Page 16 of 1342 results (0.025 seconds)

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-5721 – Mozilla: Queued up rendering could have allowed websites to clickjack

https://notcve.org/view.php?id=CVE-2023-5721

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Era posible que el usuario activara o descartara ciertas indicaciones y cuadros de diálogo del navegador debido a una insuficiente activación del delay. Esta vulnerabilidad afecta a Firefox &lt; 119, Firefox ESR &lt; 115.4 y Thunderbird &lt; 115.4.1. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1830820 https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html https://www.debian.org/security/2023/dsa-5535 https://www.debian.org/security/2023/dsa-5538 https://www.mozilla.org/security/advisories/mfsa2023-45 https://www.mozilla.org/security/advisories/mfsa2023-46 https://www.mozilla.org/security/advisories/mfsa2023-47 https://access.redhat.com/security • CWE-356: Product UI does not Warn User of Unsafe Actions CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-46316 – traceroute: improper command line parsing

https://notcve.org/view.php?id=CVE-2023-46316

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. En buc Traceroute 2.0.12 a 2.1.2 anterior a 2.1.3, los scripts contenedores no analizan correctamente las líneas de comando. A vulnerability was found in traceroute. This security issue is caused by wrapper scripts that do not properly parse command lines. In Traceroute versions 2.0.12 through to 2.1.2, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. • http://packetstormsecurity.com/files/176660/Traceroute-2.1.2-Privilege-Escalation.html https://security-tracker.debian.org/tracker/CVE-2023-46316 https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3 https://access.redhat.com/security/cve/CVE-2023-46316 https://bugzilla.redhat.com/show_bug.cgi?id=2246303 • CWE-214: Invocation of Process Using Visible Sensitive Information CWE-234: Failure to Handle Missing Parameter •

CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 2

CVE-2023-5631 – Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

https://notcve.org/view.php?id=CVE-2023-5631

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code. Roundcube anterior a 1.4.15, 1.5.x anterior a 1.5.5 y 1.6.x anterior a 1.6.4 permiten almacenar XSS a través de un mensaje de correo electrónico HTML con un documento SVG manipulado debido al comportamiento de program/lib/Roundcube/rcube_washtml.php. Esto podría permitir que un atacante remoto cargue código JavaScript arbitrario. Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that allows a remote attacker to run malicious JavaScript code. • https://github.com/soreta2/CVE-2023-5631-POC http://www.openwall.com/lists/oss-security/2023/11/01/1 http://www.openwall.com/lists/oss-security/2023/11/01/3 http://www.openwall.com/lists/oss-security/2023/11/17/2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054079 https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d https://github.com/roundcube/roundcubemail/commit/6ee6e7ae301e165e2b2cb703edf75552e5376613 https://github.com/roundcube/roundcubemail/issues/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 0%CPEs: 15EXPL: 0

CVE-2023-45133 – Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code

https://notcve.org/view.php?id=CVE-2023-45133

Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any "polyfill provider" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. • https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82 https://github.com/babel/babel/pull/16033 https://github.com/babel/babel/releases/tag/v7.23.2 https://github.com/babel/babel/releases/tag/v8.0.0-alpha.4 https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92 https://lists.debian.org/debian-lts-announce/2023/10/msg00026.html https://www.debian.org/security/2023/dsa-5528 • CWE-184: Incomplete List of Disallowed Inputs CWE-697: Incorrect Comparison •

CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-5473

https://notcve.org/view.php?id=CVE-2023-5473

Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) El use after free en Cast en Google Chrome anterior a 118.0.5993.70 permitía a un atacante remoto que había comprometido el proceso de renderizado explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: Baja) • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html https://crbug.com/1484000 https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202312-07 https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5526 • CWE-416: Use After Free •