CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-42883 – webkitgtk: processing a malicious image may lead to a denial of service
https://notcve.org/view.php?id=CVE-2023-42883
12 Dec 2023 — The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en Safari 17.2, macOS Sonoma 14.2, iOS 17.2 y iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 y iPadOS 16.7.3. • http://seclists.org/fulldisclosure/2023/Dec/12 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6186 – Link targets allow arbitrary script execution
https://notcve.org/view.php?id=CVE-2023-6186
11 Dec 2023 — Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user. La validación insuficiente de permisos en las macros de The Document Foundation LibreOffice permite a un atacante ejecutar macros integradas sin previo aviso. En las versiones afectadas, LibreOffice admite h... • https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html • CWE-250: Execution with Unnecessary Privileges CWE-281: Improper Preservation of Permissions •
CVSS: 9.0EPSS: 1%CPEs: 5EXPL: 0CVE-2023-6185 – Improper input validation enabling arbitrary Gstreamer pipeline injection
https://notcve.org/view.php?id=CVE-2023-6185
11 Dec 2023 — Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system. Vulnerabilidad de validación de entrada incorrecta en la integración GStreamer de The Document Foundation LibreOffice perm... • https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html • CWE-250: Execution with Unnecessary Privileges •
CVSS: 6.3EPSS: 31%CPEs: 28EXPL: 8CVE-2023-45866 – bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution
https://notcve.org/view.php?id=CVE-2023-45866
07 Dec 2023 — Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. Bluetooth HID Hosts in BlueZ ... • https://github.com/pentestfunctions/BlueDucky • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6512 – Gentoo Linux Security Advisory 202402-14
https://notcve.org/view.php?id=CVE-2023-6512
06 Dec 2023 — Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low) La implementación inapropiada en la interfaz de usuario del navegador web en Google Chrome anterior a 120.0.6099.62 permitía a un atacante remoto falsificar potencialmente el contenido de un menú contextual de diálogo iframe a través de una página HTML manipulada. (Severid... • https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6511 – Gentoo Linux Security Advisory 202402-14
https://notcve.org/view.php?id=CVE-2023-6511
06 Dec 2023 — Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) La implementación inapropiada de Autofill en Google Chrome anterior a 120.0.6099.62 permitió a un atacante remoto eludir las restricciones de Autocompletar a través de una página HTML manipulada. (Severidad de seguridad de Chrome: baja) Multiple vulnerabilities have been discovered in Chromium and its derivatives... • https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html •
CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 0CVE-2023-6510 – Gentoo Linux Security Advisory 202402-14
https://notcve.org/view.php?id=CVE-2023-6510
06 Dec 2023 — Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) Use after free en Media Capture en Google Chrome anterior a 120.0.6099.62 permitía a un atacante remoto convencer a un usuario de participar en una interacción de interfaz de usuario específica para explotar potencialmente la corrupción del heap a tra... • https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2023-6509 – Gentoo Linux Security Advisory 202402-14
https://notcve.org/view.php?id=CVE-2023-6509
06 Dec 2023 — Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High) Use after free en Side Panel Search en Google Chrome anterior a 120.0.6099.62 permitía a un atacante remoto convencer a un usuario de participar en una interacción de interfaz de usuario específica para explotar potencialmente la corrupción del heap... • https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2023-6508 – Gentoo Linux Security Advisory 202402-14
https://notcve.org/view.php?id=CVE-2023-6508
06 Dec 2023 — Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Media Stream en Google Chrome anterior a 120.0.6099.62 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the wo... • https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 2%CPEs: 13EXPL: 0CVE-2023-42917 – Apple Multiple Products WebKit Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2023-42917
30 Nov 2023 — A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. Se solucionó una vulnerabilidad de corrupción de memoria con un bloqueo mejorado. • http://seclists.org/fulldisclosure/2023/Dec/12 • CWE-787: Out-of-bounds Write •