CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36029 – Microsoft Edge (Chromium-based) Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-36029
Microsoft Edge (Chromium-based) Spoofing Vulnerability Vulnerabilidad de suplantación de identidad en Microsoft Edge (Chromium-based) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36029 https://security.gentoo.org/glsa/202402-05 •
CVSS: 8.8EPSS: 30%CPEs: 25EXPL: 0CVE-2023-5217 – Google Chromium libvpx Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-5217
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento del búfer en la codificación vp8 en libvpx en Google Chrome anterior a 117.0.5938.132 y libvpx 1.13.1 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library. Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. • http://seclists.org/fulldisclosure/2023/Oct/12 http://seclists.org/fulldisclosure/2023/Oct/16 http://www.openwall.com/lists/oss-security/2023/09/28/5 http://www.openwall.com/lists/oss-security/2023/09/28/6 http://www.openwall.com/lists/oss-security/2023/09/29/1 http://www.openwall.com/lists/oss-security/2023/09/29/11 http://www.openwall.com/lists/oss-security/2023/09/29/12 http://www.openwall.com/lists/oss-security/2023/09/29/14 http://ww • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 62%CPEs: 16EXPL: 12CVE-2023-4863 – Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-4863
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) El desbordamiento del búfer de memoria en libwebp en Google Chrome anterior a 116.0.5845.187 y libwebp 1.3.2 permitía a un atacante remoto realizar una escritura en memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chromium: crítica) A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library. Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. • https://github.com/alsaeroth/CVE-2023-4863-POC https://github.com/mistymntncop/CVE-2023-4863 https://github.com/LiveOverflow/webp-CVE-2023-4863 https://github.com/bbaranoff/CVE-2023-4863 https://github.com/talbeerysec/BAD-WEBP-CVE-2023-4863 https://github.com/huiwen-yayaya/CVE-2023-4863 https://github.com/CrackerCat/CVE-2023-4863- https://github.com/sarsaeroth/CVE-2023-4863-POC http://www.openwall.com/lists/oss-security/2023/09/21/4 http://www.openwall.com/list • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36883 – Microsoft Edge for iOS Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2023-36883
Microsoft Edge for iOS Spoofing Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36883 •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28301 – Microsoft Edge (Chromium-based) Tampering Vulnerability
https://notcve.org/view.php?id=CVE-2023-28301
Microsoft Edge (Chromium-based) Tampering Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28301 •