Report Name: Linux Patch Wednesday April 2024
Generated: 2024-04-18 02:32:26

Product Name	Prevalence	U	C	H	M	L	A	Comment
Apache HTTP Server	0.9				2		2	Apache HTTP Server is a free and open-source web server that delivers web content through the internet
GitLab	0.9			2	1		3	GitLab is a DevOps software package that combines the ability to develop, secure, and operate software in a single application
Linux Kernel	0.9			10	24		34	The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
nghttp2	0.9		1				1	nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C
Chromium	0.8		2	6	9		17	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
Mozilla Firefox	0.8			1	1		2	Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
Node.js	0.8			3	2		5	Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
RPC	0.8			1			1	Remote Procedure Call Runtime
Safari	0.8		1	1	5		7	Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
Apache Tomcat	0.7			1			1	Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies
Apache Traffic Server	0.7		1				1	The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
BIND	0.7			1			1	BIND is a suite of software for interacting with the Domain Name System
Curl	0.7				2		2	Curl is a command-line tool for transferring data specified with URL syntax
MediaWiki	0.7			15	1		16	MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
QEMU	0.7			3	2		5	QEMU is a generic and open source machine & userspace emulator and virtualizer
iOS	0.7				1		1	iOS is an operating system developed and marketed by Apple Inc
vim	0.7			1			1	Vim is a free and open-source, screen-based text editor program
FreeRDP	0.6			3			3	FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license
Jenkins	0.6	1		7	2		10	Jenkins is an open source automation server. It helps automate the parts of software development related to building, testing, and deploying, facilitating continuous integration, and continuous delivery.
Oracle Java SE	0.6				4		4	Oracle Java SE
Perl	0.6			1	1		2	Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
Wireshark	0.6			4			4	Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
7-Zip	0.5				1		1	KeePass is a free open source password manager, which helps you to manage your passwords in a secure way
Async	0.5			1			1	Product detected by a:async_project:async (exists in CPE dict)
C Driver	0.5				1		1	Product detected by a:mongodb:c_driver (exists in CPE dict)
Cacti	0.5		1	5			6	Cacti is an open source operational monitoring and fault management framework
Cargo	0.5			1			1	Product detected by a:rust-lang:cargo (exists in CPE dict)
Coreutils	0.5			1			1	Product detected by a:gnu:coreutils (exists in CPE dict)
Docker	0.5			1			1	Docker
Envoy	0.5				1		1	Product detected by a:envoyproxy:envoy (exists in CPE dict)
Flask	0.5			1			1	Flask is a lightweight WSGI web application framework
GLPI	0.5			1			1	Product detected by a:glpi-project:glpi (exists in CPE dict)
GRUB2	0.5				1		1	Product detected by a:gnu:grub2 (exists in CPE dict)
Go	0.5			1			1	Product detected by a:golang:go (exists in CPE dict)
Google Sheets	0.5			1			1	Product detected by a:grafana:google_sheets (exists in CPE dict)
Jq	0.5			2			2	Product detected by a:jqlang:jq (exists in CPE dict)
Libheif	0.5			4			4	Product detected by a:struktur:libheif (exists in CPE dict)
Minizip-ng	0.5		2				2	Product detected by a:zlib-ng:minizip-ng (exists in CPE dict)
OptiPNG	0.5			1			1	Product detected by a:optipng_project:optipng (exists in CPE dict)
PySAML2	0.5			1			1	Product detected by a:pysaml2_project:pysaml2 (exists in CPE dict)
QPDF	0.5			1			1	Product detected by a:qpdf_project:qpdf (exists in CPE dict)
Qbittorrent	0.5				1		1	Product detected by a:qbittorrent:qbittorrent (exists in CPE dict)
RapidCMS	0.5			1			1	Product detected by a:openrapid:rapidcms (exists in CPE dict)
Salt	0.5				2		2	Product detected by a:saltstack:salt (exists in CPE dict)
Sendmail	0.5			1			1	Product detected by a:sendmail:sendmail (exists in CPE dict)
Squid	0.5			1			1	Product detected by a:squid-cache:squid (exists in CPE dict)
Sudo	0.5				1		1	Product detected by a:memorysafety:sudo (exists in CPE dict)
TLS	0.5			1	1		2	TLS
TRIE	0.5			1			1	TRIE
Trim	0.5		1				1	Product detected by a:trim_project:trim (exists in CPE dict)
Vorbis-tools	0.5			1			1	Product detected by a:xiph:vorbis-tools (exists in CPE dict)
Worldmap Panel	0.5			1			1	Product detected by a:grafana:worldmap_panel (exists in CPE dict)
YARD	0.5			2			2	Product detected by a:yardoc:yard (exists in CPE dict)
Yasm	0.5			5			5	Product detected by a:yasm_project:yasm (exists in CPE dict)
Zabbix-agent2	0.5			2			2	Product detected by a:zabbix:zabbix-agent2 (exists in CPE dict)
atril	0.5			1			1	Product detected by a:mate-desktop:atril (does NOT exist in CPE dict)
chromedriver	0.5			1			1	Product detected by a:chromedriver_project:chromedriver (exists in CPE dict)
debmany	0.5				1		1	Product detected by a:debian:debmany (exists in CPE dict)
grafana	0.5			9	2		11	Product detected by a:grafana:grafana (exists in CPE dict)
gtkwave	0.5			82			82	Product detected by a:tonybybell:gtkwave (does NOT exist in CPE dict)
jbig2dec	0.5				1		1	Product detected by a:artifex:jbig2dec (exists in CPE dict)
libebml	0.5			1			1	Product detected by a:matroska:libebml (exists in CPE dict)
libfetch	0.5			1			1	Product detected by a:freebsd:libfetch (exists in CPE dict)
memcached	0.5			1			1	Product detected by a:memcached:memcached (exists in CPE dict)
minio	0.5		1				1	Product detected by a:minio:minio (exists in CPE dict)
mock	0.5		1				1	Product detected by a:rpm-software-management:mock (does NOT exist in CPE dict)
moodle	0.5			2	2		4	Product detected by a:moodle:moodle (exists in CPE dict)
nextcloud_server	0.5			3	2		5	Product detected by a:nextcloud:nextcloud_server (exists in CPE dict)
nginx	0.5				2		2	Nginx is an open-source web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache
openimageio	0.5			1			1	Product detected by a:openimageio:openimageio (exists in CPE dict)
openvswitch	0.5			1			1	Product detected by a:openvswitch:openvswitch (exists in CPE dict)
perl	0.5			1			1	Product detected by a:perl:perl (exists in CPE dict)
proftpd	0.5			2			2	Product detected by a:proftpd:proftpd (exists in CPE dict)
py7zr	0.5		1				1	Product detected by a:py7zr_project:py7zr (exists in CPE dict)
shim	0.5			2	4		6	Product detected by a:redhat:shim (exists in CPE dict)
virtuoso	0.5			5			5	Product detected by a:openlinksw:virtuoso (exists in CPE dict)
vmm-sys-util	0.5				1		1	Product detected by a:rust-vmm:vmm-sys-util (does NOT exist in CPE dict)
zabbix	0.5			2	1		3	Product detected by a:zabbix:zabbix (exists in CPE dict)
zabbix-agent	0.5				1		1	Product detected by a:zabbix:zabbix-agent (does NOT exist in CPE dict)
zabbix_server	0.5			1	1		2	Product detected by a:zabbix:zabbix_server (does NOT exist in CPE dict)
zeromq	0.5			1			1	Product detected by a:zeromq:zeromq (exists in CPE dict)
GPAC	0.4		1	8	1		10	GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
Unknown Product	0			2	12	12	26	Unknown Product

