Report Name: Linux Patch Wednesday April 2024
Generated: 2024-06-16 02:22:51

Product Name	Prevalence	U	C	H	M	L	A	Comment
Apache HTTP Server	0.9					2	2	Apache HTTP Server is a free and open-source web server that delivers web content through the internet
GitLab	0.9			1	2		3	GitLab is a DevOps software package that combines the ability to develop, secure, and operate software in a single application
HTTP/2	0.9				1		1	HTTP/2 is a major revision of the HTTP network protocol used by the World Wide Web
Linux Kernel	0.9				19	15	34	The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
Sudo	0.9				1		1	Sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user
Windows Kernel	0.9			1			1	Windows Kernel
Windows LDAP	0.9				1		1	Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
nghttp2	0.9		1				1	nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C
Chromium	0.8		3	2	12		17	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
ICMP	0.8			1			1	The Internet Control Message Protocol (ICMP) is a network layer protocol used by network devices to diagnose network communication issues
Mozilla Firefox	0.8				9	1	10	Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
Node.js	0.8		1	1	3		5	Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
OpenSSL	0.8				1		1	A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
PHP	0.8		1				1	PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
RPC	0.8				1		1	Remote Procedure Call Runtime
Safari	0.8		1		3	3	7	Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
Apache Tomcat	0.7			1	1		2	Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies
Apache Traffic Server	0.7			1			1	The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
BIND	0.7		1				1	BIND is a suite of software for interacting with the Domain Name System
Curl	0.7					2	2	Curl is a command-line tool for transferring data specified with URL syntax
MediaWiki	0.7			10	6	1	17	MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
QEMU	0.7			1	4		5	QEMU is a generic and open source machine & userspace emulator and virtualizer
iOS	0.7				1		1	iOS is an operating system developed and marketed by Apple Inc
vim	0.7			1			1	Vim is a free and open-source, screen-based text editor program
FreeRDP	0.6			3			3	FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license
Jenkins	0.6	1		2	7		10	Jenkins is an open source automation server. It helps automate the parts of software development related to building, testing, and deploying, facilitating continuous integration, and continuous delivery.
Jetty	0.6		1				1	Jetty is a Java based web server and servlet engine
Oracle Java SE	0.6				4		4	Oracle Java SE
Perl	0.6			3	3	2	8	Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
Python	0.6		1		1		2	Python is a high-level, general-purpose programming language
Wireshark	0.6		2		2		4	Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
7-Zip	0.5				1		1	KeePass is a free open source password manager, which helps you to manage your passwords in a secure way
Cacti	0.5		1	5			6	Cacti is an open source operational monitoring and fault management framework
Docker	0.5				1		1	Docker
Flask	0.5			1			1	Flask is a lightweight WSGI web application framework
TLS	0.5				1	1	2	TLS
TRIE	0.5				6		6	TRIE
nginx	0.5				2		2	Nginx is an open-source web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache
GPAC	0.4		1	7	2		10	GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
Git	0.4				2		2	Git
Unknown Product	0			38	117	25	180	Unknown Product

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0		3	9	67		79
Authentication Bypass	0.98	1	1	4	2		8
Code Injection	0.97			2	2		4
Command Injection	0.97		1	1	7		9
Security Feature Bypass	0.9		3	6	15		24
Elevation of Privilege	0.85			1	2		3
Arbitrary File Reading	0.83				1		1
Information Disclosure	0.83			2	4	1	7
Cross Site Scripting	0.8			14	8		22
Open Redirect	0.75			1	1		2
Denial of Service	0.7		4	18	29	3	54
Path Traversal	0.7		2	1	7		10
Incorrect Calculation	0.5			3	11		14
Memory Corruption	0.5			17	45	5	67
Spoofing	0.4				1		1
Unknown Vulnerability Type	0				12	43	55

