CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-2459 – Debian Security Advisory 5398-1
https://notcve.org/view.php?id=CVE-2023-2459
02 May 2023 — Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium) Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected. • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html •
CVSS: 6.5EPSS: 10%CPEs: 5EXPL: 3CVE-2023-30943 – Moodle: tinymce loaders susceptible to arbitrary folder creation
https://notcve.org/view.php?id=CVE-2023-30943
02 May 2023 — The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. • https://github.com/d0rb/CVE-2023-30943 • CWE-73: External Control of File Name or Path CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2023-30944 – Moodle: minor sql injection risk in external wiki method for listing pages
https://notcve.org/view.php?id=CVE-2023-30944
02 May 2023 — The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77187 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 1%CPEs: 14EXPL: 3CVE-2023-29007 – Arbitrary configuration injection via `git submodule deinit`
https://notcve.org/view.php?id=CVE-2023-29007
25 Apr 2023 — Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attack... • https://github.com/ethiack/CVE-2023-29007 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.4EPSS: 0%CPEs: 17EXPL: 0CVE-2023-2269 – kernel: A possible deadlock in dm_get_inactive_table in dm- ioctl.c leads to dos
https://notcve.org/view.php?id=CVE-2023-2269
25 Apr 2023 — A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. A flaw was found in the Linux Kernel, leading to a denial of service. This issue occurs due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. Gwangun Jung discovered that the Quick Fa... • https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html • CWE-413: Improper Resource Locking CWE-667: Improper Locking •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-2137 – Debian Security Advisory 5393-1
https://notcve.org/view.php?id=CVE-2023-2137
19 Apr 2023 — Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected. • https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-2136 – Google Chrome Skia Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-2136
19 Apr 2023 — Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected. Google Chromium Skia contains an integer overflow vulnerability that allows a remote... • https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-2135 – Debian Security Advisory 5393-1
https://notcve.org/view.php?id=CVE-2023-2135
19 Apr 2023 — Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected. • https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-2134 – Debian Security Advisory 5393-1
https://notcve.org/view.php?id=CVE-2023-2134
19 Apr 2023 — Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected. • https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-2133 – Debian Security Advisory 5393-1
https://notcve.org/view.php?id=CVE-2023-2133
19 Apr 2023 — Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected. • https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html • CWE-787: Out-of-bounds Write •