Security Vulnerabilities - CVEs Published In October 2023
CVE-2023-4911
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Known exploited
CVSS Score
7.8
EPSS Score
0.768
Published
2023-10-03
For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked.
CVSS Score
4.4
EPSS Score
0.001
Published
2023-10-03
A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.
CVSS Score
4.7
EPSS Score
0.001
Published
2023-10-03
A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory
CVSS Score
4.7
EPSS Score
0.001
Published
2023-10-03
A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x.
CVSS Score
4.7
EPSS Score
0.0
Published
2023-10-03
This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel.
CVSS Score
4.7
EPSS Score
0.001
Published
2023-10-03
This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel.
CVSS Score
4.7
EPSS Score
0.001
Published
2023-10-03
This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device.
CVSS Score
7.2
EPSS Score
0.0
Published
2023-10-03
DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. This action could trigger the args_assets() function defined in the arg-log.php file, which would then execute the args-abort.c file, causing the service to crash.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-10-03
Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free function, which could cause a service outage.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-10-03