Source	U	C	H	M	L	A
almalinux		2	3	32	16	53
debian		11	50	167	43	271
oraclelinux		2	3	38	17	60
redhat		2	3	37	20	62
redos	1	10	67	86	16	180
ubuntu		2	3	43	30	78

Urgent (1)

1. Authentication Bypass - Jenkins (CVE-2024-23897) - Urgent [929]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

redos: CVE-2024-23897 was patched at 2024-04-11

Critical (14)

2. Remote Code Execution - Safari (CVE-2023-42950) - Critical [746]

Description: A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.

debian: CVE-2023-42950 was patched at 2024-05-09, 2024-05-15

ubuntu: CVE-2023-42950 was patched at 2024-04-15

3. Security Feature Bypass - Chromium (CVE-2024-2630) - Critical [704]

Description: Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

debian: CVE-2024-2630 was patched at 2024-03-28, 2024-05-15

redos: CVE-2024-2630 was patched at 2024-05-03

4. Denial of Service - nghttp2 (CVE-2024-27316) - Critical [703]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

almalinux: CVE-2024-27316 was patched at 2024-04-11, 2024-04-18, 2024-04-30

debian: CVE-2024-27316 was patched at 2024-04-16, 2024-05-15

oraclelinux: CVE-2024-27316 was patched at 2024-04-11, 2024-04-18, 2024-05-07

redhat: CVE-2024-27316 was patched at 2024-04-11, 2024-04-18, 2024-04-30, 2024-05-16, 2024-05-20, 2024-05-28

redos: CVE-2024-27316 was patched at 2024-04-25

ubuntu: CVE-2024-27316 was patched at 2024-04-11, 2024-04-17, 2024-04-29

5. Path Traversal - Node.js (CVE-2024-21891) - Critical [680]

Description: Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

almalinux: CVE-2024-21891 was patched at 2024-04-08

oraclelinux: CVE-2024-21891 was patched at 2024-04-08

redhat: CVE-2024-21891 was patched at 2024-04-08

6. Security Feature Bypass - Chromium (CVE-2024-2628) - Critical [669]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2024-2628 was patched at 2024-03-28, 2024-05-15

redos: CVE-2024-2628 was patched at 2024-05-03

7. Authentication Bypass - PHP (CVE-2023-4448) - Critical [665]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue affects some unknown processing of the file admin/run-movepass.php. The manipulation of the argument password/password2 leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 4dff387283060961c362d50105ff8da8ea40bcbe. It is recommended to apply a patch to fix this issue. The identifier VDB-237569 was assigned to this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

redos: CVE-2023-4448 was patched at 2024-03-29

8. Denial of Service - Jetty (CVE-2024-22201) - Critical [659]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2024-22201 was patched at 2024-04-17, 2024-05-15

redos: CVE-2024-22201 was patched at 2024-04-22

9. Command Injection - BIND (CVE-2023-48306) - Critical [647]

Description: Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Enterprise Server, the DNS pin middleware was vulnerable to DNS rebinding allowing an attacker to perform SSRF as a final result. Nextcloud Server 25.0.11, 26.0.6, and 27.1.0 and Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 contain patches for this issue. No known workarounds are available.

redos: CVE-2023-48306 was patched at 2024-04-02

10. Remote Code Execution - Cacti (CVE-2023-49085) - Critical [630]

Description: Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.

debian: CVE-2023-49085 was patched at 2024-03-24, 2024-05-15

11. Path Traversal - Python (CVE-2022-44900) - Critical [629]

Description: A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.

debian: CVE-2022-44900 was patched at 2024-04-02, 2024-05-15

12. Remote Code Execution - GPAC (CVE-2023-46932) - Critical [626]

Description: Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box.

debian: CVE-2023-46932 was patched at 2024-05-15

redos: CVE-2023-46932 was patched at 2024-04-08

13. Security Feature Bypass - Chromium (CVE-2024-3156) - Critical [621]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2024-3156 was patched at 2024-04-03, 2024-05-15

redos: CVE-2024-3156 was patched at 2024-05-03

14. Denial of Service - Wireshark (CVE-2021-22173) - Critical [605]

Description: Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file

debian: CVE-2021-22173 was patched at 2024-05-15

redos: CVE-2021-22173 was patched at 2024-04-15

15. Denial of Service - Wireshark (CVE-2021-22174) - Critical [605]

Description: Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file

debian: CVE-2021-22174 was patched at 2024-05-15

redos: CVE-2021-22174 was patched at 2024-04-15

High (79)

16. Security Feature Bypass - vim (CVE-2023-4736) - High [598]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

redos: CVE-2023-4736 was patched at 2024-03-29

17. Authentication Bypass - Unknown Product (CVE-2024-3096) - High [597]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2024-3096 was patched at 2024-04-15, 2024-05-15

ubuntu: CVE-2024-3096 was patched at 2024-04-29, 2024-05-02

18. Remote Code Execution - Cacti (CVE-2023-49084) - High [595]

Description: Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server.

debian: CVE-2023-49084 was patched at 2024-03-24, 2024-05-15

19. Remote Code Execution - Unknown Product (CVE-2023-6395) - High [583]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

redos: CVE-2023-6395 was patched at 2024-04-10

20. Denial of Service - Apache Traffic Server (CVE-2024-31309) - High [569]

Description: HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server.  Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute.  ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.

debian: CVE-2024-31309 was patched at 2024-04-14, 2024-05-15

21. Cross Site Scripting - MediaWiki (CVE-2023-51704) - High [557]

Description: An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php, group-*-member messages can result in XSS on Special:log/rights.

debian: CVE-2023-51704 was patched at 2024-05-15

redos: CVE-2023-51704 was patched at 2024-04-08

22. Cross Site Scripting - MediaWiki (CVE-2024-23173) - High [557]

Description: An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php.

redos: CVE-2024-23173 was patched at 2024-04-09

23. Cross Site Scripting - MediaWiki (CVE-2024-23177) - High [557]

Description: An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter.

redos: CVE-2024-23177 was patched at 2024-04-09

24. Cross Site Scripting - MediaWiki (CVE-2024-23179) - High [557]

Description: An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks.

redos: CVE-2024-23179 was patched at 2024-04-09

25. Memory Corruption - Chromium (CVE-2024-3158) - High [550]

Description: Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2024-3158 was patched at 2024-04-03, 2024-05-15

redos: CVE-2024-3158 was patched at 2024-05-03

26. Memory Corruption - Chromium (CVE-2024-3159) - High [550]

Description: Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2024-3159 was patched at 2024-04-03, 2024-05-15

redos: CVE-2024-3159 was patched at 2024-05-03

27. Elevation of Privilege - Perl (CVE-2023-0507) - High [549]

Description: Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible due to map attributions weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include a map attribution containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix.

redos: CVE-2023-0507 was patched at 2024-04-03

28. Remote Code Execution - Unknown Product (CVE-2023-48106) - High [547]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_resolve function in the mz_os.c file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

redos: CVE-2023-48106 was patched at 2024-03-28

29. Incorrect Calculation - FreeRDP (CVE-2023-40574) - High [546]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `writePixelBGRX` function. This issue is likely down to incorrect calculations of the `nHeight` and `srcStep` variables. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

redos: CVE-2023-40574 was patched at 2024-03-28

30. Memory Corruption - FreeRDP (CVE-2023-40187) - High [546]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of the 3.x beta branch are subject to a Use-After-Free issue in the `avc420_ensure_buffer` and `avc444_ensure_buffer` functions. If the value of `piDstSize[x]` is 0, `ppYUVDstData[x]` will be freed. However, in this case `ppYUVDstData[x]` will not have been updated which leads to a Use-After-Free vulnerability. This issue has been addressed in version 3.0.0-beta3. Users of the 3.x beta releases are advised to upgrade. There are no known workarounds for this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

redos: CVE-2023-40187 was patched at 2024-03-28

31. Security Feature Bypass - Unknown Product (CVE-2024-24747) - High [541]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for `s3:*` actions, but also `admin:*` actions. Which means unless somewhere above in the access-key hierarchy, the `admin` rights are denied, access keys will be able to simply override their own `s3` permissions to something more permissive. The vulnerability is fixed in RELEASE.2024-01-31T20-20-33Z.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

redos: CVE-2024-24747 was patched at 2024-04-10

32. Cross Site Scripting - Perl (CVE-2023-1410) - High [540]

Description: Grafana is an open-source platform for monitoring and observability.  Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description.  Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix.

redos: CVE-2023-1410 was patched at 2024-04-03

33. Denial of Service - MediaWiki (CVE-2023-45367) - High [539]

Description: An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cu_useragent_clienthints, leading to a denial of service.

redos: CVE-2023-45367 was patched at 2024-04-05

34. Remote Code Execution - Unknown Product (CVE-2023-48107) - High [535]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os.c file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

redos: CVE-2023-48107 was patched at 2024-03-28

35. Memory Corruption - FreeRDP (CVE-2023-40575) - High [534]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_YUV444ToRGB_8u_P3AC4R_BGRX` function. This issue is likely down to insufficient data for the `pSrc` variable and results in crashes. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

redos: CVE-2023-40575 was patched at 2024-03-28

36. Cross Site Scripting - MediaWiki (CVE-2024-23171) - High [533]

Description: An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n).

redos: CVE-2024-23171 was patched at 2024-04-09

37. Cross Site Scripting - MediaWiki (CVE-2024-23172) - High [533]

Description: An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.

redos: CVE-2024-23172 was patched at 2024-04-09

38. Cross Site Scripting - MediaWiki (CVE-2024-23174) - High [533]

Description: An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder, pagetriage-filter-date-range-to, pagetriage-filter-date-range-from, pagetriage-filter-date-range-heading, pagetriage-filter-set-button, or pagetriage-filter-reset-button message.

redos: CVE-2024-23174 was patched at 2024-04-09

39. Cross Site Scripting - MediaWiki (CVE-2024-23178) - High [533]

Description: An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.

redos: CVE-2024-23178 was patched at 2024-04-09

40. Denial of Service - Unknown Product (CVE-2020-7753) - High [529]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

redos: CVE-2020-7753 was patched at 2024-04-03

41. Open Redirect - Flask (CVE-2023-49438) - High [526]

Description: An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.

redos: CVE-2023-49438 was patched at 2024-04-08

42. Cross Site Scripting - Cacti (CVE-2023-39360) - High [523]

Description: Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data. The vulnerability is found in `graphs_new.php`. Several validations are performed, but the `returnto` parameter is directly passed to `form_save_button`. In order to bypass this validation, returnto must contain `host.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.

debian: CVE-2023-39360 was patched at 2024-03-24, 2024-05-15

43. Cross Site Scripting - Cacti (CVE-2023-39513) - High [523]

Description: Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `host.php` is used to monitor and manage hosts in the _cacti_ app, hence displays useful information such as data queries and verbose logs. _CENSUS_ found that an adversary that is able to configure a data-query template with malicious code appended in the template path, in order to deploy a stored XSS attack against any user with the _General Administration>Sites/Devices/Data_ privileges. A user that possesses the _Template Editor>Data Queries_ permissions can configure the data query template path in _cacti_. Please note that such a user may be a low privileged user. This configuration occurs through `http://<HOST>/cacti/data_queries.php` by editing an existing or adding a new data query template. If a template is linked to a device then the formatted template path will be rendered in the device's management page, when a _verbose data query_ is requested. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.

