same core and execute arbitrary code with elevated privileges.
59) Resource management error (CVE-ID: CVE-2023-3817)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when checking the long DH keys. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
60) Out-of-bounds read (CVE-ID: CVE-2022-2127)
The vulnerability allows a remote attacker to gain access to sensitive information or perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in winbindd_pam_auth_crap.c in winbind AUTH_CRAP when performing NTLM authentication. A remote attacker can trigger an out-of-bounds read error and gain access to sensitive information or crash the server.
61) Resource management error (CVE-ID: CVE-2023-3446)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the DH_check(), DH_check_ex() and EVP_PKEY_param_check() function when processing a DH key or DH parameters. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
62) Use-after-free (CVE-ID: CVE-2023-20593)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in AMD Zen2 processors. A local user can trigger a use-after-free error and execute arbitrary code on the system.
Note, the vulnerability was dubbed Zenbleed.
63) Untrusted search path (CVE-ID: CVE-2023-38408)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to usage of an insecure search path within the PKCS#11 feature in ssh-agent. A remote attacker can trick the victim into connecting to a malicious SSH server and execute arbitrary code on the system, if an agent is forwarded to an attacker-controlled system.
Note, this vulnerability exists due to incomplete fix for #VU2015 (CVE-2016-10009).
64) Information disclosure (CVE-ID: CVE-2023-34968)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can send a specially crafted RPC request to the server and obtain real server-side share path.
65) Type Confusion (CVE-ID: CVE-2023-34967)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error when parsing Spotlight mdssvc RPC packets. A remote attacker can send specially crafted data to the server, trigger a type confusion error and crash the server.
66) Infinite loop (CVE-ID: CVE-2023-34966)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when parsing Spotlight mdssvc RPC packets. A remote attacker can consume all available system resources and cause denial of service conditions on servers where Spotlight is explicitly enabled globally or on individual shares with "spotlight = yes".
67) Resource exhaustion (CVE-ID: CVE-2022-48063)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the load_separate_debug_files() function in dwarf2.c. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
68) Memory leak (CVE-ID: CVE-2022-48065)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak within the find_abstract_instance() function in dwarf2.c. A remote attacker can force the application to leak memory and perform denial of service attack.
69) Incorrect calculation (CVE-ID: CVE-2022-33972)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to incorrect calculation in microcode keying mechanism. A local user can gain access to sensitive information.
70) Out-of-bounds read (CVE-ID: CVE-2023-39194)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the XFRM subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.
71) Out-of-bounds read (CVE-ID: CVE-2023-43789)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
72) Out-of-bounds read (CVE-ID: CVE-2023-43785)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the _XkbReadKeySyms() function. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
73) Infinite loop (CVE-ID: CVE-2023-43786)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the PutSubImage() function. A local user can consume all available system resources and cause denial of service conditions.
74) Integer overflow (CVE-ID: CVE-2023-43787)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the XCreateImage() function. A local user can trigger integer overflow and execute arbitrary code with elevated privileges.
75) XML External Entity injection (CVE-ID: CVE-2022-48565)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied XML input within the plistlib module. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.
76) Race condition (CVE-ID: CVE-2022-48566)
The vulnerability allows a remote attacker to gain access to sensitive information,
The vulnerability exists due to a race condition in compare_digest in Lib/hmac.py. A remote attacker can exploit the race and gain unauthorized access to sensitive information.
77) Information disclosure (CVE-ID: CVE-2023-4641)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to an error in gpasswd(1), which fails to clean memory properly. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. A local user with enough access can retrieve the password from the memory.
78) Memory leak (CVE-ID: CVE-2020-36766)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due memory leak in drivers/media/cec/core/cec-api.c in Linux kernel. A local user can force the system to leak memory.
79) NULL pointer dereference (CVE-ID: CVE-2023-0394)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the rawv6_push_pending_frames() function in net/ipv6/raw.c. A local user can run a specially crafted program on the system and perform a denial of service (DoS) attack.
80) Use-after-free (CVE-ID: CVE-2023-1192)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_is_status_io_timeout() function in Linux kernel. A local user can set environment variable to a specific value, trigger a use-after-free error and execute arbitrary code with elevated privileges.
81) Resource exhaustion (CVE-ID: CVE-2023-1206)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a hash collision flaw in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when an attacker makes a new kind of SYN flood attack. A remote attacker can increase the CPU usage of the server that accepts IPV6 connections up to 95%.
82) Use-after-free (CVE-ID: CVE-2023-1859)
The vulnerability allows a malicious guest to gain access to sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the xen_9pfs_front_removet() function in net/9p/trans_xen.c in Xen transport for 9pfs. A malicious guest VM can trigger a use-after-free error and gain access to sensitive information of the hypervisor or crash it.
83) Out-of-bounds read (CVE-ID: CVE-2023-39192)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary condition within the the u32_match_it() function in Netfilter subsystem in Linux kernel. A local user can trigger an out-of-bounds read error and gain access to sensitive information.
