CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-40587 – Pyramid static view path traversal up one directory
https://notcve.org/view.php?id=CVE-2023-40587
Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is located exactly one directory above the location of the static view's file system path. No further path traversal exists, and the only file that could be disclosed accidentally is `index.html`. Pyramid version 2.0.2 rejects any path that contains a null-byte out of caution. While valid in directory/file names, we would strongly consider it a mistake to use null-bytes in naming files/directories. • https://github.com/Pylons/pyramid/commit/347d7750da6f45c7436dd0c31468885cc9343c85 https://github.com/Pylons/pyramid/security/advisories/GHSA-j8g2-6fc7-q8f8 https://github.com/python/cpython/issues/106242 https://github.com/python/cpython/pull/106816 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYSDTQ7NP5GHPQ7HBE47MBJQK7YEIYMF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQIPHQTM3XE5NIEXCTQFV2J2RK2YUSMT • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-4431
https://notcve.org/view.php?id=CVE-2023-4431
Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) El acceso a memoria fuera de límites en Fonts en Google Chrome anterior a 116.0.5845.110 permitía a un atacante remoto realizar una lectura de memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media) • https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html https://crbug.com/1469348 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3 https://security.gentoo.org/glsa/202401-34 https://www.debian.o • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-4430
https://notcve.org/view.php?id=CVE-2023-4430
Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El uso gratuito en Vulkan en Google Chrome anterior a 116.0.5845.110 permitía a un atacante remoto explotar potencialmente la corrupción de la memoria a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html https://crbug.com/1469542 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3 https://security.gentoo.org/glsa/202401-34 https://www.debian.o • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-4429
https://notcve.org/view.php?id=CVE-2023-4429
Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El uso gratuito en Loader en Google Chrome anterior a 116.0.5845.110 permitía a un atacante remoto explotar potencialmente la corrupción de la memoria a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html https://crbug.com/1469754 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3 https://security.gentoo.org/glsa/202401-34 https://www.debian.o • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-4428
https://notcve.org/view.php?id=CVE-2023-4428
Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) El acceso a memoria fuera de límites en CSS en Google Chrome anterior a 116.0.5845.110 permitía a un atacante remoto realizar una lectura de memoria fuera de los límites a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) • https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html https://crbug.com/1470477 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3 https://security.gentoo.org/glsa/202401-34 https://www.debian.o • CWE-125: Out-of-bounds Read •