CVSS: 10.0EPSS: 15%CPEs: 4EXPL: 0CVE-2023-3215 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-3215
13 Jun 2023 — Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected. • https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2023-3214 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-3214
13 Jun 2023 — Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected. • https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html • CWE-416: Use After Free •
CVSS: 3.9EPSS: 0%CPEs: 7EXPL: 0CVE-2023-20867 – VMware Tools Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-20867
13 Jun 2023 — A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. Un host ESXi totalmente comprometido puede obligar a VMware Tools a no poder autenticar las operaciones de host a invitado, lo que afecta la confidencialidad y la integridad de la máquina virtual invitada. A flaw was found in the open-vm-tools package. An attacker with root access privileges over ESXi may be able to cause an authenti... • http://www.openwall.com/lists/oss-security/2023/10/16/11 • CWE-287: Improper Authentication •
CVSS: 3.3EPSS: 0%CPEs: 10EXPL: 1CVE-2023-2602 – libcap: Memory Leak on pthread_create() Error
https://notcve.org/view.php?id=CVE-2023-2602
06 Jun 2023 — A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory. Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts... • https://bugzilla.redhat.com/show_bug.cgi?id=2209114 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 4CVE-2023-3079 – Google Chromium V8 Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2023-3079
05 Jun 2023 — Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 120.0.6099.109 are affected. Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corru... • https://packetstorm.news/files/id/176211 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-34256 – Ubuntu Security Notice USN-6701-3
https://notcve.org/view.php?id=CVE-2023-34256
31 May 2023 — An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated "When modifying the block device while it is mounted by the filesystem" access. Se ha descubierto un problema en el kernel de Linux en las versiones anteriores a 6.3.3. Hay una lectur... • https://bugzilla.suse.com/show_bug.cgi?id=1211895 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-2952 – wireshark: XRA dissector infinite loop
https://notcve.org/view.php?id=CVE-2023-2952
30 May 2023 — XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file El bucle infinito del disector XRA en Wireshark 4.0.0 a 4.0.5 y 3.6.0 a 3.6.13 permite la denegación de servicio mediante la inyección de paquetes o un archivo de captura manipulado A flaw was found in the XRA dissector of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing an infinite loop, resulting in a den... • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2952.json • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-2879 – Debian Security Advisory 5429-1
https://notcve.org/view.php?id=CVE-2023-2879
26 May 2023 — GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file GDSDB bucle infinito en Wireshark 4.0.0 a 4.0.5 y 3.6.0 a 3.6.13 permite la denegación de servicio a través de inyección de paquetes o archivo de captura manipulado Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2879.json • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.7EPSS: 0%CPEs: 14EXPL: 0CVE-2023-2898 – Ubuntu Security Notice USN-6339-3
https://notcve.org/view.php?id=CVE-2023-2898
26 May 2023 — There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the Ove... • https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 2CVE-2023-0666 – Wireshark RTPS Parsing Buffer Overflow
https://notcve.org/view.php?id=CVE-2023-0666
25 May 2023 — Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. Debido a un fallo en la validación de la longitud proporcionada por un atacante de paquetes manipulados RTPS, Wireshark v4.0.5 y anteriores, por defecto, es susceptible a un desbordamiento de búfer de pila y posiblemente la ejecución de código en el conte... • https://gitlab.com/wireshark/wireshark/-/issues/19085 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •