Recent CVE entries

Stay updated about the Latest Security Vulnerabilities

Please enter a valid CVE number in the format CVE-YYYY-NNNN.

30 Latest CVEs. The New badge indicates CVEs published in the past 24 hours.

CVE-2023-45662
Last updated 4 weeks ago
Summary:
stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn’t match the real image array dimensions.
CWE ID:
CWE-125 
CVSS Score:
0.0
References:
Published:
2023-10-21 00:15:00
Last Modified:
2023-11-04 06:15:00
CVE-2023-45663
Last updated 4 weeks ago
Summary:
stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer.
CWE ID:
CWE-908 
CVSS Score:
0.0
References:
Published:
2023-10-21 00:15:00
Last Modified:
2023-11-04 06:15:00
CVE-2023-45664
Last updated 4 weeks ago
Summary:
stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution.
CWE ID:
CWE-415 
CVSS Score:
0.0
References:
Published:
2023-10-21 00:15:00
Last Modified:
2023-11-04 06:15:00
CVE-2023-45666
Last updated 4 weeks ago
Summary:
stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed
CWE ID:
CWE-415 
CVSS Score:
0.0
References:
Published:
2023-10-21 00:15:00
Last Modified:
2023-11-04 06:15:00
CVE-2023-45667
Last updated 4 weeks ago
Summary:
stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash.
CWE ID:
CWE-476 
CVSS Score:
0.0
References:
Published:
2023-10-21 00:15:00
Last Modified:
2023-11-04 06:15:00
CVE-2023-45675
Last updated 4 weeks ago
Summary:
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution.
CWE ID:
CWE-787 
CVSS Score:
0.0
References:
Published:
2023-10-21 00:15:00
Last Modified:
2023-11-04 06:15:00
CVE-2023-4822
Last updated 4 weeks ago
Summary:
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations. It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally. This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user. The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.
CWE ID:
NVD-CWE-noinfo 
CVSS Score:
0.0
References:
Published:
2023-10-16 09:15:00
Last Modified:
2023-11-04 06:15:00
CVE-2023-42795
Last updated 4 weeks ago
Summary:
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
CWE ID:
CWE-459 
CVSS Score:
0.0
References:
Published:
2023-10-10 18:15:00
Last Modified:
2023-11-04 06:15:00
CVE-2023-45648
Last updated 4 weeks ago
Summary:
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.
CWE ID:
CWE-20 
CVSS Score:
0.0
References:
Published:
2023-10-10 19:15:00
Last Modified:
2023-11-04 06:15:00
CVE-2023-43785
Last updated 4 weeks ago
Summary:
A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.
CWE ID:
CWE-125 
CVSS Score:
0.0
References:
Published:
2023-10-10 13:15:00
Last Modified:
2023-11-04 06:15:00
CVE-2023-43786
Last updated 4 weeks ago
Summary:
A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.
CWE ID:
CWE-835 
CVSS Score:
0.0
References:
Published:
2023-10-10 13:15:00
Last Modified:
2023-11-04 06:15:00
CVE-2023-43787
Last updated 4 weeks ago
Summary:
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
CWE ID:
CWE-190 
CVSS Score:
0.0
References:
Published:
2023-10-10 13:15:00
Last Modified:
2023-11-04 06:15:00
CVE-2023-29499
Last updated 4 weeks ago
Summary:
A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.
CWE ID:
CWE-400 
CVSS Score:
0.0
References:
Published:
2023-09-14 20:15:00
Last Modified:
2023-11-04 06:15:00
CVE-2023-25586
Last updated 4 weeks ago
Summary:
A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.
CWE ID:
CWE-908 
CVSS Score:
0.0
References:
Published:
2023-09-14 21:15:00
Last Modified:
2023-11-04 06:15:00
CVE-2023-25588
Last updated 4 weeks ago
Summary:
A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.
CWE ID:
CWE-908 
CVSS Score:
0.0
References:
Published:
2023-09-14 21:15:00
Last Modified:
2023-11-04 06:15:00
CVE-2023-25585
Last updated 4 weeks ago
Summary:
A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.
CWE ID:
CWE-908 
CVSS Score:
0.0
References:
Published:
2023-09-14 21:15:00
Last Modified:
2023-11-04 06:15:00
CVE-2023-32005
Last updated 4 weeks ago
Summary:
A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file stats through the `fs.statfs` API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
CWE ID:
CWE-732 
CVSS Score:
0.0
References:
Published:
2023-09-12 02:15:00
Last Modified:
2023-11-04 06:15:00
CVE-2023-42467
Last updated 4 weeks ago
Summary:
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.
CWE ID:
CWE-369 
CVSS Score:
0.0
References:
Published:
2023-09-11 04:15:00
Last Modified:
2023-11-04 06:15:00
CVE-2022-4573
Last updated 4 weeks ago
Summary:
An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.
CWE ID:
NVD-CWE-noinfo 
CVSS Score:
0.0
References:
Published:
2023-10-30 15:15:00
Last Modified:
2023-11-04 03:24:00
CVE-2023-43322
Last updated 4 weeks ago
Summary:
ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/.
CWE ID:
CWE-77 
CVSS Score:
0.0
References:
Published:
2023-10-28 01:15:00
Last Modified:
2023-11-04 03:24:00
CVE-2023-5717
Last updated 4 weeks ago
Summary:
A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.
CWE ID:
CWE-787 
CVSS Score:
0.0
References:
Published:
2023-10-25 18:17:00
Last Modified:
2023-11-04 03:24:00
CVE-2023-45797
Last updated 4 weeks ago
Summary:
A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code.
CWE ID:
CWE-120 
CVSS Score:
0.0
References:
Published:
2023-10-30 07:15:00
Last Modified:
2023-11-04 03:23:00
CVE-2023-46866
Last updated 4 weeks ago
Summary:
In International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp3d in IccProfLib/IccTagLut.cpp in libSampleICC.a attempts to access array elements at out-of-bounds indexes.
CWE ID:
CWE-787 
CVSS Score:
0.0
References:
Published:
2023-10-30 03:15:00
Last Modified:
2023-11-04 03:23:00
CVE-2023-46867
Last updated 4 weeks ago
Summary:
In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve in IccCmm.cpp in libSampleICC.a has a NULL pointer dereference.
CWE ID:
CWE-476 
CVSS Score:
0.0
References:
Published:
2023-10-30 03:15:00
Last Modified:
2023-11-04 03:23:00
CVE-2023-5810
Last updated 4 weeks ago
Summary:
A vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument edit_post_id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 6943991c62ed87c7a57989a0cb7077316127def8. It is recommended to apply a patch to fix this issue. The identifier VDB-243641 was assigned to this vulnerability.
CWE ID:
CWE-79 
CVSS Score:
0.0
References:
Published:
2023-10-27 01:15:00
Last Modified:
2023-11-04 03:23:00
CVE-2023-21373
Last updated 4 weeks ago
Summary:
In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CWE ID:
CWE-862 
CVSS Score:
0.0
References:
Published:
2023-10-30 18:15:00
Last Modified:
2023-11-04 03:22:00
CVE-2023-21374
Last updated 4 weeks ago
Summary:
In System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CWE ID:
NVD-CWE-noinfo 
CVSS Score:
0.0
References:
Published:
2023-10-30 18:15:00
Last Modified:
2023-11-04 03:22:00
Loading
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.