CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5483
https://notcve.org/view.php?id=CVE-2023-5483
Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) La implementación inadecuada de Intents en Google Chrome anteriores a 118.0.5993.70 permitió a un atacante remoto eludir la política de seguridad de contenido a través de una página HTML manipulada. (Severidad de seguridad de Chromium: Media) • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html https://crbug.com/1425355 https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202312-07 https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5526 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5475
https://notcve.org/view.php?id=CVE-2023-5475
Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium) La implementación inadecuada de DevTools en Google Chrome anterior a 118.0.5993.70 permitió a un atacante que convenció a un usuario de instalar una extensión maliciosa para evitar el control de acceso discrecional a través de una extensión de Chrome manipulada. (Severidad de seguridad de Chromium: Media) • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html https://crbug.com/1476952 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F5QCMP6KKWPDZZLFU7YXSZDHEKOE7BXO https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4GHJ3FK5NPHDRUR4OJOI4UU6FKSOOGG https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202312-07 https://security.gentoo.org/glsa/202401-34 https://www.debian.org/secur •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5484
https://notcve.org/view.php?id=CVE-2023-5484
Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) La implementación inadecuada de la navegación en Google Chrome anterior a 118.0.5993.70 permitió a un atacante remoto falsificar la interfaz de usuario de seguridad a través de una página HTML manipulada. (Severidad de seguridad de Chromium: Media) • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html https://crbug.com/1414936 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F5QCMP6KKWPDZZLFU7YXSZDHEKOE7BXO https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4GHJ3FK5NPHDRUR4OJOI4UU6FKSOOGG https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202312-07 https://security.gentoo.org/glsa/202401-34 https://www.debian.org/secur •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5218
https://notcve.org/view.php?id=CVE-2023-5218
Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Use after free de Site Isolation en Google Chrome anterior a 118.0.5993.70 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chromium: Crítica) • https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html https://crbug.com/1487110 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F5QCMP6KKWPDZZLFU7YXSZDHEKOE7BXO https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4GHJ3FK5NPHDRUR4OJOI4UU6FKSOOGG https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202312-07 https://security.gentoo.org/glsa/202401-34 https://www.debian.org/secur • CWE-416: Use After Free •
CVSS: 9.1EPSS: 1%CPEs: 6EXPL: 0CVE-2023-44981 – Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication
https://notcve.org/view.php?id=CVE-2023-44981
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like 'eve@EXAMPLE.COM', the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree. Quorum Peer authentication is not enabled by default. Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue. Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue. See the documentation for more details on correct cluster administration. • http://www.openwall.com/lists/oss-security/2023/10/11/4 https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b https://lists.debian.org/debian-lts-announce/2023/10/msg00029.html https://security.netapp.com/advisory/ntap-20240621-0007 https://www.debian.org/security/2023/dsa-5544 https://access.redhat.com/security/cve/CVE-2023-44981 https://bugzilla.redhat.com/show_bug.cgi?id=2243436 • CWE-639: Authorization Bypass Through User-Controlled Key •