CVE-2023-5721 – Mozilla: Queued up rendering could have allowed websites to clickjack
https://notcve.org/view.php?id=CVE-2023-5721
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Era posible que el usuario activara o descartara ciertas indicaciones y cuadros de diálogo del navegador debido a una insuficiente activación del delay. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1. A flaw was found in Mozilla. • https://bugzilla.mozilla.org/show_bug.cgi?id=1830820 https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html https://www.debian.org/security/2023/dsa-5535 https://www.debian.org/security/2023/dsa-5538 https://www.mozilla.org/security/advisories/mfsa2023-45 https://www.mozilla.org/security/advisories/mfsa2023-46 https://www.mozilla.org/security/advisories/mfsa2023-47 https://access.redhat.com/security • CWE-356: Product UI does not Warn User of Unsafe Actions CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2023-5363 – Incorrect cipher key & IV length processing
https://notcve.org/view.php?id=CVE-2023-5363
Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. • http://www.openwall.com/lists/oss-security/2023/10/24/1 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee https://security.netapp.com/advisory/ntap-20231027-0010 https://security.netapp.com/advisory/ntap-20240201-0003 https://security.netapp.com/advisory/ntap-20240201-0004 https://www.debian.org/security/2023/dsa-5532 https://www.openssl.org/news/ • CWE-325: Missing Cryptographic Step CWE-684: Incorrect Provision of Specified Functionality •
CVE-2023-46316 – traceroute: improper command line parsing
https://notcve.org/view.php?id=CVE-2023-46316
In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. En buc Traceroute 2.0.12 a 2.1.2 anterior a 2.1.3, los scripts contenedores no analizan correctamente las líneas de comando. A vulnerability was found in traceroute. This security issue is caused by wrapper scripts that do not properly parse command lines. In Traceroute versions 2.0.12 through to 2.1.2, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. • http://packetstormsecurity.com/files/176660/Traceroute-2.1.2-Privilege-Escalation.html https://security-tracker.debian.org/tracker/CVE-2023-46316 https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3 https://access.redhat.com/security/cve/CVE-2023-46316 https://bugzilla.redhat.com/show_bug.cgi?id=2246303 • CWE-214: Invocation of Process Using Visible Sensitive Information CWE-234: Failure to Handle Missing Parameter •
CVE-2023-45145 – Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.
https://notcve.org/view.php?id=CVE-2023-45145
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. • https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1 https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx https://lists.debian.org/debian-lts-announce/2023/10/msg00032.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/464JPNBWE433ZGYXO3KN72VR3KJPWHAW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BNEK2K4IE7MPKRD6H36JXZMJKYS6I5GQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2023-5631 – Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2023-5631
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code. Roundcube anterior a 1.4.15, 1.5.x anterior a 1.5.5 y 1.6.x anterior a 1.6.4 permiten almacenar XSS a través de un mensaje de correo electrónico HTML con un documento SVG manipulado debido al comportamiento de program/lib/Roundcube/rcube_washtml.php. Esto podría permitir que un atacante remoto cargue código JavaScript arbitrario. Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that allows a remote attacker to run malicious JavaScript code. • https://github.com/soreta2/CVE-2023-5631-POC http://www.openwall.com/lists/oss-security/2023/11/01/1 http://www.openwall.com/lists/oss-security/2023/11/01/3 http://www.openwall.com/lists/oss-security/2023/11/17/2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054079 https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d https://github.com/roundcube/roundcubemail/commit/6ee6e7ae301e165e2b2cb703edf75552e5376613 https://github.com/roundcube/roundcubemail/issues/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •