CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 0CVE-2023-1989 – kernel: Use after free bug in btsdio_remove due to race condition
https://notcve.org/view.php?id=CVE-2023-1989
11 Apr 2023 — A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. A call to btsdio_remove with an unfinished job may cause a race problem which leads to a UAF on hdev devices. It was discovered that the Traffic-Control Index implementation in the Linux kern... • https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088 • CWE-416: Use After Free •
CVSS: 8.5EPSS: 0%CPEs: 16EXPL: 0CVE-2023-1668 – openvswitch: ip proto 0 triggers incorrect handling
https://notcve.org/view.php?id=CVE-2023-1668
10 Apr 2023 — A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow. An update for redhat-release-virtualization-host and re... • https://bugzilla.redhat.com/show_bug.cgi?id=2137666 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-29415
https://notcve.org/view.php?id=CVE-2023-29415
06 Apr 2023 — An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais. • https://github.com/kspalaiologos/bzip3/compare/1.2.3...1.3.0 •
CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0CVE-2023-1855 – kernel: use-after-free bug in remove function xgene_hwmon_remove
https://notcve.org/view.php?id=CVE-2023-1855
05 Apr 2023 — A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem. A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due ... • https://github.com/torvalds/linux/commit/cb090e64cf25602b9adaf32d5dfc9c8bec493cd1 • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1823 – Debian Security Advisory 5386-1
https://notcve.org/view.php?id=CVE-2023-1823
04 Apr 2023 — Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Chromium could be made to access memory out o... • https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1822 – Debian Security Advisory 5386-1
https://notcve.org/view.php?id=CVE-2023-1822
04 Apr 2023 — Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Chromium could be made to access memory out of bounds ... • https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1821 – Debian Security Advisory 5386-1
https://notcve.org/view.php?id=CVE-2023-1821
04 Apr 2023 — Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Chromium could be ... • https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1820 – Debian Security Advisory 5386-1
https://notcve.org/view.php?id=CVE-2023-1820
04 Apr 2023 — Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) It was discovered that Chromium did not properly manage memory in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. ... • https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1819 – Debian Security Advisory 5386-1
https://notcve.org/view.php?id=CVE-2023-1819
04 Apr 2023 — Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected. • https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-1818 – Debian Security Advisory 5386-1
https://notcve.org/view.php?id=CVE-2023-1818
04 Apr 2023 — Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected. • https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html • CWE-416: Use After Free •