CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5484 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5484
11 Oct 2023 — Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) La implementación inadecuada de la navegación en Google Chrome anterior a 118.0.5993.70 permitió a un atacante remoto falsificar la interfaz de usuario de seguridad a través de una página HTML manipulada. (Severidad de seguridad de Chromium: Media) Multiple vulnerabilities have been discovered in Chromium and its deriv... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5218 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5218
11 Oct 2023 — Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Use after free de Site Isolation en Google Chrome anterior a 118.0.5993.70 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chromium: Crítica) Multiple vulnerabilities have been discovered in Chromium and its deri... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html • CWE-416: Use After Free •
CVSS: 9.4EPSS: 0%CPEs: 6EXPL: 0CVE-2023-44981 – Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication
https://notcve.org/view.php?id=CVE-2023-44981
11 Oct 2023 — Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like 'eve@EXAMPLE.COM', the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating count... • http://www.openwall.com/lists/oss-security/2023/10/11/4 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.3EPSS: 0%CPEs: 64EXPL: 0CVE-2023-45648 – Apache Tomcat: Trailer header parsing too lenient
https://notcve.org/view.php?id=CVE-2023-45648
10 Oct 2023 — Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 o... • http://www.openwall.com/lists/oss-security/2023/10/10/10 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 64EXPL: 0CVE-2023-42795 – Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests
https://notcve.org/view.php?id=CVE-2023-42795
10 Oct 2023 — Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes t... • http://www.openwall.com/lists/oss-security/2023/10/10/9 • CWE-459: Incomplete Cleanup •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 1CVE-2023-36478 – HTTP/2 HPACK integer overflow and buffer allocation
https://notcve.org/view.php?id=CVE-2023-36478
10 Oct 2023 — Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and lengt... • http://www.openwall.com/lists/oss-security/2023/10/18/4 • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 94%CPEs: 444EXPL: 19CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 78%CPEs: 7EXPL: 3CVE-2023-43641 – libcue vulnerable to out-of-bounds array access
https://notcve.org/view.php?id=CVE-2023-43641
09 Oct 2023 — libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. • https://packetstorm.news/files/id/176128 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 11%CPEs: 5EXPL: 1CVE-2023-45363 – Debian Security Advisory 5520-1
https://notcve.org/view.php?id=CVE-2023-45363
09 Oct 2023 — An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set. Se descubrió un problema en ApiPageSet.php en MediaWiki antes de 1.35.12, 1.36.x hasta 1.39.x antes de 1.39.5 y 1.40.x antes de 1.40.1. Permite a los atacantes provocar una denegación de servicio (... • https://lists.debian.org/debian-lts-announce/2023/11/msg00027.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-45364 – Debian Security Advisory 5520-1
https://notcve.org/view.php?id=CVE-2023-45364
09 Oct 2023 — An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information. Se descubrió un problema en include/page/Article.php en MediaWiki 1.36.x hasta 1.39.x anteriores a 1.39.5 y 1.40.x anteriores a 1.40.1. La existencia de la... • https://phabricator.wikimedia.org/T264765 • CWE-732: Incorrect Permission Assignment for Critical Resource •