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0		6	73			79
Authentication Bypass	0.98	1		6			7
Code Injection	0.97			4			4
Command Injection	0.97			8	1		9
Security Feature Bypass	0.9		4	15	2		21
Elevation of Privilege	0.85			3			3
Arbitrary File Reading	0.83			1			1
Information Disclosure	0.83			5	3		8
Cross Site Scripting	0.8			20	2		22
Open Redirect	0.75			2			2
Denial of Service	0.7		2	33	11		46
Path Traversal	0.7		1	8	2		11
Incorrect Calculation	0.5			13	2		15
Memory Corruption	0.5			32	25		57
Spoofing	0.4				1		1
Unknown Vulnerability Type	0			2	48	12	62

Source	U	C	H	M	L	A
debian		8	168	74	8	258
ubuntu		2	17	28	2	49
redos	1	6	108	31	1	147
redhat		1	9	18	7	35
oraclelinux		1	8	13	4	26
almalinux		1	5	4	3	13

Urgent (1)

1. Authentication Bypass - Jenkins (CVE-2024-23897) - Urgent [929]

Description: {'nvd_cve_data_all': 'Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

redos: CVE-2024-23897 was patched at 2024-04-11

Critical (13)

2. Remote Code Execution - Safari (CVE-2023-42950) - Critical [746]

Description: A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.

debian: CVE-2023-42950 was patched at unknown date

ubuntu: CVE-2023-42950 was patched at 2024-04-15

3. Security Feature Bypass - Chromium (CVE-2024-2630) - Critical [704]

Description: Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

debian: CVE-2024-2630 was patched at 2024-03-28, unknown date

4. Denial of Service - nghttp2 (CVE-2024-27316) - Critical [703]

Description: HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.

debian: CVE-2024-27316 was patched at 2024-04-16, unknown date

ubuntu: CVE-2024-27316 was patched at 2024-04-11, 2024-04-17

redhat: CVE-2024-27316 was patched at 2024-04-11

oraclelinux: CVE-2024-27316 was patched at 2024-04-11

almalinux: CVE-2024-27316 was patched at 2024-04-11

5. Security Feature Bypass - Chromium (CVE-2024-2628) - Critical [669]

Description: {'nvd_cve_data_all': 'Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium)', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2024-2628 was patched at 2024-03-28, unknown date

6. Remote Code Execution - Cacti (CVE-2023-49085) - Critical [630]

Description: Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.

debian: CVE-2023-49085 was patched at 2024-03-24, unknown date

7. Remote Code Execution - Minizip-ng (CVE-2023-48106) - Critical [630]

Description: Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_resolve function in the mz_os.c file.

redos: CVE-2023-48106 was patched at 2024-03-28

8. Remote Code Execution - mock (CVE-2023-6395) - Critical [630]

Description: The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.

redos: CVE-2023-6395 was patched at 2024-04-10

9. Remote Code Execution - GPAC (CVE-2023-46932) - Critical [626]

Description: Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box.

debian: CVE-2023-46932 was patched at unknown date

redos: CVE-2023-46932 was patched at 2024-04-08

10. Security Feature Bypass - minio (CVE-2024-24747) - Critical [625]

Description: {'nvd_cve_data_all': 'MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for `s3:*` actions, but also `admin:*` actions. Which means unless somewhere above in the access-key hierarchy, the `admin` rights are denied, access keys will be able to simply override their own `s3` permissions to something more permissive. The vulnerability is fixed in RELEASE.2024-01-31T20-20-33Z.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for `s3:*` actions, but also `admin:*` actions. Which means unless somewhere above in the access-key hierarchy, the `admin` rights are denied, access keys will be able to simply override their own `s3` permissions to something more permissive. The vulnerability is fixed in RELEASE.2024-01-31T20-20-33Z.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

redos: CVE-2024-24747 was patched at 2024-04-10

11. Remote Code Execution - Minizip-ng (CVE-2023-48107) - Critical [619]

Description: Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os.c file.

redos: CVE-2023-48107 was patched at 2024-03-28

12. Denial of Service - Trim (CVE-2020-7753) - Critical [613]

Description: All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().

redos: CVE-2020-7753 was patched at 2024-04-03

13. Path Traversal - py7zr (CVE-2022-44900) - Critical [613]

Description: A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.

debian: CVE-2022-44900 was patched at 2024-04-02, unknown date

14. Security Feature Bypass - Apache Traffic Server (CVE-2024-31309) - Critical [604]

Description: HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server.  Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute.  ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.

debian: CVE-2024-31309 was patched at 2024-04-14, unknown date

High (225)

15. Security Feature Bypass - vim (CVE-2023-4736) - High [598]

Description: Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.

redos: CVE-2023-4736 was patched at 2024-03-29

16. Remote Code Execution - Vorbis-tools (CVE-2023-43361) - High [595]

Description: Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.

debian: CVE-2023-43361 was patched at unknown date

redos: CVE-2023-43361 was patched at 2024-04-04

17. Path Traversal - atril (CVE-2023-52076) - High [589]

Description: Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability.

debian: CVE-2023-52076 was patched at unknown date

redos: CVE-2023-52076 was patched at 2024-04-12

18. Command Injection - BIND (CVE-2023-48306) - High [587]

Description: Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Enterprise Server, the DNS pin middleware was vulnerable to DNS rebinding allowing an attacker to perform SSRF as a final result. Nextcloud Server 25.0.11, 26.0.6, and 27.1.0 and Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 contain patches for this issue. No known workarounds are available.

redos: CVE-2023-48306 was patched at 2024-04-02

19. Remote Code Execution - Cacti (CVE-2023-49084) - High [583]

Description: Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server.

debian: CVE-2023-49084 was patched at 2024-03-24, unknown date

20. Remote Code Execution - gtkwave (CVE-2023-34087) - High [583]

Description: An improper array index validation vulnerability exists in the EVCD var len parsing functionality of GTKWave 3.3.115. A specially crafted .evcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

debian: CVE-2023-34087 was patched at 2024-04-03, unknown date

21. Remote Code Execution - gtkwave (CVE-2023-34436) - High [583]

Description: An out-of-bounds write vulnerability exists in the LXT2 num_time_table_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

debian: CVE-2023-34436 was patched at 2024-04-03, unknown date

22. Remote Code Execution - gtkwave (CVE-2023-35004) - High [583]

Description: An integer overflow vulnerability exists in the VZT longest_len value allocation functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

debian: CVE-2023-35004 was patched at 2024-04-03, unknown date

23. Remote Code Execution - gtkwave (CVE-2023-35702) - High [583]

Description: Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the fstReaderVarint32 function.

debian: CVE-2023-35702 was patched at 2024-04-03, unknown date

24. Remote Code Execution - gtkwave (CVE-2023-35703) - High [583]

Description: Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the fstReaderVarint64 function.

debian: CVE-2023-35703 was patched at 2024-04-03, unknown date

25. Remote Code Execution - gtkwave (CVE-2023-35704) - High [583]

Description: Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the fstReaderVarint32WithSkip function.

debian: CVE-2023-35704 was patched at 2024-04-03, unknown date

26. Remote Code Execution - gtkwave (CVE-2023-35955) - High [583]

Description: Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `LZ4_decompress_safe_partial`.

debian: CVE-2023-35955 was patched at 2024-04-03, unknown date

27. Remote Code Execution - gtkwave (CVE-2023-35956) - High [583]

Description: Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `fastlz_decompress`.

debian: CVE-2023-35956 was patched at 2024-04-03, unknown date

28. Remote Code Execution - gtkwave (CVE-2023-35957) - High [583]

Description: Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `uncompress`.

debian: CVE-2023-35957 was patched at 2024-04-03, unknown date

29. Remote Code Execution - gtkwave (CVE-2023-35958) - High [583]

Description: Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the copy function `fstFread`.

debian: CVE-2023-35958 was patched at 2024-04-03, unknown date

30. Remote Code Execution - gtkwave (CVE-2023-35969) - High [583]

Description: Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the chain_table of `FST_BL_VCDATA` and `FST_BL_VCDATA_DYN_ALIAS` section types.

debian: CVE-2023-35969 was patched at 2024-04-03, unknown date

31. Remote Code Execution - gtkwave (CVE-2023-35970) - High [583]

Description: Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the chain_table of the `FST_BL_VCDATA_DYN_ALIAS2` section type.

debian: CVE-2023-35970 was patched at 2024-04-03, unknown date

32. Remote Code Execution - gtkwave (CVE-2023-35989) - High [583]

Description: An integer overflow vulnerability exists in the LXT2 zlib block allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

debian: CVE-2023-35989 was patched at 2024-04-03, unknown date

33. Remote Code Execution - gtkwave (CVE-2023-35994) - High [583]

Description: Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta initialization part.

debian: CVE-2023-35994 was patched at 2024-04-03, unknown date

34. Remote Code Execution - gtkwave (CVE-2023-35995) - High [583]

Description: Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta indexing when signal_lens is 1.

debian: CVE-2023-35995 was patched at 2024-04-03, unknown date

35. Remote Code Execution - gtkwave (CVE-2023-35996) - High [583]

Description: Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta indexing when signal_lens is 0.

debian: CVE-2023-35996 was patched at 2024-04-03, unknown date

36. Remote Code Execution - gtkwave (CVE-2023-35997) - High [583]

Description: Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta indexing when signal_lens is 2 or more.

debian: CVE-2023-35997 was patched at 2024-04-03, unknown date

37. Remote Code Execution - gtkwave (CVE-2023-36861) - High [583]

Description: An out-of-bounds write vulnerability exists in the VZT LZMA_read_varint functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

debian: CVE-2023-36861 was patched at 2024-04-03, unknown date

38. Remote Code Execution - gtkwave (CVE-2023-36864) - High [583]

Description: An integer overflow vulnerability exists in the fstReaderIterBlocks2 temp_signal_value_buf allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

debian: CVE-2023-36864 was patched at 2024-04-03, unknown date

39. Remote Code Execution - gtkwave (CVE-2023-36915) - High [583]

Description: Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the allocation of the `chain_table` array.

debian: CVE-2023-36915 was patched at 2024-04-03, unknown date

40. Remote Code Execution - gtkwave (CVE-2023-36916) - High [583]

Description: Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the allocation of the `chain_table_lengths` array.

debian: CVE-2023-36916 was patched at 2024-04-03, unknown date

41. Remote Code Execution - gtkwave (CVE-2023-37282) - High [583]

Description: An out-of-bounds write vulnerability exists in the VZT LZMA_Read dmem extraction functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

debian: CVE-2023-37282 was patched at 2024-04-03, unknown date

42. Remote Code Execution - gtkwave (CVE-2023-37416) - High [583]

Description: Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the GUI's legacy VCD parsing code.

debian: CVE-2023-37416 was patched at 2024-04-03, unknown date

43. Remote Code Execution - gtkwave (CVE-2023-37417) - High [583]

Description: Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the GUI's interactive VCD parsing code.

debian: CVE-2023-37417 was patched at 2024-04-03, unknown date

44. Remote Code Execution - gtkwave (CVE-2023-37418) - High [583]

Description: Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2vzt conversion utility.

debian: CVE-2023-37418 was patched at 2024-04-03, unknown date

45. Remote Code Execution - gtkwave (CVE-2023-37419) - High [583]

Description: Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt2 conversion utility.

debian: CVE-2023-37419 was patched at 2024-04-03, unknown date

46. Remote Code Execution - gtkwave (CVE-2023-37420) - High [583]

Description: Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt conversion utility.

debian: CVE-2023-37420 was patched at 2024-04-03, unknown date

47. Remote Code Execution - gtkwave (CVE-2023-37442) - High [583]

Description: Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds read when triggered via the GUI's default VCD parsing code.

debian: CVE-2023-37442 was patched at 2024-04-03, unknown date

48. Remote Code Execution - gtkwave (CVE-2023-37443) - High [583]

Description: Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds read when triggered via the GUI's legacy VCD parsing code.

debian: CVE-2023-37443 was patched at 2024-04-03, unknown date

49. Remote Code Execution - gtkwave (CVE-2023-37444) - High [583]

Description: Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds read when triggered via the GUI's interactive VCD parsing code.

debian: CVE-2023-37444 was patched at 2024-04-03, unknown date

50. Remote Code Execution - gtkwave (CVE-2023-37445) - High [583]

Description: Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2vzt conversion utility.

debian: CVE-2023-37445 was patched at 2024-04-03, unknown date

51. Remote Code Execution - gtkwave (CVE-2023-37446) - High [583]

Description: Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt2 conversion utility.

debian: CVE-2023-37446 was patched at 2024-04-03, unknown date

52. Remote Code Execution - gtkwave (CVE-2023-37447) - High [583]

Description: Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt conversion utility.

debian: CVE-2023-37447 was patched at 2024-04-03, unknown date

53. Remote Code Execution - gtkwave (CVE-2023-37573) - High [583]

Description: Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the GUI's recoder (default) VCD parsing code.

debian: CVE-2023-37573 was patched at 2024-04-03, unknown date

54. Remote Code Execution - gtkwave (CVE-2023-37574) - High [583]

Description: Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the GUI's legacy VCD parsing code.

debian: CVE-2023-37574 was patched at 2024-04-03, unknown date

55. Remote Code Execution - gtkwave (CVE-2023-37575) - High [583]

Description: Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the GUI's interactive VCD parsing code.

debian: CVE-2023-37575 was patched at 2024-04-03, unknown date

56. Remote Code Execution - gtkwave (CVE-2023-37576) - High [583]

Description: Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the vcd2vzt conversion utility.

debian: CVE-2023-37576 was patched at 2024-04-03, unknown date

57. Remote Code Execution - gtkwave (CVE-2023-37577) - High [583]

Description: Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the vcd2lxt2 conversion utility.

debian: CVE-2023-37577 was patched at 2024-04-03, unknown date

58. Remote Code Execution - gtkwave (CVE-2023-37578) - High [583]

Description: Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the vcd2lxt conversion utility.

debian: CVE-2023-37578 was patched at 2024-04-03, unknown date

59. Remote Code Execution - gtkwave (CVE-2023-37921) - High [583]

Description: Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2vzt conversion utility.

debian: CVE-2023-37921 was patched at 2024-04-03, unknown date

60. Remote Code Execution - gtkwave (CVE-2023-37922) - High [583]

Description: Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2lxt2 conversion utility.

debian: CVE-2023-37922 was patched at 2024-04-03, unknown date

61. Remote Code Execution - gtkwave (CVE-2023-37923) - High [583]

Description: Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2lxt conversion utility.

debian: CVE-2023-37923 was patched at 2024-04-03, unknown date

62. Remote Code Execution - gtkwave (CVE-2023-38583) - High [583]

Description: A stack-based buffer overflow vulnerability exists in the LXT2 lxt2_rd_expand_integer_to_bits function of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

debian: CVE-2023-38583 was patched at 2024-04-03, unknown date

63. Remote Code Execution - gtkwave (CVE-2023-38618) - High [583]

Description: Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `rows` array.

debian: CVE-2023-38618 was patched at 2024-04-03, unknown date

64. Remote Code Execution - gtkwave (CVE-2023-38619) - High [583]

Description: Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `msb` array.

debian: CVE-2023-38619 was patched at 2024-04-03, unknown date

65. Remote Code Execution - gtkwave (CVE-2023-38620) - High [583]

Description: Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `lsb` array.

debian: CVE-2023-38620 was patched at 2024-04-03, unknown date

66. Remote Code Execution - gtkwave (CVE-2023-38621) - High [583]

Description: Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `flags` array.

debian: CVE-2023-38621 was patched at 2024-04-03, unknown date

67. Remote Code Execution - gtkwave (CVE-2023-38622) - High [583]

Description: Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `len` array.

debian: CVE-2023-38622 was patched at 2024-04-03, unknown date

68. Remote Code Execution - gtkwave (CVE-2023-38623) - High [583]

Description: Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `vindex_offset` array.

debian: CVE-2023-38623 was patched at 2024-04-03, unknown date

69. Remote Code Execution - gtkwave (CVE-2023-38648) - High [583]

Description: Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the prefix copy loop.

debian: CVE-2023-38648 was patched at 2024-04-03, unknown date

70. Remote Code Execution - gtkwave (CVE-2023-38649) - High [583]

Description: Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the string copy loop.

debian: CVE-2023-38649 was patched at 2024-04-03, unknown date

71. Remote Code Execution - gtkwave (CVE-2023-38657) - High [583]

Description: An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.

debian: CVE-2023-38657 was patched at 2024-04-03, unknown date

72. Remote Code Execution - gtkwave (CVE-2023-39234) - High [583]

Description: Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when looping over `lt->numrealfacs`.

debian: CVE-2023-39234 was patched at 2024-04-03, unknown date

73. Remote Code Execution - gtkwave (CVE-2023-39235) - High [583]

Description: Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when looping over `lt->num_time_ticks`.

debian: CVE-2023-39235 was patched at 2024-04-03, unknown date

74. Remote Code Execution - gtkwave (CVE-2023-39270) - High [583]

Description: Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `rows` array.

debian: CVE-2023-39270 was patched at 2024-04-03, unknown date

75. Remote Code Execution - gtkwave (CVE-2023-39271) - High [583]

Description: Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `msb` array.

debian: CVE-2023-39271 was patched at 2024-04-03, unknown date

76. Remote Code Execution - gtkwave (CVE-2023-39272) - High [583]

Description: Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `lsb` array.

debian: CVE-2023-39272 was patched at 2024-04-03, unknown date

77. Remote Code Execution - gtkwave (CVE-2023-39273) - High [583]

Description: Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `flags` array.

debian: CVE-2023-39273 was patched at 2024-04-03, unknown date

78. Remote Code Execution - gtkwave (CVE-2023-39274) - High [583]

Description: Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `len` array.

debian: CVE-2023-39274 was patched at 2024-04-03, unknown date

79. Remote Code Execution - gtkwave (CVE-2023-39275) - High [583]

Description: Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `value` array.

