CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-23603 – Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
https://notcve.org/view.php?id=CVE-2023-23603
19 Jan 2023 — Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to `console.log` weren't acc... • https://bugzilla.mozilla.org/show_bug.cgi?id=1800832 • CWE-185: Incorrect Regular Expression CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-23605 – Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
https://notcve.org/view.php?id=CVE-2023-23605
19 Jan 2023 — Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these ... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1764921%2C1802690%2C1806974 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-47990 – IBM AIX denial of service
https://notcve.org/view.php?id=CVE-2022-47990
18 Jan 2023 — IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution. • https://exchange.xforce.ibmcloud.com/vulnerabilities/243556 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-32490
https://notcve.org/view.php?id=CVE-2022-32490
18 Jan 2023 — A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000204685 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-34401
https://notcve.org/view.php?id=CVE-2022-34401
18 Jan 2023 — A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000204679 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 52EXPL: 0CVE-2022-34460
https://notcve.org/view.php?id=CVE-2022-34460
18 Jan 2023 — A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000204686 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 52EXPL: 0CVE-2022-34393
https://notcve.org/view.php?id=CVE-2022-34393
18 Jan 2023 — A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000204686 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-34456
https://notcve.org/view.php?id=CVE-2022-34456
18 Jan 2023 — Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. • https://www.dell.com/support/kbdoc/en-us/000204057/dsa-2022-267-dell-emc-metronode-vs5-security-update-for-multiple-third-party-component-vulnerabilities • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-21606 – Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-21606
18 Jan 2023 — Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb23-01.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46285 – libXpm: Infinite loop on unclosed comments
https://notcve.org/view.php?id=CVE-2022-46285
18 Jan 2023 — A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library. Martin Ettl discovered that libXpm incorrectly handled certain XPM files. If a user or automated system were tricked into opening a specially crafted XPM file, a remote attacker could possibly use this issue to cause libXpm to stop responding, resulting in a denia... • https://packetstorm.news/files/id/170620 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •