CVSS: 7.8EPSS: 1%CPEs: 13EXPL: 0CVE-2023-42916 – Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2023-42916
30 Nov 2023 — An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. Se solucionó una lectura fuera de los límites con una validación de entrada mejorada. • http://seclists.org/fulldisclosure/2023/Dec/12 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 17%CPEs: 7EXPL: 0CVE-2023-6345 – Google Skia Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-6345
29 Nov 2023 — Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) El desbordamiento de enteros en Skia en Google Chrome anterior a 119.0.6045.199 permitió a un atacante remoto que había comprometido el proceso de renderizado realizar potencialmente un escape de la zona de pruebas a través de un archivo malicioso. (Severidad de seguridad de Chrome... • https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2023-6351 – Gentoo Linux Security Advisory 202402-14
https://notcve.org/view.php?id=CVE-2023-6351
29 Nov 2023 — Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) Use after free en libavif en Google Chrome anterior a 119.0.6045.199 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de un archivo avif manipulado. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of w... • https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 4%CPEs: 5EXPL: 1CVE-2023-6350 – Gentoo Linux Security Advisory 202402-14
https://notcve.org/view.php?id=CVE-2023-6350
29 Nov 2023 — Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) Use after free en libavif en Google Chrome anterior a 119.0.6045.199 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de un archivo avif manipulado. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of w... • https://github.com/dywsy21/CVE-2023-6350_Reproduction • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2023-6346 – Gentoo Linux Security Advisory 202402-14
https://notcve.org/view.php?id=CVE-2023-6346
29 Nov 2023 — Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en WebAudio en Google Chrome anterior a 119.0.6045.199 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of... • https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2023-6347 – Gentoo Linux Security Advisory 202402-14
https://notcve.org/view.php?id=CVE-2023-6347
29 Nov 2023 — Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Mojo en Google Chrome anterior a 119.0.6045.199 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which c... • https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 1CVE-2023-6348 – Gentoo Linux Security Advisory 202402-14
https://notcve.org/view.php?id=CVE-2023-6348
29 Nov 2023 — Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Type Confusion en Spellcheck en Google Chrome anterior a 119.0.6045.199 permitía a un atacante remoto que había comprometido el proceso de renderizado explotar potencialmente la corrupción del heap a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alt... • https://packetstorm.news/files/id/176368 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2023-6212 – Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5
https://notcve.org/view.php?id=CVE-2023-6212
21 Nov 2023 — Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Errores de seguridad de la memoria presentes en Firefox 119, Firefox 115.4 y Thunderbird 115.4. Algunos de estos errores mostraron evidencia de corrupción de memoria y suponemos q... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1658432%2C1820983%2C1829252%2C1856072%2C1856091%2C1859030%2C1860943%2C1862782 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6209 – Mozilla: Incorrect parsing of relative URLs starting with "///"
https://notcve.org/view.php?id=CVE-2023-6209
21 Nov 2023 — Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Las URL relativas que comenzaban con tres barras se analizaban incorrectamente y se podía utilizar una parte de path-traversal "/../" en la ruta para anular el host especificado. Esto podría contribuir a pro... • https://bugzilla.mozilla.org/show_bug.cgi?id=1858570 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2023-6208 – Mozilla: Using Selection API would copy contents into X11 primary selection.
https://notcve.org/view.php?id=CVE-2023-6208
21 Nov 2023 — When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Al usar X11, el texto seleccionado por la página usando la API de selección se copiaba erróneamente en la selección principal, un almacenamiento temporal similar al portapapeles. *Este erro... • https://bugzilla.mozilla.org/show_bug.cgi?id=1855345 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •