CVE-2023-4350
https://notcve.org/view.php?id=CVE-2023-4350
Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html https://crbug.com/1454817 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5479 •
CVE-2023-4349
https://notcve.org/view.php?id=CVE-2023-4349
Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html https://crbug.com/1458303 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5479 • CWE-416: Use After Free •
CVE-2023-40283 – kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c
https://notcve.org/view.php?id=CVE-2023-40283
An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. A flaw was found in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Bluetooth subsystem in the Linux Kernel. This issue may allow a user to cause a use-after-free problem due to sk's children being mishandled. • http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.10 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1728137b33c00d5a2b5110ed7aafb42e7c32e4a1 https://github.com/torvalds/linux/commit/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1 https://lists.debian.org/debian-lts-announce/2023/10/msg00027.htm • CWE-416: Use After Free •
CVE-2023-39949 – Improper validation of sequence numbers leading to remotely reachable assertion failure
https://notcve.org/view.php?id=CVE-2023-39949
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9.1 and 2.6.5 contain a patch for this issue. eprosima Fast DDS es una implementación en C++ del estándar Data Distribution Service del Object Management Group. Antes de las versiones 2.9.1 y 2.6.5, una validación incorrecta de los números de secuencia puede provocar un fallo de aserción alcanzable remotamente. • https://github.com/eProsima/Fast-DDS/blob/v2.9.0/src/cpp/rtps/messages/MessageReceiver.cpp#L1059 https://github.com/eProsima/Fast-DDS/issues/3236 https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-3jv9-j9x3-95cg https://www.debian.org/security/2023/dsa-5481 • CWE-617: Reachable Assertion •
CVE-2023-39948 – Uncaught fastcdr exception (Unexpected CDR type received) crashing fastdds
https://notcve.org/view.php?id=CVE-2023-39948
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the `BadParamException` thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 contain a patch for this issue. eprosima Fast DDS es una implementación en C++ del estándar Data Distribution Service del Object Management Group. Antes de las versiones 2.10.0 y 2.6.5, la `BadParamException` lanzada por Fast CDR no es capturada en Fast DDS. • https://github.com/eProsima/Fast-DDS/files/11117197/fastdds-assert.pcap.zip https://github.com/eProsima/Fast-DDS/issues/3422 https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-x9pj-vrgf-f68f https://www.debian.org/security/2023/dsa-5481 • CWE-248: Uncaught Exception •