Page 13 of 412 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-5850

https://notcve.org/view.php?id=CVE-2023-5850

Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) La interfaz de usuario de seguridad incorrecta en Descargas en Google Chrome anterior a 119.0.6045.105 permitió a un atacante remoto realizar una suplantación de dominio a través de un nombre de dominio manipulado. (Severidad de seguridad de Chromium: media) • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html https://crbug.com/1281972 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V https://security.gentoo.org/glsa/202311-11 https://secu •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-5849

https://notcve.org/view.php?id=CVE-2023-5849

Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento de enteros en USB en Google Chrome anterior a 119.0.6045.105 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html https://crbug.com/1492384 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V https://security.gentoo.org/glsa/202311-11 https://secu • CWE-190: Integer Overflow or Wraparound •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-5482

https://notcve.org/view.php?id=CVE-2023-5482

Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) La validación de datos insuficiente en USB en Google Chrome anterior a 119.0.6045.105 permitió a un atacante remoto realizar acceso a la memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html https://crbug.com/1492381 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V https://security.gentoo.org/glsa/202311-11 https://secu • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-5480

https://notcve.org/view.php?id=CVE-2023-5480

Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High) La implementación inadecuada en Pagos en Google Chrome anterior a 119.0.6045.105 permitió a un atacante remoto evitar las prevenciones XSS a través de un archivo malicioso. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html https://crbug.com/1492698 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBA4KD5ZSV6XWWFLVR5UBYKKNOYMH33H https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V https://security.gentoo.org/glsa/202311-11 https://secu • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-34059 – open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper

https://notcve.org/view.php?id=CVE-2023-34059

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs. open-vm-tools contiene una vulnerabilidad de secuestro de descriptores de archivos en vmware-user-suid-wrapper. Un actor malintencionado con privilegios no root puede secuestrar el descriptor del archivo /dev/uinput, permitiéndole simular las entradas del usuario. A flaw was found in open-vm-tools. This flaw allows a malicious actor with non-root privileges to hijack the /dev/uinput file descriptor, allowing them to simulate user inputs. • http://www.openwall.com/lists/oss-security/2023/10/27/2 http://www.openwall.com/lists/oss-security/2023/10/27/3 http://www.openwall.com/lists/oss-security/2023/11/26/1 http://www.openwall.com/lists/oss-security/2023/11/27/1 https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2 https://lists.fedoraproject.org/archives/list/package-announce@lists • CWE-266: Incorrect Privilege Assignment •