Page 5 of 1342 results (0.016 seconds)

CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en Safari 17.2, macOS Sonoma 14.2, iOS 17.2 y iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 y iPadOS 16.7.3. • http://seclists.org/fulldisclosure/2023/Dec/12 http://seclists.org/fulldisclosure/2023/Dec/13 http://seclists.org/fulldisclosure/2023/Dec/6 http://seclists.org/fulldisclosure/2023/Dec/7 http://seclists.org/fulldisclosure/2023/Dec/8 http://seclists.org/fulldisclosure/2023/Dec/9 http://www.openwall.com/lists/oss-security/2023/12/18/1 https://support.apple.com/en-us/HT214034 https://support.apple.com/en-us/HT214035 https://support.apple.com/en-us/HT214036 https:& • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user. La validación insuficiente de permisos en las macros de The Document Foundation LibreOffice permite a un atacante ejecutar macros integradas sin previo aviso. En las versiones afectadas, LibreOffice admite hipervínculos con macros o destinos de comandos integrados similares que se pueden ejecutar cuando se activan sin advertir al usuario. An insufficient permission validation vulnerability was found in LibreOffice. In versions that support running commands in hyperlinks, an attacker can execute built-in macros without warning the user. • https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG https://www.debian.org/security/2023/dsa-5574 https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186 https://access.redhat.com/security/cve/CVE-2023-6186 https://bugzilla.redhat.com/show_bug.cgi?id=2254005 • CWE-250: Execution with Unnecessary Privileges CWE-281: Improper Preservation of Permissions •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system. Vulnerabilidad de validación de entrada incorrecta en la integración GStreamer de The Document Foundation LibreOffice permite a un atacante ejecutar complementos GStreamer arbitrarios. En las versiones afectadas, el nombre de archivo del vídeo incrustado no se escapa lo suficiente cuando se pasa a GStreamer, lo que permite a un atacante ejecutar complementos arbitrarios de gstreamer dependiendo de qué complementos estén instalados en el sistema de destino. An improper input validation vulnerability was found in LibreOffice. In versions where filenames are not sufficiently escaped, an attacker can execute arbitrary GStreamer plugins. • https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG https://www.debian.org/security/2023/dsa-5574 https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185 https://access.redhat.com/security/cve/CVE-2023-6185 https://bugzilla.redhat.com/show_bug.cgi?id=2254003 • CWE-250: Execution with Unnecessary Privileges •

CVSS: 6.3EPSS: 0%CPEs: 28EXPL: 0

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. Bluetooth HID Hosts in BlueZ pueden permitir que un dispositivo HID con función periférica no autenticada inicie y establezca una conexión cifrada y acepte informes de teclado HID, lo que potencialmente permite la inyección de mensajes HID cuando no se ha producido ninguna interacción del usuario en la función central para autorizar dicho acceso. Un ejemplo de paquete afectado es bluez 5.64-0ubuntu1 en Ubuntu 22.04LTS. • http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog http://seclists.org/fulldisclosure/2023/Dec/7 http://seclists.org/fulldisclosure/2023/Dec/9 https://bluetooth.com https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 https://github.com/skysafe/reblog/tree/main/cve-2023-45866 https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html https://lists.fedoraproject.org/archives/list/package • CWE-285: Improper Authorization CWE-287: Improper Authentication •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low) La implementación inapropiada en la interfaz de usuario del navegador web en Google Chrome anterior a 120.0.6099.62 permitía a un atacante remoto falsificar potencialmente el contenido de un menú contextual de diálogo iframe a través de una página HTML manipulada. (Severidad de seguridad de Chrome: baja) • https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop.html https://crbug.com/1457702 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMHY76AWPA46MAFXPWDGJX6FEGXZVR5Z https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3UHCTFH6KWAJGDZ2TOLT6VHKW53WCC https://security.gentoo.org/glsa/202401-34 https://www.debian.org/security/2023/dsa-5573 •