Page 27 of 282 results (0.015 seconds)

CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 1

CVE-2023-5546 – Moodle: stored xss in quiz grading report via user id number

https://notcve.org/view.php?id=CVE-2023-5546

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Los números de identificación que se muestran en el informe de calificación del cuestionario requirieron una sanitización adicional para evitar un riesgo de XSS almacenado. • https://github.com/obelia01/CVE-2023-5546 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971 https://bugzilla.redhat.com/show_bug.cgi?id=2243445 https://moodle.org/mod/forum/discuss.php?d=451587 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0

CVE-2023-5544 – Moodle: stored xss and potential idor risk in wiki comments

https://notcve.org/view.php?id=CVE-2023-5544

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. Los comentarios de Wiki requirieron restricciones de acceso y sanitización adicionales para evitar un riesgo XSS almacenado y un riesgo potencial de IDOR. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79509 https://bugzilla.redhat.com/show_bug.cgi?id=2243443 https://moodle.org/mod/forum/discuss.php?d=451585 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2023-5996

https://notcve.org/view.php?id=CVE-2023-5996

Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El use after free en WebAudio en Google Chrome anterior a 119.0.6045.123 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html https://crbug.com/1497859 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MHLJRFWZNY6BFOW25Q4FEESVWZKS4C2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHWLT3M2AQDFD7RNAM3NJMYUC5KHMO5V https://security.gentoo.org/glsa/202311-11 https://security.gentoo.org/glsa/202312-07 https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security • CWE-416: Use After Free •

CVSS: 4.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-4535 – Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys

https://notcve.org/view.php?id=CVE-2023-4535

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security. Se encontró una vulnerabilidad de lectura fuera de los límites en los paquetes OpenSC dentro del controlador MyEID al manejar el cifrado de clave simétrica. Explotar esta falla requiere que un atacante tenga acceso físico a la computadora y a un dispositivo USB o tarjeta inteligente especialmente manipulado. • https://access.redhat.com/errata/RHSA-2023:7879 https://access.redhat.com/security/cve/CVE-2023-4535 https://bugzilla.redhat.com/show_bug.cgi?id=2240914 https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2 https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1 https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject • CWE-125: Out-of-bounds Read •

CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0

CVE-2023-47272

https://notcve.org/view.php?id=CVE-2023-47272

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). Roundcube 1.5.x anterior a 1.5.6 y 1.6.x anterior a 1.6.5 permite XSS a través de un encabezado Content-Type o Content-Disposition (utilizado para la vista previa o descarga de archivos adjuntos). • https://github.com/roundcube/roundcubemail/commit/5ec496885e18ec6af956e8c0d627856c2257ba2d https://github.com/roundcube/roundcubemail/releases/tag/1.5.6 https://github.com/roundcube/roundcubemail/releases/tag/1.6.5 https://lists.debian.org/debian-lts-announce/2023/12/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GILSR762MJB3BNJOVOCMW2JXEPV46IIQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YFRGBPET73URF6364CI547ZVWQESJLGK https: • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •