CVE-2023-6508
https://notcve.org/view.php?id=CVE-2023-6508
Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Media Stream en Google Chrome anterior a 120.0.6099.62 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html https://crbug.com/1497984 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5573 • CWE-416: Use After Free •
CVE-2023-40462 – Improper input leads to DoS
https://notcve.org/view.php?id=CVE-2023-40462
The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable. El componente ACEManager de ALEOS 4.16 y versiones anteriores no realiza sanitización de entrada durante la autenticación, lo que podría resultar en una condición de denegación de servicio (DoS) para ACEManager sin afectar otras funciones del router. ACEManager se recupera de la condición DoS reiniciándose dentro de los diez segundos posteriores a que no esté disponible. • https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-006/#sthash.6KUVtE6w.dpbs • CWE-617: Reachable Assertion •
CVE-2023-42917 – Apple Multiple Products WebKit Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2023-42917
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. Se solucionó una vulnerabilidad de corrupción de memoria con un bloqueo mejorado. • http://seclists.org/fulldisclosure/2023/Dec/12 http://seclists.org/fulldisclosure/2023/Dec/13 http://seclists.org/fulldisclosure/2023/Dec/3 http://seclists.org/fulldisclosure/2023/Dec/4 http://seclists.org/fulldisclosure/2023/Dec/5 http://seclists.org/fulldisclosure/2023/Dec/8 http://seclists.org/fulldisclosure/2024/Jan/35 http://www.openwall.com/lists/oss-security/2023/12/05/1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHH • CWE-787: Out-of-bounds Write •
CVE-2023-42916 – Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2023-42916
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. Se solucionó una lectura fuera de los límites con una validación de entrada mejorada. • http://seclists.org/fulldisclosure/2023/Dec/12 http://seclists.org/fulldisclosure/2023/Dec/13 http://seclists.org/fulldisclosure/2023/Dec/3 http://seclists.org/fulldisclosure/2023/Dec/4 http://seclists.org/fulldisclosure/2023/Dec/5 http://seclists.org/fulldisclosure/2023/Dec/8 http://seclists.org/fulldisclosure/2024/Jan/35 http://www.openwall.com/lists/oss-security/2023/12/05/1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHH • CWE-125: Out-of-bounds Read •
CVE-2023-6345 – Google Skia Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-6345
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) El desbordamiento de enteros en Skia en Google Chrome anterior a 119.0.6045.199 permitió a un atacante remoto que había comprometido el proceso de renderizado realizar potencialmente un escape de la zona de pruebas a través de un archivo malicioso. (Severidad de seguridad de Chrome: alta) Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products. • https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html https://crbug.com/1505053 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T7ABNYMOI4ZHVCSPCNP7HQTOLGF53A2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C7XQNYZZA3X2LBJF57ZHKXWOMJKNLZYR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJROPNKWW65R34J4IYGTJ7A3OBPUL4IQ https://security.gentoo.org/glsa/202401-34 https://www& • CWE-190: Integer Overflow or Wraparound •