debian: CVE-2023-39513 was patched at 2024-03-24, 2024-05-15

44. Cross Site Scripting - Cacti (CVE-2023-49088) - High [523]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in `data_debug.php`. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: `General Administration>Sites/Devices/Data`. The victim of this attack could be any account with permissions to view `http://<HOST>/cacti/data_debug.php`. As of time of publication, no complete fix has been included in Cacti.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-49088 was patched at 2024-03-24, 2024-05-15

45. Cross Site Scripting - Cacti (CVE-2023-49086) - High [511]

Description: Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. Impact of the vulnerability - execution of arbitrary javascript code in the attacked user's browser. This issue has been patched in version 1.2.26.

debian: CVE-2023-49086 was patched at 2024-03-24, 2024-05-15

46. Remote Code Execution - Unknown Product (CVE-2023-43361) - High [511]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

almalinux: CVE-2023-43361 was patched at 2024-05-22

debian: CVE-2023-43361 was patched at 2024-05-15

oraclelinux: CVE-2023-43361 was patched at 2024-05-23

redhat: CVE-2023-43361 was patched at 2024-05-22

redos: CVE-2023-43361 was patched at 2024-04-04

47. Command Injection - Unknown Product (CVE-2023-26156) - High [506]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious actions on the host system.\r\r**Note:**\r\rAn attacker must have access to the system running the vulnerable chromedriver library to exploit it. The success of exploitation also depends on the permissions and privileges of the process running chromedriver.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

redos: CVE-2023-26156 was patched at 2024-03-29

48. Information Disclosure - Unknown Product (CVE-2022-23498) - High [505]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can disable datasource query caching for all datasources. This issue has been patched in versions 9.2.10 and 9.3.4.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

redos: CVE-2022-23498 was patched at 2024-04-04, 2024-04-05

49. Incorrect Calculation - Unknown Product (CVE-2023-42118) - High [500]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-42118 was patched at 2024-05-15

redos: CVE-2023-42118 was patched at 2024-04-04

50. Remote Code Execution - Unknown Product (CVE-2023-34087) - High [500]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An improper array index validation vulnerability exists in the EVCD var len parsing functionality of GTKWave 3.3.115. A specially crafted .evcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-34087 was patched at 2024-04-03, 2024-05-15

51. Remote Code Execution - Unknown Product (CVE-2023-35004) - High [500]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An integer overflow vulnerability exists in the VZT longest_len value allocation functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-35004 was patched at 2024-04-03, 2024-05-15

52. Authentication Bypass - Unknown Product (CVE-2023-48239) - High [484]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and starting in version 20.0.0 and prior to versions 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8, 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Enterprise Server, a malicious user could update any personal or global external storage, making them inaccessible for everyone else as well. Nextcloud Server 25.0.13, 26.0.8, and 27.1.3 and Nextcloud Enterprise Server is upgraded to 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8, 25.0.13, 26.0.8, and 27.1.3 contain a patch for this issue. As a workaround, disable app files_external. This workaround also makes the external storage inaccessible but retains the configurations until a patched version has been deployed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

redos: CVE-2023-48239 was patched at 2024-04-02

53. Security Feature Bypass - Unknown Product (CVE-2023-48946) - High [482]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-48946 was patched at 2024-05-15

redos: CVE-2023-48946 was patched at 2024-04-02

54. Security Feature Bypass - Unknown Product (CVE-2023-48949) - High [482]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An issue in the box_add function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-48949 was patched at 2024-05-15

redos: CVE-2023-48949 was patched at 2024-04-02

55. Security Feature Bypass - Unknown Product (CVE-2023-51765) - High [482]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-51765 was patched at 2024-05-15

redos: CVE-2023-51765 was patched at 2024-04-08

56. Denial of Service - GPAC (CVE-2023-46871) - High [477]

Description: GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service.

debian: CVE-2023-46871 was patched at 2024-05-15

redos: CVE-2023-46871 was patched at 2024-04-05

57. Memory Corruption - GPAC (CVE-2023-48011) - High [477]

Description: GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c.

