CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-4429
https://notcve.org/view.php?id=CVE-2023-4429
Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El uso gratuito en Loader en Google Chrome anterior a 116.0.5845.110 permitía a un atacante remoto explotar potencialmente la corrupción de la memoria a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html https://crbug.com/1469754 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3 https://security.gentoo.org/glsa/202401-34 https://www.debian.o • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-4428
https://notcve.org/view.php?id=CVE-2023-4428
Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) El acceso a memoria fuera de límites en CSS en Google Chrome anterior a 116.0.5845.110 permitía a un atacante remoto realizar una lectura de memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html https://crbug.com/1470477 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3 https://security.gentoo.org/glsa/202401-34 https://www.debian.o • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-44729 – Apache XML Graphics Batik: Information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2022-44729
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later. A flaw was found in Apache Batik 1.0 - 1.16. This issue occurs due to a malicious SVG triggering external resources loading by default, causing resource consumption or in some cases information disclosure. • http://www.openwall.com/lists/oss-security/2023/08/22/2 http://www.openwall.com/lists/oss-security/2023/08/22/4 https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2 https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html https://security.gentoo.org/glsa/202401-11 https://xmlgraphics.apache.org/security.html https://access.redhat.com/security/cve/CVE-2022-44729 https://bugzilla.redhat.com/show_bug.cgi?id=2233889 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-44730 – Apache XML Graphics Batik: Information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2022-44730
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. A flaw was found in Apache Batik, where a malicious SVG can probe user profile data and send it directly as parameter to a URL. This issue can allow an attacker to conduct SSRF attacks. • http://www.openwall.com/lists/oss-security/2023/08/22/3 http://www.openwall.com/lists/oss-security/2023/08/22/5 https://lists.apache.org/thread/58m5817jr059f4v1zogh0fngj9pwjyj0 https://lists.debian.org/debian-lts-announce/2023/10/msg00021.html https://security.gentoo.org/glsa/202401-11 https://xmlgraphics.apache.org/security.html https://access.redhat.com/security/cve/CVE-2022-44730 https://bugzilla.redhat.com/show_bug.cgi?id=2233899 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-35357
https://notcve.org/view.php?id=CVE-2020-35357
A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution. Puede producirse un Desbordamiento del Búfer al calcular el valor del cuantil utilizando Statistics Library of GSL (Biblioteca Científica GNU), versiones 2.5 y 2.6. El procesamiento de datos de entrada creados con fines maliciosos para gsl_stats_quantile_from_sorted_data de la librería puede provocar la finalización inesperada de la aplicación o la ejecución de código arbitrario. • https://git.savannah.gnu.org/cgit/gsl.git/commit/?id=989a193268b963aa1047814f7f1402084fb7d859 https://lists.debian.org/debian-lts-announce/2023/09/msg00023.html https://savannah.gnu.org/bugs/?59624 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •