CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2023-5186 – Debian Security Advisory 5508-1
https://notcve.org/view.php?id=CVE-2023-5186
28 Sep 2023 — Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) El use after free en Contraseñas en Google Chrome anterior a 117.0.5938.132 permitía a un atacante remoto convencer a un usuario de participar en una interacción de interfaz de usuario específica para explotar potencialmente la corrupción del montón a travé... • https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 7%CPEs: 25EXPL: 2CVE-2023-5217 – Google Chromium libvpx Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-5217
28 Sep 2023 — Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento del búfer en la codificación vp8 en libvpx en Google Chrome anterior a 117.0.5938.132 y libvpx 1.13.1 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) A... • https://github.com/UT-Security/cve-2023-5217-poc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 2%CPEs: 6EXPL: 0CVE-2023-5176 – Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3
https://notcve.org/view.php?id=CVE-2023-5176
27 Sep 2023 — Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Errores de seguridad de la memoria presentes en Firefox 117, Firefox ESR 115.2 y Thunderbird 115.2. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1836353%2C1842674%2C1843824%2C1843962%2C1848890%2C1850180%2C1850983%2C1851195 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 7EXPL: 0CVE-2023-5171 – Mozilla: Use-after-free in Ion Compiler
https://notcve.org/view.php?id=CVE-2023-5171
27 Sep 2023 — During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Durante la compilación de Ion, una Recolección de Basura podría haber resultado en una condición de use-after-free, lo que permitiría a un atacante escribir dos bytes NUL y provocar un bloqueo potencialmente explotable. Esta vulnerabilidad ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1851599 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 7EXPL: 0CVE-2023-5169 – Mozilla: Out-of-bounds write in PathOps
https://notcve.org/view.php?id=CVE-2023-5169
27 Sep 2023 — A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. Un proceso de contenido comprometido podría haber proporcionado datos maliciosos en un `PathRecording`, lo que habría resultado en una escritura fuera de los límites, lo que habría provocado una falla potencialmente explotable en un ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1846685 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 3%CPEs: 9EXPL: 0CVE-2023-41074 – webkitgtk: processing web content may lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2023-41074
26 Sep 2023 — The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. El problema se solucionó con controles mejorados. Este problema se solucionó en tvOS 17, Safari 17, watchOS 10, iOS 17 y iPadOS 17, macOS Sonoma 14. • http://seclists.org/fulldisclosure/2023/Oct/10 •
CVSS: 10.0EPSS: 79%CPEs: 16EXPL: 4CVE-2023-41993 – Apple Multiple Products WebKit Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-41993
21 Sep 2023 — The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. El problema se solucionó con controles mejorados. • https://github.com/po6ix/POC-for-CVE-2023-41993 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 1CVE-2023-41900 – Jetty's OpenId Revoked authentication allows one request
https://notcve.org/view.php?id=CVE-2023-41900
15 Sep 2023 — Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenticated user, then the current request will still treat the user as authenticated. The authentication is then cleared from the session and subsequent requests will not be treated as authenticated. So a request on a previously authenti... • https://github.com/eclipse/jetty.project/pull/9528 • CWE-287: Improper Authentication CWE-1390: Weak Authentication •
CVSS: 5.3EPSS: 3%CPEs: 12EXPL: 1CVE-2023-40167 – Jetty accepts "+" prefixed value in Content-Length
https://notcve.org/view.php?id=CVE-2023-40167
15 Sep 2023 — Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending suc... • https://github.com/uthrasri/Jetty-v9.4.31_CVE-2023-40167 • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 4.3EPSS: 2%CPEs: 11EXPL: 1CVE-2023-36479 – Jetty vulnerable to errant command quoting in CGI Servlet
https://notcve.org/view.php?id=CVE-2023-36479
15 Sep 2023 — Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided ... • https://github.com/eclipse/jetty.project/pull/9516 • CWE-149: Improper Neutralization of Quoting Syntax •