debian: CVE-2023-48011 was patched at 2024-05-15

redos: CVE-2023-48011 was patched at 2024-04-05

58. Memory Corruption - GPAC (CVE-2023-48013) - High [477]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-48013 was patched at 2024-05-15

redos: CVE-2023-48013 was patched at 2024-04-05

59. Memory Corruption - GPAC (CVE-2023-48014) - High [477]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-48014 was patched at 2024-05-15

redos: CVE-2023-48014 was patched at 2024-04-05

60. Denial of Service - Unknown Product (CVE-2023-3430) - High [470]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-3430 was patched at 2024-05-15

redos: CVE-2023-3430 was patched at 2024-04-08

61. Remote Code Execution - ICMP (CVE-2023-32727) - High [466]

Description: An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.

debian: CVE-2023-32727 was patched at 2024-05-15

redos: CVE-2023-32727 was patched at 2024-03-28

62. Denial of Service - MediaWiki (CVE-2024-34506) - High [455]

Description: An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request time, leading to a denial of service.

debian: CVE-2024-34506 was patched at 2024-03-31, 2024-05-15

redos: CVE-2024-34506 was patched at 2024-05-14

63. Memory Corruption - GPAC (CVE-2023-48090) - High [453]

Description: GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329.

debian: CVE-2023-48090 was patched at 2024-05-15

redos: CVE-2023-48090 was patched at 2024-04-02

64. Denial of Service - Unknown Product (CVE-2023-48945) - High [446]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-48945 was patched at 2024-05-15

redos: CVE-2023-48945 was patched at 2024-04-02

65. Denial of Service - Unknown Product (CVE-2023-48950) - High [446]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An issue in the box_col_len function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-48950 was patched at 2024-05-15

redos: CVE-2023-48950 was patched at 2024-04-02

66. Denial of Service - Unknown Product (CVE-2023-48951) - High [446]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An issue in the box_equal function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-48951 was patched at 2024-05-15

redos: CVE-2023-48951 was patched at 2024-04-02

67. Memory Corruption - Unknown Product (CVE-2023-49460) - High [446]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-49460 was patched at 2024-05-15

redos: CVE-2023-49460 was patched at 2024-04-08

68. Memory Corruption - Unknown Product (CVE-2023-49462) - High [446]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-49462 was patched at 2024-05-15

redos: CVE-2023-49462 was patched at 2024-04-08

69. Memory Corruption - Unknown Product (CVE-2023-49463) - High [446]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-49463 was patched at 2024-05-15

redos: CVE-2023-49463 was patched at 2024-04-08

70. Memory Corruption - Unknown Product (CVE-2023-49464) - High [446]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-49464 was patched at 2024-05-15

redos: CVE-2023-49464 was patched at 2024-04-08

71. Security Feature Bypass - Unknown Product (CVE-2024-2756) - High [446]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2024-2756 was patched at 2024-04-15, 2024-05-15

ubuntu: CVE-2024-2756 was patched at 2024-04-29, 2024-05-02

72. Memory Corruption - GPAC (CVE-2023-48039) - High [441]

Description: GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75.

debian: CVE-2023-48039 was patched at 2024-05-15

redos: CVE-2023-48039 was patched at 2024-04-02

73. Memory Corruption - GPAC (CVE-2023-48958) - High [441]

Description: gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.

