Page 12 of 3224 results (0.013 seconds)

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-5724 – Mozilla: Large WebGL draw could have led to a crash

https://notcve.org/view.php?id=CVE-2023-5724

Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Los controladores no siempre son resistentes a las llamadas de "dibujo" extremadamente grandes y, en algunos casos, este escenario podría haber provocado un bloqueo. Esta vulnerabilidad afecta a Firefox &lt; 119, Firefox ESR &lt; 115.4 y Thunderbird &lt; 115.4.1. The Mozilla Foundation Security Advisory describes this flaw as: Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. • https://bugzilla.mozilla.org/show_bug.cgi?id=1836705 https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html https://www.debian.org/security/2023/dsa-5535 https://www.debian.org/security/2023/dsa-5538 https://www.mozilla.org/security/advisories/mfsa2023-45 https://www.mozilla.org/security/advisories/mfsa2023-46 https://www.mozilla.org/security/advisories/mfsa2023-47 https://access.redhat.com/security • CWE-400: Uncontrolled Resource Consumption CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-5721 – Mozilla: Queued up rendering could have allowed websites to clickjack

https://notcve.org/view.php?id=CVE-2023-5721

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Era posible que el usuario activara o descartara ciertas indicaciones y cuadros de diálogo del navegador debido a una insuficiente activación del delay. Esta vulnerabilidad afecta a Firefox &lt; 119, Firefox ESR &lt; 115.4 y Thunderbird &lt; 115.4.1. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1830820 https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html https://www.debian.org/security/2023/dsa-5535 https://www.debian.org/security/2023/dsa-5538 https://www.mozilla.org/security/advisories/mfsa2023-45 https://www.mozilla.org/security/advisories/mfsa2023-46 https://www.mozilla.org/security/advisories/mfsa2023-47 https://access.redhat.com/security • CWE-356: Product UI does not Warn User of Unsafe Actions CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-46316 – traceroute: improper command line parsing

https://notcve.org/view.php?id=CVE-2023-46316

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. En buc Traceroute 2.0.12 a 2.1.2 anterior a 2.1.3, los scripts contenedores no analizan correctamente las líneas de comando. A vulnerability was found in traceroute. This security issue is caused by wrapper scripts that do not properly parse command lines. In Traceroute versions 2.0.12 through to 2.1.2, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. • http://packetstormsecurity.com/files/176660/Traceroute-2.1.2-Privilege-Escalation.html https://security-tracker.debian.org/tracker/CVE-2023-46316 https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3 https://access.redhat.com/security/cve/CVE-2023-46316 https://bugzilla.redhat.com/show_bug.cgi?id=2246303 • CWE-214: Invocation of Process Using Visible Sensitive Information CWE-234: Failure to Handle Missing Parameter •

CVSS: 3.6EPSS: 0%CPEs: 8EXPL: 0

CVE-2023-45145 – Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.

https://notcve.org/view.php?id=CVE-2023-45145

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. • https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1 https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx https://lists.debian.org/debian-lts-announce/2023/10/msg00032.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/464JPNBWE433ZGYXO3KN72VR3KJPWHAW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BNEK2K4IE7MPKRD6H36JXZMJKYS6I5GQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 2

CVE-2023-5631 – Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

https://notcve.org/view.php?id=CVE-2023-5631

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code. Roundcube anterior a 1.4.15, 1.5.x anterior a 1.5.5 y 1.6.x anterior a 1.6.4 permiten almacenar XSS a través de un mensaje de correo electrónico HTML con un documento SVG manipulado debido al comportamiento de program/lib/Roundcube/rcube_washtml.php. Esto podría permitir que un atacante remoto cargue código JavaScript arbitrario. Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that allows a remote attacker to run malicious JavaScript code. • https://github.com/soreta2/CVE-2023-5631-POC http://www.openwall.com/lists/oss-security/2023/11/01/1 http://www.openwall.com/lists/oss-security/2023/11/01/3 http://www.openwall.com/lists/oss-security/2023/11/17/2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054079 https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d https://github.com/roundcube/roundcubemail/commit/6ee6e7ae301e165e2b2cb703edf75552e5376613 https://github.com/roundcube/roundcubemail/issues/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •