CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6206 – Mozilla: Clickjacking permission prompts using the fullscreen transition
https://notcve.org/view.php?id=CVE-2023-6206
21 Nov 2023 — The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. La animación de desvanecimiento negro al salir de la pantalla completa es aproximadamente la duración del retraso anti-clickjacking en las solicitudes de permiso.... • https://bugzilla.mozilla.org/show_bug.cgi?id=1857430 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 1%CPEs: 6EXPL: 0CVE-2023-6205 – Mozilla: Use-after-free in MessagePort::Entangled
https://notcve.org/view.php?id=CVE-2023-6205
21 Nov 2023 — It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Era posible provocar el uso de un MessagePort después de que ya se había liberado, lo que podría haber provocado un fallo explotable. Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0. The Mozilla Foundation Security Advisory describes th... • https://bugzilla.mozilla.org/show_bug.cgi?id=1854076 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-6204 – Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer
https://notcve.org/view.php?id=CVE-2023-6204
21 Nov 2023 — On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. En algunos sistemas, dependiendo de la configuración de gráficos y los controladores, era posible forzar una lectura fuera de los límites y filtrar datos de memoria en las imágenes creadas en el elemento del lienzo. Esta vulnerabilidad afecta a... • https://bugzilla.mozilla.org/show_bug.cgi?id=1841050 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2023-6174 – Out-of-bounds Read in Wireshark
https://notcve.org/view.php?id=CVE-2023-6174
16 Nov 2023 — SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file La falla del disector SSH en Wireshark 4.0.0 a 4.0.10 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado A vulnerability was discovered in the SSH dissector of Wireshark, a network protocol analyzer, which could result in denial of service or potentially the execution of arbitrary code. • https://gitlab.com/wireshark/wireshark/-/issues/19369 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 1CVE-2023-6112 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-6112
15 Nov 2023 — Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Navegación en Google Chrome anterior a 119.0.6045.159 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the wors... • https://packetstorm.news/files/id/176721 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0CVE-2023-5997 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5997
15 Nov 2023 — Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Garbage Collection en Google Chrome anterior a 119.0.6045.159 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its deriv... • https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_14.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 446EXPL: 1CVE-2023-23583 – Debian Security Advisory 5563-1
https://notcve.org/view.php?id=CVE-2023-23583
14 Nov 2023 — Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. La secuencia de instrucciones del procesador genera un comportamiento inesperado en Intel(R) Processors que pueden permitir que un usuario autenticado potencialmente habilite la escalada de privilegios y/o la divulgación de información y/o la denegación de servicio a ... • https://github.com/Mav3r1ck0x1/CVE-2023-23583-Reptar- • CWE-276: Incorrect Default Permissions CWE-1281: Sequence of Processor Instructions Leads to Unexpected Behavior •
CVSS: 10.0EPSS: 5%CPEs: 5EXPL: 0CVE-2023-46850 – Ubuntu Security Notice USN-6484-1
https://notcve.org/view.php?id=CVE-2023-46850
11 Nov 2023 — Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer. Use after free en OpenVPN versión 2.6.0 a 2.6.6 puede provocar un comportamiento indefinido, pérdida de búferes de memoria o ejecución remota al enviar búferes de red a un par remoto. It was discovered that OpenVPN incorrectly handled the --fragment option in certain configurations. A remote attacker could possibly use this issue to cause ... • https://community.openvpn.net/openvpn/wiki/CVE-2023-46850 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 6EXPL: 0CVE-2023-46849 – Ubuntu Security Notice USN-6484-1
https://notcve.org/view.php?id=CVE-2023-46849
11 Nov 2023 — Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service. El uso de la opción --fragment en ciertas configuraciones de OpenVPN versión 2.6.0 a 2.6.6 permite a un atacante desencadenar un comportamiento de división por cero que podría provocar un bloqueo de la aplicación y provocar una denegación de servicio. It was discovered that OpenVPN incorrect... • https://community.openvpn.net/openvpn/wiki/CVE-2023-46849 • CWE-369: Divide By Zero •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 0CVE-2023-5996 – Gentoo Linux Security Advisory 202311-11
https://notcve.org/view.php?id=CVE-2023-5996
08 Nov 2023 — Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El use after free en WebAudio en Google Chrome anterior a 119.0.6045.123 permitía a un atacante remoto explotar potencialmente la corrupción del heap a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst... • https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop.html • CWE-416: Use After Free •