CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0812 – Debian Security Advisory 5607-1
https://notcve.org/view.php?id=CVE-2024-0812
23 Jan 2024 — Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) La implementación inadecuada de Accessibility en Google Chrome anterior a 121.0.6167.85 permitía a un atacante remoto explotar potencialmente la corrupción de objetos a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Ch... • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0807 – Debian Security Advisory 5607-1
https://notcve.org/view.php?id=CVE-2024-0807
23 Jan 2024 — Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Web Audio en Google Chrome anterior a 121.0.6167.85 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst ... • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39197 – Kernel: dccp: conntrack out-of-bounds read in nf_conntrack_dccp_packet()
https://notcve.org/view.php?id=CVE-2023-39197
23 Jan 2024 — An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol. Se encontró una vulnerabilidad de lectura fuera de los límites en Netfilter Connection Tracking (conntrack) en el kernel de Linux. Esta falla permite que un usuario remoto revele información confidencial a través del protocolo DCCP. This vulnerability allows remote attackers to disclose sensitive information on... • https://access.redhat.com/security/cve/CVE-2023-39197 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0518 – Debian Security Advisory 5602-1
https://notcve.org/view.php?id=CVE-2024-0518
16 Jan 2024 — Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) La confusión de tipos en V8 en Google Chrome anterior a 120.0.6099.224 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple security issues were discovered in Chromium, which could result in the execution of a... • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 67%CPEs: 3EXPL: 0CVE-2024-0517 – Debian Security Advisory 5602-1
https://notcve.org/view.php?id=CVE-2024-0517
16 Jan 2024 — Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) La escritura fuera de los límites en V8 en Google Chrome anterior a 120.0.6099.224 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple security issues were discovered in Chromium, which could result in t... • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 1CVE-2023-6395 – Mock: privilege escalation for users that can access mock configuration
https://notcve.org/view.php?id=CVE-2023-6395
16 Jan 2024 — The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvert... • http://www.openwall.com/lists/oss-security/2024/01/16/1 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2024-0567 – Gnutls: rejects certificate chain with distributed trust
https://notcve.org/view.php?id=CVE-2024-0567
16 Jan 2024 — A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. Se encontró una vulnerabilidad en GnuTLS, donde una cabina (que usa gnuTLS) rechaza una cadena de certificados con confianza distribuida. Este problema ocurre al validar una cadena de certificados ... • http://www.openwall.com/lists/oss-security/2024/01/19/3 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4001 – Grub2: bypass the grub password protection feature
https://notcve.org/view.php?id=CVE-2023-4001
15 Jan 2024 — An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was in... • http://www.openwall.com/lists/oss-security/2024/01/15/3 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0333 – Gentoo Linux Security Advisory 202402-14
https://notcve.org/view.php?id=CVE-2024-0333
10 Jan 2024 — Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High) La validación de datos insuficiente en Extensions de Google Chrome anteriores a 120.0.6099.216 permitió a un atacante en una posición privilegiada de la red instalar una extensión maliciosa a través de una página HTML manipulada. (Severidad de seguridad de Chromium: alta) Multiple ... • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html •
CVSS: 8.1EPSS: 4%CPEs: 4EXPL: 0CVE-2023-41056 – Redis vulnerable to integer overflow in certain payloads
https://notcve.org/view.php?id=CVE-2023-41056
10 Jan 2024 — Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. Redis es una base de datos en memoria que persiste en el disco. Redis maneja incorrectamente el cambio de tamaño de los búferes de memoria, lo que puede provocar un desbordamiento de enteros que provoca un desbordamiento del montón y una posible ... • https://github.com/redis/redis/releases/tag/7.0.15 • CWE-190: Integer Overflow or Wraparound CWE-762: Mismatched Memory Management Routines •