84) Out-of-bounds read (CVE-ID: CVE-2023-39193)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the sctp_mt_check() function in Netfilter subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.
85) NULL pointer dereference (CVE-ID: CVE-2023-42754)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ipv4_send_dest_unreach() function in net/ipv4/route.c. A local user with CAP_NET_ADMIN permissions can perform a denial of service (DoS) attack.
86) Heap-based buffer overflow (CVE-ID: CVE-2023-4781)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary error within the vim_regsub_both() function. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and crash the application.
87) Integer overflow (CVE-ID: CVE-2023-23559)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the rndis_query_oid() function in drivers/net/wireless/rndis_wlan.c. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
88) Improper Restriction of Excessive Authentication Attempts (CVE-ID: CVE-2024-22425)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to brute force/dictionary attack. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner.
89) OS Command Injection (CVE-ID: CVE-2024-22426)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise.
90) Heap-based buffer overflow (CVE-ID: CVE-2022-1616)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
91) Heap-based buffer overflow (CVE-ID: CVE-2022-0392)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
92) Heap-based buffer overflow (CVE-ID: CVE-2022-0359)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
93) Use-after-free (CVE-ID: CVE-2023-1829)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcindex_delete() function. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.
94) Use-after-free (CVE-ID: CVE-2023-4622)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the unix_stream_sendpage() function in af_unix component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
95) Out-of-bounds read (CVE-ID: CVE-2023-4693)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the NTFS driver in grub-core/fs/ntfs.c when reading data from the resident $DATA attribute. A attacker with physical access to the system use a specially crafted NTFS file system image to read arbitrary memory locations, such as data cached in memory or EFI variables values.
96) Out-of-bounds write (CVE-ID: CVE-2023-4692)
The vulnerability allows a local user to bypass secure boot protection.
The vulnerability exists due to a boundary error in NTFS driver implementation in grub-core/fs/ntfs.c when parsing the $ATTRIBUTE_LIST attribute for the $MFT file. A local user can pass a specially crafted image to the application, trigger an out-of-bounds write and bypass secure boot protection.
97) External control of file name or path (CVE-ID: CVE-2023-38546)
The vulnerability allows an attacker to inject arbitrary cookies into request.
The vulnerability exists due to the way cookies are handled by libcurl. If a transfer has cookies enabled when the handle is duplicated, the
cookie-enable state is also cloned - but without cloning the actual
cookies. If the source handle did not read any cookies from a specific
file on disk, the cloned version of the handle would instead store the
file name as none (using the four ASCII letters, no quotes).
none - if such a file exists and is readable in the current directory of the program using libcurl. 98) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-4091)
The vulnerability allows a remote user to truncate read-only files.
The vulnerability exists due to an error in the way SMB protocol implementation in Samba handles file operations. A remote user can request read-only access to files and then truncate them to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes".
99) Use-after-free (CVE-ID: CVE-2023-4921)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the qfq_dequeue() function within the the Linux kernel's net/sched: sch_qfq component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
100) Use-after-free (CVE-ID: CVE-2023-4623)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the Linux kernel net/sched: sch_hfsc (HFSC qdisc traffic control) component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
101) Out-of-bounds read (CVE-ID: CVE-2023-43788)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
102) Use-after-free (CVE-ID: CVE-2023-4752)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a use-after-free error within the ins_compl_get_exp() function in insexpand.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
103) Heap-based buffer overflow (CVE-ID: CVE-2023-1579)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the bfd_getl64() function in binutils-gdb/bfd/libbfd.c. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
104) Type Confusion (CVE-ID: CVE-2023-4194)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a type confusion error in TUN/TAP functionality. A local user can bypass network filters and gain unauthorized access to some resources.
The vulnerability exists due to incomplete fix for #VU72742 (CVE-2023-1076).
105) Heap-based buffer overflow (CVE-ID: CVE-2023-1972)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the _bfd_elf_slurp_version_tables() function in bfd/elf.c. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
106) Use of uninitialized resource (CVE-ID: CVE-2023-25585)
The vulnerability allows a local user to bypass certain security restrictions.
The vulnerability exists due to usage of uninitialized field in the struct module *module. A local user can trick the victim into opening specially crafted data, leading to an application crash and local denial of service.
107) Use of uninitialized resource (CVE-ID: CVE-2023-25588)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function. A local user can trick the victim into opening specially crafted data, leading to an application crash and local denial of service.
108) Integer overflow (CVE-ID: CVE-2022-36402)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in drivers/gpu/vmxgfx/vmxgfx_execbuf.c. A local user can trigger an integer overflow and crash the kernel.
109) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2023-2007)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a race condition in dpt_i2o driver. A local privileged user can gain access to sensitive kernel information.
110) Division by zero (CVE-ID: CVE-2023-20588)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a divide by zero error that can return speculative data. A local user can gain access to potentially sensitive information.
111) Buffer overflow (CVE-ID: CVE-2023-34319)
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in netback when processing certain packets. A malicious guest can send specially crafted packets to the backend, trigger memory corruption and crash the hypervisor.
112) NULL pointer dereference (CVE-ID: CVE-2023-3772)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the xfrm_update_ae_params() function in the IP framework for transforming packets (XFRM subsystem). A local user with CAP_NET_ADMIN privileges can perform a denial of service (DoS) attack.
113) Use-after-free (CVE-ID: CVE-2023-3863)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfc_llcp_find_local() function in net/nfc/llcp_core.c in NFC implementation in Linux kernel. A local user can execute arbitrary code with elevated privileges.
114) Use-after-free (CVE-ID: CVE-2023-40283)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_sock_release() function in net/bluetooth/l2cap_sock.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
115) Use-after-free (CVE-ID: CVE-2023-4128)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
116) Use-after-free (CVE-ID: CVE-2023-4132)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the siano smsusb module in the Linux kernel. A local user can trigger a use-after-free error and crash the kernel.
117) Use-after-free (CVE-ID: CVE-2023-4133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cxgb4 driver in the Linux kernel. A local user can trigger a use-after-free and crash the kernel.
118) Use-after-free (CVE-ID: CVE-2023-4134)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cyttsp4_watchdog_work() in cyttsp4_core driver. A local user can trigger memory corruption and crash the kernel.
119) NULL pointer dereference (CVE-ID: CVE-2023-4385)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the dbFree() function in fs/jfs/jfs_dmap.c in the journaling file system (JFS). A local user can perform a denial of service (DoS) attack.
120) Buffer overflow (CVE-ID: CVE-2023-4738)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary error within the vim_regsub_both() function in src/regexp.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and crash the application.
121) Memory leak (CVE-ID: CVE-2023-35945)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak when handling HTTP/2 requests within the nghttp2 codec. A remote attacker can send RST_STREAM immediately followed by the GOAWAY frames to the application and force memory leak.
122) Out-of-bounds read (CVE-ID: CVE-2023-4735)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the do_addsub() function in ops.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
123) Integer overflow (CVE-ID: CVE-2023-4734)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the f_fullcommand() function in ex_docmd.c. A remote attacker can trick the victim to open a specially crafted file, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
124) Use-after-free (CVE-ID: CVE-2023-4733)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a use-after-free error within the do_ecmd() function in ex_cmds.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
125) Heap-based buffer overflow (CVE-ID: CVE-2023-5217)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in vp8 encoding in libvpx. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
126) Path traversal (CVE-ID: CVE-2023-41105)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
127) Key management errors (CVE-ID: CVE-2018-9234)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to missing enforcement of a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. A remote attacker can gain access to potentially sensitive information.
128) Resource exhaustion (CVE-ID: CVE-2023-3341)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling control channel messages . A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
129) Double Free (CVE-ID: CVE-2023-4387)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary error within the vmxnet3_rq_alloc_rx_buf() function in drivers/net/vmxnet3/vmxnet3_drv.c in VMware vmxnet3 ethernet NIC driver. A local user can trigger a double free error and gain access to sensitive information or crash the kernel.
130) Incorrect default permissions (CVE-ID: CVE-2023-32182)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect default permissions for files in the /tmp folder set by the config_postfix script. A local user can perform a denial of service (DoS) attack.
131) Cleartext transmission of sensitive information (CVE-ID: CVE-2023-40217)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error in ssl.SSLSocket implementation when handling TLS client authentication. A remote attacker can trick the application to send data unencrypted.
132) Off-by-one (CVE-ID: CVE-2023-4504)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an off-by-one error when parsing Postscript objects within the scan_ps() function in cups/raster-interpret.c. A remote attacker can trigger pass a specially crafted PPD file to the affected application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
133) Use-after-free (CVE-ID: CVE-2023-34241)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in cupsdAcceptClient(). A remote attacker can cause a denial of service condition on the target system.
134) Improper Authentication (CVE-ID: CVE-2023-32360)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to missing authentication in CUPS. A remote attacker can access recently printed documents.
135) NULL pointer dereference (CVE-ID: CVE-2023-4459)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the vmxnet3_rq_cleanup() function in drivers/net/vmxnet3/vmxnet3_drv.c. A local user can perform a denial of service (DoS) attack.
136) Out-of-bounds read (CVE-ID: CVE-2023-0795)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
137) Expected behavior violation (CVE-ID: CVE-2023-28322)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a logic error when sending HTTP POST and PUT requests using the same handle. The libcurl can erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. As a result, the application can misbehave and either send off the wrong data or use memory after free or similar in the second transfer.
138) Use-after-free (CVE-ID: CVE-2022-2586)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the netfilter subsystem implementation in Linux kernel when preventing one nft object from referencing an nft set in another nft table. A local user can trigger a use-after-free error and execute arbitrary code on the system with elevated privileges.
139) Information disclosure (CVE-ID: CVE-2022-33742)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.
140) Information disclosure (CVE-ID: CVE-2022-33741)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.
141) Race condition (CVE-ID: CVE-2022-3028)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. A local user can exploit the race and escalate privileges on the system.
142) Input validation error (CVE-ID: CVE-2022-2663)
The vulnerability allows a remote attacker to bypass firewall rules.
The vulnerability exists due to insufficient validation of user-supplied input in nf_conntrack_irc in Linux kernel. A remote attacker can send unencrypted IRC with nf_conntrack_irc configured and bypass configured firewall rules.
143) Out-of-bounds write (CVE-ID: CVE-2021-33656)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when setting font with malicous data by ioctl cmd PIO_FONT. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
144) Use-after-free (CVE-ID: CVE-2022-2318)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error caused by timer handler in net/rose/rose_timer.c of linux. A local user can exploit the vulnerability to perform a denial of service attack.
145) Memory leak (CVE-ID: CVE-2021-4159)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due memory leak in Linux kernel EBPF verifier when handling internal data structures. A local user with permissions to insert eBPF code to the kernel can force the kernel to leak internal kernel memory details and bypass mitigations, related to exploitation protection.
146) Buffer overflow (CVE-ID: CVE-2021-43267)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input in net/tipc/crypto.c in the Linux kernel. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.
A remote attacker can send specially crafted MSG_CRYPTO messages to the affected system, trigger memory corruption and execute arbitrary code on the system.
147) Information disclosure (CVE-ID: CVE-2022-33740)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.
148) Information disclosure (CVE-ID: CVE-2022-26365)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.
149) Out-of-bounds write (CVE-ID: CVE-2021-33655)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in FBIOPUT_VSCREENINFO IOCTL. A local user can trigger an out-of-bounds write error and execute arbitrary code with elevated privileges.
150) Resource management error (CVE-ID: CVE-2022-36879)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the xfrm_expand_policies() function in net/xfrm/xfrm_policy.c. A local user can cause the refcount to be dropped twice and perform a denial of service (DoS) attack.
151) NULL pointer dereference (CVE-ID: CVE-2022-2153)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel’s KVM when attempting to set a SynIC IRQ. A local user on the host can issue specific ioctl calls, causing a denial of service.
152) Resource management error (CVE-ID: CVE-2022-33744)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of foreign mappings performed by rbtree when mapping pages of Arm guests. An unprivileged Arm guest can cause inconsistencies of the rbtree via PV devices, which can lead to denial of service of dom0 and cause crashes or the inability to perform further mappings of other guests' memory pages.
153) Input validation error (CVE-ID: CVE-2022-36946)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the nfqnl_mangle() function in net/netfilter/nfnetlink_queue.c in the Linux kernel when processing IPv6 packets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
154) Use-after-free (CVE-ID: CVE-2022-1679)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath9k_htc_wait_for_target() function in the Linux kernel’s Atheros wireless adapter driver. A local user can execute arbitrary code with elevated privileges.
155) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2023-46589)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests when parsing malformed trailer headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
156) Information disclosure (CVE-ID: CVE-2021-43980)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to incorrect implementation of blocking reads and writes. A remote attacker can trigger a concurrency bug and force client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.
157) Data Handling (CVE-ID: CVE-2022-29885)
The vulnerability allows a remote attacker to perform DoS attack.
The vulnerability exists due to an error in documentation for the EncryptInterceptor, which incorrectly stated that it enabled Tomcat clustering to run over an untrusted network. A remote attacker can perform a denial of service attack against the exposed EncryptInterceptor.
158) Open redirect (CVE-ID: CVE-2023-41080)
The vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data, if the ROOT (default) web application is configured to use FORM authentication. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
159) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2023-24998)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to Apache Commons FileUpload does not limit the number of request parts. A remote attacker can initiate a series of uploads and perform a denial of service (DoS) attack.
160) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-42252)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers via an invalid
Content-Length header.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks but requires Tomcat to be configured to ignore invalid HTTP headers via setting
rejectIllegalHeader to false (not the default configuration).
161) Cross-site scripting (CVE-ID: CVE-2022-34305)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data passed to the form authentication example in the examples web application. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
162) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2023-45648)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation when parsing HTTP trailer headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
163) Integer overflow (CVE-ID: CVE-2022-39842)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the pxa3xx_gcu_write() function in drivers/video/fbdev/pxa3xx-gcu.c in Linux kernel. A local user can trigger an integer overflow and execute arbitrary code with escalated privileges.
164) Resource exhaustion (CVE-ID: CVE-2023-44487)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".
Note, the vulnerability is being actively exploited in the wild.
165) Resource management error (CVE-ID: CVE-2023-42795)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper management of internal resources within the application when recycling various internal objects. A remote attacker can force Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next.
166) Sensitive cookie in HTTPS session without Secure attribute (CVE-ID: CVE-2023-28708)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to Apache Tomcat does not set the "Secure" attribute for the JSESSIONID session cookie when using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https. A remote attacker can force the application to transmit cookie via an insecure channel and intercept it.
167) Inadequate encryption strength (CVE-ID: CVE-2023-48795)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to incorrect implementation of the SSH Binary Packet Protocol (BPP), which mishandles the handshake phase and the use of sequence numbers. A remote attacker can perform MitM attack and delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features introduced in OpenSSH 9.5.
The vulnerability was dubbed "Terrapin attack" and it affects both client and server implementations.
168) Integer overflow (CVE-ID: CVE-2019-17498)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack or access sensitive information.
The vulnerability exists due to integer overflow in the "SSH_MSG_DISCONNECT" logic in "packet.c" in a bounds check. A remote attacker can specify an arbitrary (out-of-bounds) offset for a subsequent memory read, trigger out-of-bounds read, disclose sensitive information or cause a denial of service condition on the target system when a user connects to the malicious SSH server.
169) Out-of-bounds read (CVE-ID: CVE-2022-1462)
The vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the the Linux kernel’s TeleTYpe subsystem caused by a race condition when using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory file. A local user can trigger an out-of-bounds read error and crash the system or read random kernel memory.
170) Double Free (CVE-ID: CVE-2022-2588)
The vulnerability allows a local user to escalate privileges on the system.
The
vulnerability exists due to a double free error within the network packet scheduler implementation
in the route4_change() function in Linux kernel when removing all references to a route filter
before freeing it. A local user can run a specially crafted program to
crash the kernel or execute arbitrary code.
171) Use-after-free (CVE-ID: CVE-2022-40307)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the drivers/firmware/efi/capsule-loader.c in Linux kernel. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.
172) NULL pointer dereference (CVE-ID: CVE-2020-35525)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the INTERSEC query processing. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
173) Out-of-bounds write (CVE-ID: CVE-2021-4019)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
174) Resource exhaustion (CVE-ID: CVE-2023-2828)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can cause the amount of memory used by a named resolver to go well beyond the configured max-cache-size limit. The effectiveness of the attack depends on a number of factors (e.g. query load, query patterns), but since the default value of the max-cache-size statement is 90%, in the worst case the attacker can exhaust all available memory on the host running named, leading to a denial-of-service condition.
175) Buffer overflow (CVE-ID: CVE-2021-25216)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger buffer overflow and execute arbitrary code on the system.
Successful exploitation of the vulnerability requires that named is configure to use SPNEGO implementation by setting values for the tkey-gssapi-keytab or tkey-gssapi-credential configuration options (often used with Samba as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers).
176) OS Command Injection (CVE-ID: CVE-2023-51385)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing user names, if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. A remote attacker can execute arbitrary OS commands via an untrusted Git repository.
177) Improper Authentication (CVE-ID: CVE-2023-51767)
The vulnerability allows a local user to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. A local user can bypass authentication process and gain unauthorized access to the application by conducting a row hammer attack against the mm_answer_authpassword integer value to flip a single bit.
178) Double Free (CVE-ID: CVE-2021-28041)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ssh-agent. A remote attacker can trick the victim to connect to a server, where the attacker has root privileges, pass specially crafted data to the ssh client, trigger a double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
179) Use-after-free (CVE-ID: CVE-2021-20231)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in client sending key_share extension. A remote attacker can trick the victim to connect to a malicious server using a large Client Hello message over TLS 1.3, trigger a use-after-free error and crash the application or execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
180) Use-after-free (CVE-ID: CVE-2021-20232)
The vulnerability allows a remote attacker to compromise vulnerable system.
The
vulnerability exists due to a use-after-free error in client_send_params in lib/ext/pre_shared_key.c. A remote attacker can trick the victim to connect
to a malicious server using a large Client Hello message over TLS 1.3,
trigger a use-after-free error and crash the application or execute
arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
181) Heap-based buffer overflow (CVE-ID: CVE-2021-3872)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
182) Heap-based buffer overflow (CVE-ID: CVE-2021-3903)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
183) Heap-based buffer overflow (CVE-ID: CVE-2021-3927)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
184) Use of Uninitialized Variable (CVE-ID: CVE-2021-3928)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to parsing uninitialized variable. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
185) Heap-based buffer overflow (CVE-ID: CVE-2021-3973)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
186) Use-after-free (CVE-ID: CVE-2021-3974)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
187) Heap-based buffer overflow (CVE-ID: CVE-2021-4136)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
188) Race condition (CVE-ID: CVE-2022-39188)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within include/asm-generic/tlb.h in the Linux kernel. A local user can exploit the race and escalate privileges on the system.
Note, this only occurs in situations with VM_PFNMAP VMAs.
189) Out-of-bounds read (CVE-ID: CVE-2021-20266)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the hdrblobInit() function in lib/header.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
190) Security features bypass (CVE-ID: CVE-2021-39713)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to multiple issues in Qdisc implementation related to rcu read lock. A local application can execute arbitrary code with elevated privileges.
191) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-31676)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions. A local unprivileged user on the guest OS can execute arbitrary code as a root user in the virtual machine.
192) Out-of-bounds read (CVE-ID: CVE-2022-41742)
The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service attack.
The vulnerability exists due to a boundary condition within the ngx_http_mp4_module module when handling MP4 files. A remote attacker can pass a specially crafted file to the server, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service attack.
193) Out-of-bounds read (CVE-ID: CVE-2022-41741)
The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service attack.
The vulnerability exists due to a boundary condition within the ngx_http_mp4_module module when handling MP4 files. A remote attacker can pass a specially crafted file to the server, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service attack.
194) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2021-3421)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to insufficient signature validation in the read functionality n the RPM package. A remote attacker can trick the victim into installing a seemingly verifiable package and cause RPM database corruption.
195) Insufficient verification of data authenticity (CVE-ID: CVE-2021-20271)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an error in RPM's signature check functionality when reading package files. A remote attacker can create a specially crafted package with a modified signature header, trick the victim into installing and compromise the affected system.
196) Use-after-free (CVE-ID: CVE-2021-4069)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
197) Out-of-bounds read (CVE-ID: CVE-2021-4166)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.
198) Use-after-free (CVE-ID: CVE-2022-0413)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when using freed memory when substitute with function call . A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
199) Heap-based buffer overflow (CVE-ID: CVE-2022-0361)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when copying lines in Visual mode. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
200) Buffer overflow (CVE-ID: CVE-2022-0351)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
201) Heap-based buffer overflow (CVE-ID: CVE-2022-0318)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
202) Heap-based buffer overflow (CVE-ID: CVE-2022-0261)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
203) Use-after-free (CVE-ID: CVE-2021-4192)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
204) Heap-based buffer overflow (CVE-ID: CVE-2023-38545)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the SOCKS5 proxy handshake. A remote attacker can trick the victim to visit a malicious website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system but requires that SOCKS5 proxy is used and that SOCKS5 handshake is slow (e.g. under heavy load or DoS attack).
205) Out-of-bounds read (CVE-ID: CVE-2020-35527)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling ALTER TABLE for views that have a nested FROM clause. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds read error and read contents of memory on the system.
206) Improper certificate validation (CVE-ID: CVE-2023-28321)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper certificate validation when matching wildcards in TLS certificates for IDN names. A remote attacker crate a specially crafted certificate that will be considered trusted by the library.
Successful exploitation of the vulnerability requires that curl is built to use OpenSSL, Schannel or Gskit.
207) OS Command Injection (CVE-ID: CVE-2023-28486)
The vulnerability allows a local user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing control characters in the log messages. A local user can inject specially crafted characters to the log messages and execute arbtirary OS commands on the system when the command is executed from the log (e.g. via the "sudoreplay -l").
208) Use-after-free (CVE-ID: CVE-2022-4292)
The vulnerability allows a remote attacker to compromise vulnerable system.
The
vulnerability exists due to a use-after-free error within the did_set_spelllang() funtion in spell.c. A remote attacker can trick the
victim to open a specially crafted file, trigger a use-after-free error
and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
209) Incorrect Comparison (CVE-ID: CVE-2022-4293)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a floating point exception within the num_divide() function in eval.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
210) Out-of-bounds read (CVE-ID: CVE-2023-0049)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the build_stl_str_hl() function in buffer.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
211) Heap-based buffer overflow (CVE-ID: CVE-2023-0051)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the msg_puts_printf(0 function in message.c. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
212) Out-of-bounds write (CVE-ID: CVE-2023-0054)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within the do_string_sub() function in eval.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
213) Heap-based buffer overflow (CVE-ID: CVE-2023-0288)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the ml_append_int() function in memline.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
214) Heap-based buffer overflow (CVE-ID: CVE-2023-0433)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the same_leader() and utfc_ptr2len() function. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
215) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2023-23916)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect implementation of the "chained" HTTP compression algorithms, where the number of links in the decompression chain was limited for each header instead of the entire request. A remote attacker can send a specially crafted compressed HTTP request with numerous headers and perform a denial of service (DoS) attack.
216) Improper input validation (CVE-ID: CVE-2023-21830)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Serialization component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
217) Improper input validation (CVE-ID: CVE-2023-21843)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Sound component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
218) Heap-based buffer overflow (CVE-ID: CVE-2022-48303)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the from_header() function in list.c when handling V7 archives. A remote attacker can trick the victim to open a specially crafted V7 archive, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
219) Improper access control (CVE-ID: CVE-2022-21216)
The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in out-of-band management in Intel processors. A remote privileged user on the local network can bypass implemented security restrictions and gain unauthorized access to the application.
220) Incorrect default permissions (CVE-ID: CVE-2022-33196)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for memory controller configurations for some Intel Xeon processors when using Intel Software Guard Extensions. A local user escalate privileges on the system.
221) Improper isolation or compartmentalization (CVE-ID: CVE-2022-38090)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper isolation of shared resources in some Intel processors when using Intel Software Guard Extensions. A local user can gain access to sensitive information.
222) OS Command Injection (CVE-ID: CVE-2023-28487)
The vulnerability allows a local user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing control characters in the sudoreplay output. A local user can inject specially crafted characters to the log messages and execute arbitrary OS commands on the system.223) Use-after-free (CVE-ID: CVE-2022-3705)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling files within the qf_update_buffer() function in quickfix.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
224) Out-of-bounds write (CVE-ID: CVE-2023-26551)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within mstolfp in libntp/mstolfp.c. A remote attacker with control over a malicious NTP server can trick the victim into connecting to it, trigger an out-of-bounds write and execute arbitrary code on the target system via the client ntpq process.
225) Improper synchronization (CVE-ID: CVE-2023-28320)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper synchronization when resolving host names using the alarm() and siglongjmp() function. A remote attacker can force the application to crash by influencing contents of the global buffer.
226) Use-after-free (CVE-ID: CVE-2023-28319)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a use-after-free error when checking the SSH sha256 fingerprint. A remote attacker can use the application to connect to a malicious SSH server, trigger a use-after-free error and gain access to potentially sensitive information.
Successful exploitation of the vulnerability requires usage of the the CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 option, and also CURLOPT_VERBOSE or CURLOPT_ERRORBUFFER options have to be set.
227) Information disclosure (CVE-ID: CVE-2022-27774)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to curl attempts to follow redirects during authentication process and does not consider different port numbers or protocols to be separate authentication targets. If the web application performs redirection to a different port number of protocol, cURL will allow such redirection and will pass credentials. It could also leak the TLS SRP credentials this way.
By default, curl only allows redirects to HTTP(S) and FTP(S), but can be asked to allow redirects to all protocols curl supports.
228) Out-of-bounds write (CVE-ID: CVE-2023-26554)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within mstolfp in libntp/mstolfp.c. A remote attacker with control over a malicious NTP server can trick the victim into connecting to it, trigger an out-of-bounds write and execute arbitrary code on the target system via the client ntpq process.
229) Out-of-bounds write (CVE-ID: CVE-2023-26553)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within mstolfp in libntp/mstolfp.c. A remote attacker with control over a malicious NTP server can trick the victim into connecting to it, trigger an out-of-bounds write and execute arbitrary code on the target system via the client ntpq process.
230) Out-of-bounds write (CVE-ID: CVE-2023-26552)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within mstolfp in libntp/mstolfp.c. A remote attacker with control over a malicious NTP server can trick the victim into connecting to it, trigger an out-of-bounds write and execute arbitrary code on the target system via the client ntpq process.
231) Buffer overflow (CVE-ID: CVE-2023-29491)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing malformed data in a terminfo database file. A local user can trigger memory corruption and execute arbitrary code on the target system.
232) Cleartext transmission of sensitive information (CVE-ID: CVE-2023-0922)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to samba-tool transmits credentials to the LDAP server in clear text. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
233) Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-ID: CVE-2023-29383)
The vulnerability allows a local user to inject arbitrary code.
The vulnerability exists due to an input validation error when processing fields provided to the SUID program chfn (change finger). A local user can inject and execute arbitrary code or misrepresent existing files.
234) Resource management error (CVE-ID: CVE-2023-29469)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources when working with hashes of empty dict strings. A remote attacker can and perform a denial of service (DoS) attack.
235) NULL pointer dereference (CVE-ID: CVE-2023-28484)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in xmlSchemaFixupComplexType. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
236) Input validation error (CVE-ID: CVE-2023-1981)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can initiate a DBUS call to the daemon and perform a denial of service (DoS) attack.
237) Input validation error (CVE-ID: CVE-2023-25193)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in hb-ot-layout-gsubgpos.hh. A remote attacker can use consecutive marks during the process of looking back for base glyphs when attaching marks and perform a denial of service (DoS) attack.
238) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2023-0465)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error when validating certificate policies in leaf certificates. A remote attacker that controls a malicious CA server can issue a certificate that will be validated by the application.
239) Heap-based buffer overflow (CVE-ID: CVE-2022-4141)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to execute the CTRL-W gf in the expression used in the RHS of the substitute command, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
240) Use-after-free (CVE-ID: CVE-2022-3591)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the bt_quickfix() function in buffer.c. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
241) Buffer overflow (CVE-ID: CVE-2021-3177)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary within the PyCArg_repr in _ctypes/callproc.c. A remote attacker can pass specially crafted input to the Python applications that accept floating-point numbers as untrusted input, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
242) Reachable Assertion (CVE-ID: CVE-2022-42010)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in debug builds caused by a syntactically invalid type signature with incorrectly nested parentheses and curly brackets. A local user can perform a denial of service (DoS) attack.
243) Integer overflow (CVE-ID: CVE-2022-37454)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the Keccak XKCP SHA-3 reference implementation. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system or eliminate expected cryptographic properties.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
244) Heap-based buffer overflow (CVE-ID: CVE-2022-37434)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a large gzip header within inflateGetHeader in inflate.c. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
245) Heap-based buffer overflow (CVE-ID: CVE-2022-37452)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error for the alias list within the host_name_lookup() function in host.c when the sender_host_name is set. A remote attacker can initiate a connection to the affected server, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
246) Out-of-bounds write (CVE-ID: CVE-2022-2601)
The vulnerability allows an attacker to bypass implemented security restrictions.
