CVSS: 6.8EPSS: 0%CPEs: 42EXPL: 0CVE-2023-5388 – nss: timing attack against RSA decryption
https://notcve.org/view.php?id=CVE-2023-5388
10 Jan 2024 — NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. NSS era susceptible a un ataque de canal lateral de sincronización al realizar el descifrado RSA. Este ataque podría permitir potencialmente que un atacante recupere los datos privados. • https://bugzilla.mozilla.org/show_bug.cgi?id=1780432 • CWE-208: Observable Timing Discrepancy •
CVSS: 10.0EPSS: 0%CPEs: 23EXPL: 0CVE-2023-44429 – GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44429
15 Nov 2023 — GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying ... • https://gstreamer.freedesktop.org/security/sa-2023-0009.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 39EXPL: 0CVE-2023-44446 – GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-44446
15 Nov 2023 — GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. • https://gstreamer.freedesktop.org/security/sa-2023-0010.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2023-40474 – GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40474
27 Sep 2023 — GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before al... • https://gstreamer.freedesktop.org/security/sa-2023-0006.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0CVE-2023-40475 – GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40475
27 Sep 2023 — GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before al... • https://gstreamer.freedesktop.org/security/sa-2023-0007.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2023-40476 – GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40476
27 Sep 2023 — GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it ... • https://gstreamer.freedesktop.org/security/sa-2023-0008.html • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 32EXPL: 0CVE-2024-27834 – Apple Safari Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-27834
18 Aug 2022 — The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. El problema se solucionó con controles mejorados. Este problema se solucionó en iOS 17.5 y iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. • http://seclists.org/fulldisclosure/2024/May/10 • CWE-277: Insecure Inherited Permissions CWE-288: Authentication Bypass Using an Alternate Path or Channel •