CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-24165
https://notcve.org/view.php?id=CVE-2020-24165
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties. • https://bugs.launchpad.net/qemu/+bug/1863025 https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html https://pastebin.com/iqCbjdT8 https://security.netapp.com/advisory/ntap-20231006-0012 •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 1CVE-2023-41080 – Apache Tomcat: Open redirect with FORM authentication
https://notcve.org/view.php?id=CVE-2023-41080
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. Vulnerabilidad de redirección de URL a sitio no fiable ('Open Redirect') en la función de autenticación FORM de Apache Tomcat. Este problema afecta a Apache Tomcat: de 11.0.0-M1 a 11.0.0-M10, de 10.1.0-M1 a 10.0.12, de 9.0.0-M1 a 9.0.79 y de 8.5.0 a 8.5.92. La vulnerabilidad se limita a la aplicación web ROOT (por defecto). A flaw was found in Apache Tomcat if the default web application is configured with FormAuthenticator. • https://github.com/shiomiyan/CVE-2023-41080 https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://security.netapp.com/advisory/ntap-20230921-0006 https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://access.redhat.com/security/cve/CVE-2023-41080 https://bugzilla.redhat.com/show_bug.cgi?id=2235370 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40577 – Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint
https://notcve.org/view.php?id=CVE-2023-40577
Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51. Alertmanager gestiona alertas enviadas por aplicaciones cliente como el servidor Prometheus. Un atacante con permiso para realizar peticiones POST en el endpoint "/api/v1/alerts" podría ser capaz de ejecutar código JavaScript arbitrario en los usuarios de Prometheus Alertmanager. • https://github.com/prometheus/alertmanager/security/advisories/GHSA-v86x-5fm3-5p7j https://lists.debian.org/debian-lts-announce/2023/10/msg00011.html https://access.redhat.com/security/cve/CVE-2023-40577 https://bugzilla.redhat.com/show_bug.cgi?id=2235479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-4431
https://notcve.org/view.php?id=CVE-2023-4431
Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) El acceso a memoria fuera de límites en Fonts en Google Chrome anterior a 116.0.5845.110 permitía a un atacante remoto realizar una lectura de memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media) • https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html https://crbug.com/1469348 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3 https://security.gentoo.org/glsa/202401-34 https://www.debian.o • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-4430
https://notcve.org/view.php?id=CVE-2023-4430
Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El uso gratuito en Vulkan en Google Chrome anterior a 116.0.5845.110 permitía a un atacante remoto explotar potencialmente la corrupción de la memoria a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html https://crbug.com/1469542 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3 https://security.gentoo.org/glsa/202401-34 https://www.debian.o • CWE-416: Use After Free •