CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-46219 – curl: excessively long file name may lead to unknown HSTS status
https://notcve.org/view.php?id=CVE-2023-46219
When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. Al guardar datos HSTS en un nombre de archivo excesivamente largo, curl podría terminar eliminando todo el contenido, haciendo que las solicitudes posteriores que utilicen ese archivo desconozcan el estado HSTS que de otro modo deberían usar. A security bypass flaw was found in Curl, which can be triggered by saving HSTS data to an excessively long file name. This issue occurs due to an error in handling HSTS long file names, leading to the removal of all contents from the file during the save process, and may allow a remote attacker to send a specially crafted request to use files without awareness of the HSTS status and enable a Man-in-the-Middle (MitM) attack. • https://curl.se/docs/CVE-2023-46219.html https://hackerone.com/reports/2236133 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD https://security.netapp.com/advisory/ntap-20240119-0007 https://www.debian.org/security/2023/dsa-5587 https://access.redhat.com/security/cve/CVE-2023-46219 https://bugzilla.redhat.com/show_bug.cgi?id=2252034 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6512
https://notcve.org/view.php?id=CVE-2023-6512
Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low) La implementación inapropiada en la interfaz de usuario del navegador web en Google Chrome anterior a 120.0.6099.62 permitía a un atacante remoto falsificar potencialmente el contenido de un menú contextual de diálogo iframe a través de una página HTML manipulada. (Severidad de seguridad de Chrome: baja) • https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html https://crbug.com/1457702 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5573 •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6511
https://notcve.org/view.php?id=CVE-2023-6511
Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) La implementación inapropiada de Autofill en Google Chrome anterior a 120.0.6099.62 permitió a un atacante remoto eludir las restricciones de Autocompletar a través de una página HTML manipulada. (Severidad de seguridad de Chrome: baja) • https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html https://crbug.com/1478613 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5573 •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6510
https://notcve.org/view.php?id=CVE-2023-6510
Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) Use after free en Media Capture en Google Chrome anterior a 120.0.6099.62 permitía a un atacante remoto convencer a un usuario de participar en una interacción de interfaz de usuario específica para explotar potencialmente la corrupción del heap a través de una interacción de interfaz de usuario específica. (Severidad de seguridad de Chromium: media) • https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html https://crbug.com/1480152 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5573 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6509
https://notcve.org/view.php?id=CVE-2023-6509
Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High) Use after free en Side Panel Search en Google Chrome anterior a 120.0.6099.62 permitía a un atacante remoto convencer a un usuario de participar en una interacción de interfaz de usuario específica para explotar potencialmente la corrupción del heap a través de una interacción de interfaz de usuario específica. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html https://crbug.com/1494565 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5573 • CWE-416: Use After Free •