CVSS: 5.5EPSS: 1%CPEs: 7EXPL: 1CVE-2023-5546 – Moodle: stored xss in quiz grading report via user id number
https://notcve.org/view.php?id=CVE-2023-5546
09 Nov 2023 — ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Los números de identificación que se muestran en el informe de calificación del cuestionario requirieron una sanitización adicional para evitar un riesgo de XSS almacenado. • https://github.com/obelia01/CVE-2023-5546 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-5544 – Moodle: stored xss and potential idor risk in wiki comments
https://notcve.org/view.php?id=CVE-2023-5544
09 Nov 2023 — Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. Los comentarios de Wiki requirieron restricciones de acceso y sanitización adicionales para evitar un riesgo XSS almacenado y un riesgo potencial de IDOR. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79509 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2023-5996 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5996
08 Nov 2023 — Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El use after free en WebAudio en Google Chrome anterior a 119.0.6045.123 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst... • https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 4.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-4535 – Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys
https://notcve.org/view.php?id=CVE-2023-4535
06 Nov 2023 — An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security. Se encontró una vulnerabilidad de lectura fuera de los límites en los paquetes OpenSC dentro del... • https://access.redhat.com/errata/RHSA-2023:7879 • CWE-125: Out-of-bounds Read •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-47272 – Ubuntu Security Notice USN-6848-1
https://notcve.org/view.php?id=CVE-2023-47272
05 Nov 2023 — Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). Roundcube 1.5.x anterior a 1.5.6 y 1.6.x anterior a 1.6.5 permite XSS a través de un encabezado Content-Type o Content-Disposition (utilizado para la vista previa o descarga de archivos adjuntos). Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A remote attacker could possibly use this issue to load arbit... • https://github.com/roundcube/roundcubemail/commit/5ec496885e18ec6af956e8c0d627856c2257ba2d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 1%CPEs: 6EXPL: 0CVE-2023-5859 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5859
01 Nov 2023 — Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low) La interfaz de usuario de seguridad incorrecta en Imagen sobre Imagen en Google Chrome anterior a 119.0.6045.105 permitía a un atacante remoto realizar una suplantación de dominio a través de una página HTML local manipulada. (Severidad de seguridad de Chrome: baja) Multiple vulnerabilities have been discove... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html • CWE-346: Origin Validation Error •
CVSS: 5.0EPSS: 1%CPEs: 6EXPL: 0CVE-2023-5858 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5858
01 Nov 2023 — Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) La implementación inadecuada en WebApp Provider en Google Chrome anterior a 119.0.6045.105 permitió a un atacante remoto ofuscar la interfaz de usuario de seguridad a través de una página HTML manipulada. (Severidad de seguridad de Chrome: baja) Multiple vulnerabilities have been discovered in Chromium and its d... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html • CWE-346: Origin Validation Error •
CVSS: 10.0EPSS: 5%CPEs: 6EXPL: 0CVE-2023-5857 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5857
01 Nov 2023 — Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium) La implementación inadecuada en Descargas en Google Chrome anterior a 119.0.6045.105 permitía a un atacante remoto ejecutar potencialmente código arbitrario a través de un archivo malicioso. (Severidad de seguridad de Chromium: media) Multiple vulnerabilities have been discovered in Chromium and its deriv... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html •
CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0CVE-2023-5856 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5856
01 Nov 2023 — Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Use after free en el Panel Lateral de Google Chrome anterior a 119.0.6045.105 permitía a un atacante remoto convencer a un usuario de realizar gestos específicos en la interfaz de usuario para explotar potencialmente la corrupción del montón a través de una pá... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0CVE-2023-5855 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5855
01 Nov 2023 — Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) Use after free en Modo Lectura en Google Chrome anterior a 119.0.6045.105 permitía a un atacante remoto convencer a un usuario de realizar gestos de interfaz de usuario específicos para explotar potencialmente la corrupción del montón a través de gestos de ... • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html • CWE-416: Use After Free •