CVSS: 5.0EPSS: 1%CPEs: 6EXPL: 0CVE-2023-5853 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5853
01 Nov 2023 — Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) La interfaz de usuario de seguridad incorrecta en Descargas en Google Chrome anterior a 119.0.6045.105 permitió a un atacante remoto ofuscar la interfaz de usuario de seguridad a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media) Multiple vulnerabilities have been discovered in Chromium and ... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html • CWE-346: Origin Validation Error •
CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0CVE-2023-5852 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5852
01 Nov 2023 — Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) Use after free en Impresión en Google Chrome anterior a 119.0.6045.105 permitía a un atacante remoto convencer a un usuario de realizar gestos de interfaz de usuario específicos para explotar potencialmente la corrupción del montón a través de gestos de interfa... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-5851 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5851
01 Nov 2023 — Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) La implementación inadecuada en Descargas en Google Chrome anterior a 119.0.6045.105 permitió a un atacante remoto ofuscar la interfaz de usuario de seguridad a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media) Multiple vulnerabilities have been discovered in Chromium and its derivat... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html • CWE-346: Origin Validation Error •
CVSS: 5.0EPSS: 2%CPEs: 6EXPL: 0CVE-2023-5850 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5850
01 Nov 2023 — Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) La interfaz de usuario de seguridad incorrecta en Descargas en Google Chrome anterior a 119.0.6045.105 permitió a un atacante remoto realizar una suplantación de dominio a través de un nombre de dominio manipulado. (Severidad de seguridad de Chromium: media) Multiple vulnerabilities have been discovered in Chromium an... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html •
CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0CVE-2023-5849 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5849
01 Nov 2023 — Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento de enteros en USB en Google Chrome anterior a 119.0.6045.105 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the ... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2023-5482 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5482
01 Nov 2023 — Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) La validación de datos insuficiente en USB en Google Chrome anterior a 119.0.6045.105 permitió a un atacante remoto realizar acceso a la memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and i... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.4EPSS: 1%CPEs: 6EXPL: 0CVE-2023-5480 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5480
01 Nov 2023 — Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High) La implementación inadecuada en Pagos en Google Chrome anterior a 119.0.6045.105 permitió a un atacante remoto evitar las prevenciones XSS a través de un archivo malicioso. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead ... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-43796 – Synapse vulnerable to leak of remote user device information
https://notcve.org/view.php?id=CVE-2023-43796
31 Oct 2023 — Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or 1.96.0rc1 to receive a patch. As a workaround, the `federation_domain_whitelist` can be used to limit federation traffic with a homeserver. Synapse es un servidor doméstico Matrix de código abierto. • https://github.com/matrix-org/synapse/commit/daec55e1fe120c564240c5386e77941372bf458f • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-34058 – open-vm-tools: SAML token signature bypass
https://notcve.org/view.php?id=CVE-2023-34058
27 Oct 2023 — VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c... • http://www.openwall.com/lists/oss-security/2023/10/27/1 • CWE-347: Improper Verification of Cryptographic Signature CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.4EPSS: 0%CPEs: 10EXPL: 0CVE-2023-5380 – Xorg-x11-server: use-after-free bug in destroywindow
https://notcve.org/view.php?id=CVE-2023-5380
25 Oct 2023 — A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed. Se encontró una falla de use-after-free en el servidor xorg-x11. Puede ocurrir una falla del servidor X en una configura... • https://access.redhat.com/errata/RHSA-2023:7428 • CWE-416: Use After Free •