debian: CVE-2023-39275 was patched at 2024-04-03, unknown date

80. Remote Code Execution - gtkwave (CVE-2023-39316) - High [583]

Description: Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `string_pointers` array.

debian: CVE-2023-39316 was patched at 2024-04-03, unknown date

81. Remote Code Execution - gtkwave (CVE-2023-39317) - High [583]

Description: Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `string_lens` array.

debian: CVE-2023-39317 was patched at 2024-04-03, unknown date

82. Remote Code Execution - gtkwave (CVE-2023-39443) - High [583]

Description: Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. A specially-crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the prefix copy loop.

debian: CVE-2023-39443 was patched at 2024-04-03, unknown date

83. Remote Code Execution - gtkwave (CVE-2023-39444) - High [583]

Description: Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. A specially-crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the string copy loop.

debian: CVE-2023-39444 was patched at 2024-04-03, unknown date

84. Security Feature Bypass - Wireshark (CVE-2024-0208) - High [582]

Description: {'nvd_cve_data_all': 'GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2024-0208 was patched at unknown date

redos: CVE-2024-0208 was patched at 2024-04-09

85. Authentication Bypass - nextcloud_server (CVE-2023-48239) - High [579]

Description: Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and starting in version 20.0.0 and prior to versions 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8, 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Enterprise Server, a malicious user could update any personal or global external storage, making them inaccessible for everyone else as well. Nextcloud Server 25.0.13, 26.0.8, and 27.1.3 and Nextcloud Enterprise Server is upgraded to 20.0.14.16, 21.0.9.13, 22.2.10.15, 23.0.12.12, 24.0.12.8, 25.0.13, 26.0.8, and 27.1.3 contain a patch for this issue. As a workaround, disable app files_external. This workaround also makes the external storage inaccessible but retains the configurations until a patched version has been deployed.

redos: CVE-2023-48239 was patched at 2024-04-02

86. Command Injection - gtkwave (CVE-2023-35959) - High [577]

Description: Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns `.ghw` decompression.

debian: CVE-2023-35959 was patched at 2024-04-03, unknown date

87. Command Injection - gtkwave (CVE-2023-35960) - High [577]

Description: Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns legacy decompression in `vcd_main`.

debian: CVE-2023-35960 was patched at 2024-04-03, unknown date

88. Command Injection - gtkwave (CVE-2023-35961) - High [577]

Description: Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in `vcd_recorder_main`.

debian: CVE-2023-35961 was patched at 2024-04-03, unknown date

89. Command Injection - gtkwave (CVE-2023-35962) - High [577]

Description: Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2vzt` utility.

debian: CVE-2023-35962 was patched at 2024-04-03, unknown date

90. Command Injection - gtkwave (CVE-2023-35963) - High [577]

Description: Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2lxt2` utility.

debian: CVE-2023-35963 was patched at 2024-04-03, unknown date

91. Command Injection - gtkwave (CVE-2023-35964) - High [577]

Description: Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2lxt` utility.

debian: CVE-2023-35964 was patched at 2024-04-03, unknown date

92. Authentication Bypass - RapidCMS (CVE-2023-4448) - High [567]

Description: A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue affects some unknown processing of the file admin/run-movepass.php. The manipulation of the argument password/password2 leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 4dff387283060961c362d50105ff8da8ea40bcbe. It is recommended to apply a patch to fix this issue. The identifier VDB-237569 was assigned to this vulnerability.

redos: CVE-2023-4448 was patched at 2024-03-29

93. Command Injection - chromedriver (CVE-2023-26156) - High [566]

Description: Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious actions on the host system. **Note:** An attacker must have access to the system running the vulnerable chromedriver library to exploit it. The success of exploitation also depends on the permissions and privileges of the process running chromedriver.

redos: CVE-2023-26156 was patched at 2024-03-29

94. Memory Corruption - libfetch (CVE-2021-36159) - High [565]

Description: libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\0' terminator one byte too late.

redos: CVE-2021-36159 was patched at 2024-04-12

95. Security Feature Bypass - Sendmail (CVE-2023-51765) - High [565]

Description: sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features.

debian: CVE-2023-51765 was patched at unknown date

redos: CVE-2023-51765 was patched at 2024-04-08

96. Security Feature Bypass - virtuoso (CVE-2023-48946) - High [565]

Description: {'nvd_cve_data_all': 'An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'An issue in the box_mpy function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}