The vulnerability exists due to a boundary error within the grub_font_construct_glyph() function when handling pf2 font. An attacker with physical access to the affected system can trigger an out-of-bounds write and bypass secure boot restrictions.
247) Out-of-bounds write (CVE-ID: CVE-2022-3775)
The vulnerability allows an attacker to crash the system.
The vulnerability exists due to a boundary error when rendering certain unicode sequences in grub2 font code. An attacker with physical access to device can trigger an out-of-bounds write and perform a denial of service (DoS) attack.
248) Privilege escalation (CVE-ID: CVE-2018-7738)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists due to insufficient validation of shell commands that are used in the name of a mountpoint. A local attacker can embed crafted shell commands in the name of a mountpoint. If another user on the system executes the umount command along with a tab character for autocomplete, the attacker can gain elevated privileges.
249) Stack-based buffer overflow (CVE-ID: CVE-2022-3479)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the NSS_GetClientAuthData() function in /lib/ssl/authcert.c when accessing gnutls server without a user certificate in the database. A remote attacker can trigger a stack-based buffer overflow and crash the application using the affected library.
250) Improper Privilege Management (CVE-ID: CVE-2023-26604)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper privilege management for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.
251) Data Handling (CVE-ID: CVE-2015-8985)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.
252) Input validation error (CVE-ID: CVE-2022-2928)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error related to the way processing lease queries are processed by the DHCP server. With a DHCP server configured with "allow leasequery;" a remote attacker can send lease queries for the same lease multiple times, leading to the "add_option()" function being repeatedly called. This can cause an option's "refcount" field to overflow and the server to abort.
253) Out-of-bounds write (CVE-ID: CVE-2022-3597)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing TIFF images within the _TIFFmemcpy() function in libtiff/tif_unix.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.
254) Off-by-one (CVE-ID: CVE-2022-3821)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the format_timespan() function in time-util.c. A local user can trigger an off-by-one error and perform a denial of service (DoS) attack.
255) Path traversal (CVE-ID: CVE-2018-18586)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
** DISPUTED ** chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application.
256) Incorrect default permissions (CVE-ID: CVE-2019-2708)
The vulnerability allows a local user to crash the service.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can cause a denial of service attack.
257) Improper input validation (CVE-ID: CVE-2022-21619)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Security component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
258) Heap-based buffer overflow (CVE-ID: CVE-2022-3520)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the inc() function in misc2.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
259) Out-of-bounds write (CVE-ID: CVE-2022-3598)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing TIFF images within the extractContigSamplesShifted24bits() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF image to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.
260) Heap-based buffer overflow (CVE-ID: CVE-2022-3491)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the skipwhite() function in charset.c. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
261) Heap-based buffer overflow (CVE-ID: CVE-2022-48281)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the processCropSelections() function in tools/tiffcrop.c in LibTIFF. A remote attacker can pass a specially crafted TIFF image to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
262) Insufficient verification of data authenticity (CVE-ID: CVE-2022-23491)
The vulnerability allows a remote attacker to bypass certificate validation checks.
The vulnerability exists due to presence of the TrustCor certificate in the Root Certificates list. the certificate is removed due to TrustCor's ownership also operated a business that produced spyware. Therefore, any checks that rely on digital signatures of trusted certificates were compromised.
263) Incorrect Regular Expression (CVE-ID: CVE-2022-40897)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing HTML content. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
264) NULL pointer dereference (CVE-ID: CVE-2022-44793)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the handle_ipv6IpForwarding() function in agent/mibgroup/ip-mib/ip_scalars.c. A remote attacker can send specially crafted UDP packets to the application and perform a denial of service (DoS) attack.
265) NULL pointer dereference (CVE-ID: CVE-2022-44792)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the handle_ipDefaultTTL() function in agent/mibgroup/ip-mib/ip_scalars.c. A remote non-authenticated attacker can send specially crafted UDP to the application and perform a denial of service (DoS) attack.
266) Heap-based buffer overflow (CVE-ID: CVE-2022-3570)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in tiffcrop.c utility in libtiff when processing TIFF files. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
267) Information disclosure (CVE-ID: CVE-2021-42523)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in colord/src/cd-device-db.c and colord/src/cd-profile-db.c. A remote attacker can gain unauthorized access to sensitive information.
268) Improper Privilege Management (CVE-ID: CVE-2022-4415)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper privilege management when handling coredumps in coredump/coredump.c. A local user can gain access to sensitive information.
The vulnerability affects systems with libacl support.
269) Integer overflow (CVE-ID: CVE-2022-47629)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the CRL signature parser. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
270) Heap-based buffer overflow (CVE-ID: CVE-2021-3778)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
271) Integer overflow (CVE-ID: CVE-2017-5953)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
272) Information disclosure (CVE-ID: CVE-2017-17087)
The vulnerability allows a local authenticated user to gain access to sensitive information.
fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.
273) Use-after-free (CVE-ID: CVE-2022-43552)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error while processing denied requests from HTTP proxies when using SMB or TELNET protocols. A remote attacker can trigger a use-after-free error and crash the application.
Remediation
Install update from vendor's website.