CVE-2023-2313
https://notcve.org/view.php?id=CVE-2023-2313
Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a malicious file. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html https://crbug.com/1335974 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ •
CVE-2023-26078
https://notcve.org/view.php?id=CVE-2023-26078
Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs. • https://github.com/mandiant/Vulnerability-Disclosures https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0009.md https://www.atera.com •
CVE-2023-26077
https://notcve.org/view.php?id=CVE-2023-26077
Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions. • https://github.com/mandiant/Vulnerability-Disclosures https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0008.md https://www.atera.com • CWE-276: Incorrect Default Permissions •
CVE-2023-35077
https://notcve.org/view.php?id=CVE-2023-35077
An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above. • https://forums.ivanti.com/s/article/SA-2023-07-19-CVE-2023-35077 • CWE-787: Out-of-bounds Write •
CVE-2023-25841 – BUG-000158075 Stored XSS issue in ArcGIS Server
https://notcve.org/view.php?id=CVE-2023-25841
There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 – 11.0 on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. Mitigation: Disable anonymous access to ArcGIS Feature services with edit capabilities. • https://www.esri.com/arcgis-blog/products/trust-arcgis/announcements/arcgis-server-security-2023-update-1-patch-available • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •