CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2023-5996 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5996
08 Nov 2023 — Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El use after free en WebAudio en Google Chrome anterior a 119.0.6045.123 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst... • https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 4.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-4535 – Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys
https://notcve.org/view.php?id=CVE-2023-4535
06 Nov 2023 — An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security. Se encontró una vulnerabilidad de lectura fuera de los límites en los paquetes OpenSC dentro del... • https://access.redhat.com/errata/RHSA-2023:7879 • CWE-125: Out-of-bounds Read •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-47272 – Ubuntu Security Notice USN-6848-1
https://notcve.org/view.php?id=CVE-2023-47272
05 Nov 2023 — Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). Roundcube 1.5.x anterior a 1.5.6 y 1.6.x anterior a 1.6.5 permite XSS a través de un encabezado Content-Type o Content-Disposition (utilizado para la vista previa o descarga de archivos adjuntos). Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A remote attacker could possibly use this issue to load arbit... • https://github.com/roundcube/roundcubemail/commit/5ec496885e18ec6af956e8c0d627856c2257ba2d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-44271 – python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument
https://notcve.org/view.php?id=CVE-2023-44271
03 Nov 2023 — An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. Se descubrió un problema en Pillow antes de la versión 10.0.0. Es una Denegación de Servicio que asigna memoria de forma incontrolable para procesar una tarea determinada, lo que puede provoc... • https://devhub.checkmarx.com/cve-details/CVE-2023-44271 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-5859 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5859
01 Nov 2023 — Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low) La interfaz de usuario de seguridad incorrecta en Imagen sobre Imagen en Google Chrome anterior a 119.0.6045.105 permitía a un atacante remoto realizar una suplantación de dominio a través de una página HTML local manipulada. (Severidad de seguridad de Chrome: baja) Multiple vulnerabilities have been discove... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html • CWE-346: Origin Validation Error •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-5858 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5858
01 Nov 2023 — Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) La implementación inadecuada en WebApp Provider en Google Chrome anterior a 119.0.6045.105 permitió a un atacante remoto ofuscar la interfaz de usuario de seguridad a través de una página HTML manipulada. (Severidad de seguridad de Chrome: baja) Multiple vulnerabilities have been discovered in Chromium and its d... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html • CWE-346: Origin Validation Error •
CVSS: 10.0EPSS: 5%CPEs: 6EXPL: 0CVE-2023-5857 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5857
01 Nov 2023 — Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium) La implementación inadecuada en Descargas en Google Chrome anterior a 119.0.6045.105 permitía a un atacante remoto ejecutar potencialmente código arbitrario a través de un archivo malicioso. (Severidad de seguridad de Chromium: media) Multiple vulnerabilities have been discovered in Chromium and its deriv... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html •
CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0CVE-2023-5856 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5856
01 Nov 2023 — Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Use after free en el Panel Lateral de Google Chrome anterior a 119.0.6045.105 permitía a un atacante remoto convencer a un usuario de realizar gestos específicos en la interfaz de usuario para explotar potencialmente la corrupción del montón a través de una pá... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0CVE-2023-5855 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5855
01 Nov 2023 — Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) Use after free en Modo Lectura en Google Chrome anterior a 119.0.6045.105 permitía a un atacante remoto convencer a un usuario de realizar gestos de interfaz de usuario específicos para explotar potencialmente la corrupción del montón a través de gestos de ... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0CVE-2023-5854 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5854
01 Nov 2023 — Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) Use after free en Perfiles de Google Chrome anteriores a 119.0.6045.105 permitía a un atacante remoto convencer a un usuario de realizar gestos de interfaz de usuario específicos para explotar potencialmente la corrupción del montón a través de gestos de interf... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html • CWE-416: Use After Free •