CVE-2023-2950
published 2023-05-28CVE-2023-2950: Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.
PriorityP342high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
0.56%
42.3th percentile
Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-emr | openemr | < 7.0.1 | 7.0.1 |
| openemr | openemr_openemr | >= unspecified < 7.0.1 | 7.0.1 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvdv3.06.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2023-52620 kernel: netfilter: nf_tables: disallow timeout for anonymous sets
bugzilla·2024-03-21·CVSS 2.5
CVE-2023-52620 [LOW] CVE-2023-52620 kernel: netfilter: nf_tables: disallow timeout for anonymous sets
CVE-2023-52620 kernel: netfilter: nf_tables: disallow timeout for anonymous sets
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: disallow timeout for anonymous sets
The Linux kernel CVE team has assigned CVE-2023-52620 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024032147-CVE-2023-52620-11a9@gregkh/T
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:2950
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Bugzilla
CVE-2023-52580 kernel: net/core: kernel crash in ETH_P_1588 flow dissector
bugzilla·2024-03-04·CVSS 5.5
CVE-2023-52580 [MEDIUM] CVE-2023-52580 kernel: net/core: kernel crash in ETH_P_1588 flow dissector
CVE-2023-52580 kernel: net/core: kernel crash in ETH_P_1588 flow dissector
In the Linux kernel, the following vulnerability has been resolved:
net/core: Fix ETH_P_1588 flow dissector
The Linux kernel CVE team has assigned CVE-2023-52580 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024030258-CVE-2023-52580-c37e@gregkh/T/#u
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:2950
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:3138 ht
Bugzilla
CVE-2023-52581 kernel: netfilter: nf_tables: memory leak when more than 255 elements expired
bugzilla·2024-03-04·CVSS 6.3
CVE-2023-52581 [MEDIUM] CVE-2023-52581 kernel: netfilter: nf_tables: memory leak when more than 255 elements expired
CVE-2023-52581 kernel: netfilter: nf_tables: memory leak when more than 255 elements expired
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: fix memleak when more than 255 elements expired
The Linux kernel CVE team has assigned CVE-2023-52581 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024030258-CVE-2023-52581-2165@gregkh/T/#u
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:2950
---
This issue has been addressed in the following products:
R
Bugzilla
CVE-2023-52574 kernel: team: NULL pointer dereference when team device type is changed
bugzilla·2024-03-04·CVSS 5.5
CVE-2023-52574 [MEDIUM] CVE-2023-52574 kernel: team: NULL pointer dereference when team device type is changed
CVE-2023-52574 kernel: team: NULL pointer dereference when team device type is changed
In the Linux kernel, the following vulnerability has been resolved:
team: fix null-ptr-deref when team device type is changed
The Linux kernel CVE team has assigned CVE-2023-52574 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024030256-CVE-2023-52574-a423@gregkh/T/#u
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:2950
---
This issue has been addressed in the following products:
Red Hat Enterprise
Bugzilla
CVE-2023-51780 kernel: use-after-free in net/atm/ioctl.c
bugzilla·2024-01-10·CVSS 7.0
CVE-2023-51780 [HIGH] CVE-2023-51780 kernel: use-after-free in net/atm/ioctl.c
CVE-2023-51780 kernel: use-after-free in net/atm/ioctl.c
An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2257684]
---
This was fixed for Fedora with the 6.6.8 stable kernel updates.
---
Where is the patch for this one? Can't see it in here and I can't open the parent bug.
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:2950
---
This issu
Bugzilla
CVE-2023-42754 kernel: ipv4: NULL pointer dereference in ipv4_send_dest_unreach()
bugzilla·2023-09-20·CVSS 5.5
CVE-2023-42754 [MEDIUM] CVE-2023-42754 kernel: ipv4: NULL pointer dereference in ipv4_send_dest_unreach()
CVE-2023-42754 kernel: ipv4: NULL pointer dereference in ipv4_send_dest_unreach()
A flaw was found in ipv4_send_dest_unreach() due to NULL pointer derefence due to a missing edge-case check.
Discussion:
Reference:
https://seclists.org/oss-sec/2023/q4/14
Upstream fix:
https://github.com/torvalds/linux/commit/0113d9c9d1ccc07f5a3710dac4aa24b6d711278c
---
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2242284]
---
*** Bug 2267759 has been marked as a duplicate of this bug. ***
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:2950 https://access.redha
Bugzilla
CVE-2023-42755 kernel: rsvp: out-of-bounds read in rsvp_classify()
bugzilla·2023-09-20·CVSS 5.5
CVE-2023-42755 [MEDIUM] CVE-2023-42755 kernel: rsvp: out-of-bounds read in rsvp_classify()
CVE-2023-42755 kernel: rsvp: out-of-bounds read in rsvp_classify()
A flaw was found in rsvp_change(). The root cause is an slab-out-of-bound access, but since the offset to the original pointer is an `unsign int` fully controlled by users, the behavior is usually a wild pointer access.
Discussion:
The rsvp classifier has been retired upstream:
https://github.com/torvalds/linux/commit/265b4da82dbf5df04bee5a5d46b7474b1aaf326a
---
*** Bug 2226790 has been marked as a duplicate of this bug. ***
---
*** Bug 2258363 has been marked as a duplicate of this bug. ***
---
*** Bug 2258364 has been marked as a duplicate of this bug. ***
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:2950
Bugzilla
CVE-2023-39192 kernel: netfilter: xtables out-of-bounds read in u32_match_it()
bugzilla·2023-07-26·CVSS 6.0
CVE-2023-39192 [MEDIUM] CVE-2023-39192 kernel: netfilter: xtables out-of-bounds read in u32_match_it()
CVE-2023-39192 kernel: netfilter: xtables out-of-bounds read in u32_match_it()
An out-of-bounds read issue was found in the Linux kernel in the u32_match_it() function, which is used to match packet content under netfilter. This flaw requires CAP_NET_ADMIN to be exploited and could lead to information disclosure.
Discussion:
ZDI security advisory:
https://www.zerodayinitiative.com/advisories/ZDI-CAN-18408/
Upstream fix:
https://github.com/torvalds/linux/commit/69c5d284f67089b4750d28ff6ac6f52ec224b330
---
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2242876]
---
This was fixed for Fedora with the 6.5.3 stable kernels.
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:2950 https://access.redhat.com/erra
Bugzilla
CVE-2023-39198 kernel: QXL: race condition leading to use-after-free in qxl_mode_dumb_create()
bugzilla·2023-06-28·CVSS 6.4
CVE-2023-39198 [MEDIUM] CVE-2023-39198 kernel: QXL: race condition leading to use-after-free in qxl_mode_dumb_create()
CVE-2023-39198 kernel: QXL: race condition leading to use-after-free in qxl_mode_dumb_create()
A race condition leading to a use-after-free issue was found in the QXL driver in the Linux kernel.
Discussion:
Upstream fix:
https://github.com/torvalds/linux/commit/c611589b4259ed63b9b77be6872b1ce07ec0ac16
---
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2248704]
---
This was fixed for Fedora with the 6.4.12 stable kernel updates.
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2024:2394 https://access.redhat.com/errata/RHSA-2024:2394
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:2950
---
This issue ha
Bugzilla
CVE-2023-1513 kernel: KVM: information leak in KVM_GET_DEBUGREGS ioctl on 32-bit systems
bugzilla·2023-03-20·CVSS 3.3
CVE-2023-1513 [LOW] CVE-2023-1513 kernel: KVM: information leak in KVM_GET_DEBUGREGS ioctl on 32-bit systems
CVE-2023-1513 kernel: KVM: information leak in KVM_GET_DEBUGREGS ioctl on 32-bit systems
When calling the KVM_GET_DEBUGREGS ioctl, on some configurations (32-bit systems), there might be some unitialized portions of the kvm_debugregs structure that could be copied to userspace.
Upstream patch & commit:
https://lore.kernel.org/kvm/[email protected]/
https://github.com/torvalds/linux/commit/2c10b61421a28e95a46ab489fd56c0f442ff6952
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2179894]
---
This was fixed for Fedora with the 6.1.13 stable kernel updates.
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:2950 https://access.redhat.com/errata/RHSA-2024:2950
---
T
2023-05-28
Published