debian: CVE-2023-48958 was patched at 2024-05-15

redos: CVE-2023-48958 was patched at 2024-04-05

74. Code Injection - Perl (CVE-2023-29453) - High [439]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g., "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template. Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-29453 was patched at 2024-05-15

redos: CVE-2023-29453 was patched at 2024-03-29

75. Denial of Service - Unknown Product (CVE-2023-49554) - High [434]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-49554 was patched at 2024-05-15

redos: CVE-2023-49554 was patched at 2024-04-09

76. Denial of Service - Unknown Product (CVE-2023-49555) - High [434]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-49555 was patched at 2024-05-15

redos: CVE-2023-49555 was patched at 2024-04-09

77. Denial of Service - Unknown Product (CVE-2023-49556) - High [434]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-49556 was patched at 2024-05-15

redos: CVE-2023-49556 was patched at 2024-04-09

78. Denial of Service - Unknown Product (CVE-2023-49557) - High [434]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-49557 was patched at 2024-05-15

redos: CVE-2023-49557 was patched at 2024-04-09

79. Denial of Service - Unknown Product (CVE-2023-49558) - High [434]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-49558 was patched at 2024-05-15

redos: CVE-2023-49558 was patched at 2024-04-09

80. Authentication Bypass - GitLab (CVE-2024-23901) - High [432]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

redos: CVE-2024-23901 was patched at 2024-04-11

81. Denial of Service - QEMU (CVE-2022-36648) - High [432]

Description: The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS.

debian: CVE-2022-36648 was patched at 2024-05-15

redos: CVE-2022-36648 was patched at 2024-04-01

82. Information Disclosure - Apache Tomcat (CVE-2023-34981) - High [431]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

redos: CVE-2023-34981 was patched at 2024-04-10

83. Cross Site Scripting - Unknown Product (CVE-2023-48301) - High [428]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, an attacker could insert links into circles name that would be opened when clicking the circle name in a search filter. Nextcloud Server and Nextcloud Enterprise Server versions 25.0.13, 26.0.8, and 27.1.3 contain a fix for this issue. As a workaround, disable app circles.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

redos: CVE-2023-48301 was patched at 2024-04-02

84. Denial of Service - Unknown Product (CVE-2021-37519) - High [422]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2021-37519 was patched at 2024-05-15

redos: CVE-2021-37519 was patched at 2024-04-12

85. Authentication Bypass - Jenkins (CVE-2024-23898) - High [417]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

redos: CVE-2024-23898 was patched at 2024-04-11

86. Path Traversal - Windows Kernel (CVE-2023-45283) - High [417]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?, resulting in filepath.Clean(\\?\\c:) returning \\?\\c: rather than \\?\\c:\\ (among other effects). The previous behavior has been restored.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-45283 was patched at 2024-05-15

redos: CVE-2023-45283 was patched at 2024-04-02

87. Code Injection - Node.js (CVE-2024-21892) - High [413]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE.\nDue to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set.\nThis allows unprivileged users to inject code that inherits the process's elevated privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

almalinux: CVE-2024-21892 was patched at 2024-03-25, 2024-03-26, 2024-04-08

debian: CVE-2024-21892 was patched at 2024-05-15

oraclelinux: CVE-2024-21892 was patched at 2024-03-26, 2024-04-08

redhat: CVE-2024-21892 was patched at 2024-03-25, 2024-03-26, 2024-04-08, 2024-04-18, 2024-04-22

88. Denial of Service - Unknown Product (CVE-2024-0684) - High [410]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

redos: CVE-2024-0684 was patched at 2024-04-09

89. Denial of Service - Unknown Product (CVE-2024-1441) - High [410]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

almalinux: CVE-2024-1441 was patched at 2024-04-30

debian: CVE-2024-1441 was patched at 2024-05-15

oraclelinux: CVE-2024-1441 was patched at 2024-04-10, 2024-05-07, 2024-06-03, 2024-06-13

redhat: CVE-2024-1441 was patched at 2024-04-30

redos: CVE-2024-1441 was patched at 2024-04-15

ubuntu: CVE-2024-1441 was patched at 2024-04-15, 2024-04-29

90. Incorrect Calculation - Unknown Product (CVE-2023-32650) - High [410]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-32650 was patched at 2024-04-03, 2024-05-15

91. Memory Corruption - Unknown Product (CVE-2023-43907) - High [410]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-43907 was patched at 2024-05-15

redos: CVE-2023-43907 was patched at 2024-04-04

92. Memory Corruption - Unknown Product (CVE-2023-51713) - High [410]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'make_ftp_cmd in main.c in ProFTPD before 1.3.8a has a one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-51713 was patched at 2024-05-15

redos: CVE-2023-51713 was patched at 2024-04-08

93. Memory Corruption - Unknown Product (CVE-2024-22563) - High [410]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2024-22563 was patched at 2024-05-15

redos: CVE-2024-22563 was patched at 2024-04-11

94. Remote Code Execution - Jenkins (CVE-2023-43496) - High [409]

Description: Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.

redos: CVE-2023-43496 was patched at 2024-04-11

Medium (214)

95. Denial of Service - Unknown Product (CVE-2024-25126) - Medium [398]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

almalinux: CVE-2024-25126 was patched at 2024-04-30, 2024-05-22

debian: CVE-2024-25126 was patched at 2024-05-15, 2024-05-24

oraclelinux: CVE-2024-25126 was patched at 2024-05-02, 2024-05-23

redhat: CVE-2024-25126 was patched at 2024-04-16, 2024-04-23, 2024-04-30, 2024-05-22, 2024-05-28

redos: CVE-2024-25126 was patched at 2024-05-08

96. Incorrect Calculation - Unknown Product (CVE-2023-52339) - Medium [398]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. It may result in buffer overflows.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2023-52339 was patched at 2024-05-15

redos: CVE-2023-52339 was patched at 2024-04-02

97. Path Traversal - Sudo (CVE-2023-42456) - Medium [394]

Description: Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting this functionality is a set of session files (timestamps) for each user, stored in `/var/run/sudo-rs/ts`. These files are named according to the username from which the sudo attempt is made (the origin user). An issue was discovered in versions prior to 0.2.1 where usernames containing the `.` and `/` characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For example we could add a user to the system containing the username `../../../../bin/cp`. When logged in as a user with that name, that user could run `sudo -K` to clear their session record file. The session code then constructs the path to the session file by concatenating the username to the session file storage directory, resulting in a resolved path of `/bin/cp`. The code then clears that file, resulting in the `cp` binary effectively being removed from the system. An attacker needs to be able to login as a user with a constructed username. Given that such a username is unlikely to exist on an existing system, they will also need to be able to create the users with the constructed usernames. The issue is patched in version 0.2.1 of sudo-rs. Sudo-rs now uses the uid for the user instead of their username for determining the filename. Note that an upgrade to this version will result in existing session files being ignored and users will be forced to re-authenticate. It also fully eliminates any possibility of path traversal, given that uids are always integer values. The `sudo -K` and `sudo -k` commands can run, even if a user has no sudo access. As a workaround, make sure that one's system does not contain any users with a specially crafted username. While this is the case and while untrusted users do not have the ability to create arbitrary users on the system, one should not be able to exploit this issue.

redos: CVE-2023-42456 was patched at 2024-03-28

98. Information Disclosure - Perl (CVE-2023-4457) - Medium [391]

Description: Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source. This vulnerability was fixed in version 1.2.2.

redos: CVE-2023-4457 was patched at 2024-04-03, 2024-04-05

99. Security Feature Bypass - Python (CVE-2021-21238) - Medium [391]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping because it did not validate the SAML document against an XML schema. This allowed invalid XML documents to be processed and such a document can trick pysaml2 with a wrapped signature. This is fixed in PySAML2 6.5.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2021-21238 was patched at 2024-05-15

redos: CVE-2021-21238 was patched at 2024-04-10

100. Denial of Service - QEMU (CVE-2022-3872) - Medium [384]

Description: An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.

debian: CVE-2022-3872 was patched at 2024-05-15

redos: CVE-2022-3872 was patched at 2024-03-29

101. Security Feature Bypass - GitLab (CVE-2024-23902) - Medium [382]

Description: {'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}