CVE-2023-6174 – Out-of-bounds Read in Wireshark
https://notcve.org/view.php?id=CVE-2023-6174
SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file La falla del disector SSH en Wireshark 4.0.0 a 4.0.10 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado • https://gitlab.com/wireshark/wireshark/-/issues/19369 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V https://security.gentoo.org/glsa/202402-09 https://www.debian.org/security/2023/dsa-5559 https://www.wireshark.org/security/wnpa-sec-2023-28.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-125: Out-of-bounds Read •
CVE-2023-6112 – Chrome content::NavigationURLLoaderImpl::FallbackToNonInterceptedRequest Heap Use-After-Free
https://notcve.org/view.php?id=CVE-2023-6112
Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Navegación en Google Chrome anterior a 119.0.6045.159 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Chrome suffers from a heap use-after-free vulnerability in content::NavigationURLLoaderImpl::FallbackToNonInterceptedRequest. • http://packetstormsecurity.com/files/176721/Chrome-content-NavigationURLLoaderImpl-FallbackToNonInterceptedRequest-Heap-Use-After-Free.html https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html https://crbug.com/1499298 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JHUI5HW7QXT3U74MJMTLUMF5REDO5HD5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MN3JQGEC4EFQP3WTI33YBD3CLC3I7P4X https://lists.fedoraproject.org/archives/list/package- • CWE-416: Use After Free •
CVE-2023-5997
https://notcve.org/view.php?id=CVE-2023-5997
Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Garbage Collection en Google Chrome anterior a 119.0.6045.159 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html https://crbug.com/1497997 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JHUI5HW7QXT3U74MJMTLUMF5REDO5HD5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MN3JQGEC4EFQP3WTI33YBD3CLC3I7P4X https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWHRLW3GDNFBFSBHDD4QOPUPX7ORTUEC https://security.gentoo.org/glsa/202311-11 https://secu • CWE-416: Use After Free •
CVE-2023-23583
https://notcve.org/view.php?id=CVE-2023-23583
Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. La secuencia de instrucciones del procesador genera un comportamiento inesperado en Intel(R) Processors que pueden permitir que un usuario autenticado potencialmente habilite la escalada de privilegios y/o la divulgación de información y/o la denegación de servicio a través del acceso local. • https://github.com/Mav3r1ck0x1/CVE-2023-23583-Reptar- http://www.openwall.com/lists/oss-security/2023/11/14/4 http://www.openwall.com/lists/oss-security/2023/11/14/5 http://www.openwall.com/lists/oss-security/2023/11/14/6 http://www.openwall.com/lists/oss-security/2023/11/14/7 http://www.openwall.com/lists/oss-security/2023/11/14/8 http://www.openwall.com/lists/oss-security/2023/11/14/9 https://lists.debian.org/debian-lts-announce/2023/12/ • CWE-1281: Sequence of Processor Instructions Leads to Unexpected Behavior •
CVE-2023-46850
https://notcve.org/view.php?id=CVE-2023-46850
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer. Use after free en OpenVPN versión 2.6.0 a 2.6.6 puede provocar un comportamiento indefinido, pérdida de búferes de memoria o ejecución remota al enviar búferes de red a un par remoto. • https://community.openvpn.net/openvpn/wiki/CVE-2023-46850 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3FS46ANNTAVLIQY56ZKGM5CBTRVBUNE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O54I7D753V6PU6XBU26FEROD2DSHEJQ4 https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850 https://www.debian.org/security/2023/dsa-5555 • CWE-416: Use After Free •